Authorization Group for Document Types

In certain Master data like Vendor, Customer, Document Types you will find a field “Authorization Group”. This au. Group is freely definable meaning you do not have to create in a separate table. This Au.Grp provides extended authorization for certain activities on the Objects.

For Eg.

Here I want to disallow a User1 to post a XY Document Type.

First just enter Authorization Group 0001 in XY Document Type Master.

Standard Authorization object for Document Types in SAP is F_BKPF_BLA. When you create a role you have to see that the authorization Object F_BKPF_BLA is maintained for your role. You can do this by checking Authorization data in the Role.

In the Authorization Object for F_BKPF_BLA, maintain the activity for Authorization Group 0001. You control this for Organization Levels like Company Code, Business Areas, and Profit Centers etc. If you want to allow another User to perform other activities, you can select that object again and enter required entries.

Now generate the profile and save. Now this particular profile is stored in the Role. Now enter the User1 in that Role under User Tab. You can skip this step if you do changes in the Authorization object from the User Master>Role>Authorization.

Don’t be assumed that it will overwrite any other authorization for that Document Type. So you have to make sure that the Authorization object is nullified/or changed to allow certain activity for that Authorization Group User1 in all the roles.

After generating the profile, perform User Comparison. This will check for the correct authorization profile has been updated in the all the User Master.