Question:
Can anyone help/explain the steps required for creating an authorization group for authorization object? F_BKPF_BUP is an authorization object that can be used to restrict posting periods to certain users. After the authorization group for this object is created, we can use this authorization group in OB52 T Code to restrict users.
Currently this authorization object is maintained with a * group. How can we create new groups? Please help. Also, I am not a security person, the more detail your explaination is, the more it wil be helpful for me.
Thank you in advance.
The procedure from OB52 help is as follows:
Procedure
If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
Answer:
The solution is a mix of config and security. You would need to add the authorization group in OB52. The authorization groups are freely definable.
Once you add the entry in OB52, then the roles can be restricted based on the auth groups that you add in OB52.