Beruflich Dokumente
Kultur Dokumente
| SAP Blogs
Products
Products Industries
Industries Support
Support Training
Training Community
Community Developer
Developer Partner
Partner
About
About
Ask a Question Write a Blog Post Login
Security
Hi folks
This might be a known information for some of you but I am sure that this is
gona be a new learning for most of SCN users. I got a requirement to put field
level authorization restrictions in customer master data and in the first instance
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 1/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Here create a field group with those fields you want to allow for changes. All
other fields will be in display mode for user.
In my case I want to allow user to change only withholding tax information. All
other fields will be in display mode for this user. I have added all fields which
are available in Withholding tax tab to field group 02.
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 2/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
After Assigning this object and value check in XD02 for customer. All other
fields will be in display mode and only withholding tax fields are in change
mode.
We can use this object for different fields and tabs for customer master data.
In short we can use F_LFA1_AEN object for vendors and F_KNA1_AEN for
customers. Helping note is 864058 and SAP help link is here.
Thank$
Alert Moderator
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 3/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
38 Comments
You must be Logged on to comment or reply to a post.
Naresh Krishnamoorthy
Thank$
Former Member
The main reason is that it is just a regurgitation of the documentation on the object. That
documentation stares you in the face if you ever build a role for any of the transactions
or hit F1 in one of their fields which can modify master data.
Close on it’s heals is that use of field groups and authorization groups is classed as one
of the dumbest things you can do in SAP. It creates a large increase in retentive
complexity (not least of which on role design and number of them, which is anyway an
art form) but most end users are aware that it is only checked in the screens of a
selected few transactions and not in the APIs, mass processing, LDBs, the larger part of
ALV type controls and batch-input.
That SAP proposes the object for display type core transactions without values such as
XD03 / XK03 is normally a clear indication that it is best to get it out of the way by putting
a * into the field. For the parts where there are no checks at all (you normally notice them
quite quickly) SAP only offers the solution to modify the system.
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 4/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
So… why regurgitate basic information and have you ever actually used these
authorization groups of customers and fields in an organization with more than a handful
of customers and survived it? The motivation for this blog seems suspect to me…
Cheers,
Julius
Thank you for showing your concern and giving your views. As I have
mentioned in my first line that this might be a known thing for many users
but still there are a lot of functional consultants who don’t know this. You are
a security consultant with tons of knowledge so this looks like a basic
information for you. I have shared this in SD forum where I am sure this is
not basic and many of us were not familiar with this.
Thank$
Former Member
Hi MoazzaM,
Does the optional use of groups for master data records and
fields not belong to basic training in the SD module? That
surprises me somewhat – hence I see this document as a
regurgitation of standard documentation which anyone with
basic training should already be aware of.
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 5/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Cheers,
Julius
Hi Julius
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 6/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 7/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Thank$
Former Member
https://www.google.ch/#hl=de&q=site
:sap.com+how+to+maintain+only+so
me+fields+in+master+data
Cheers,
Julius
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 8/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
http://scn.sap.com/message/104970
10#10497010
Thank$
Former Member
Hi MoazzaM,
Attn: Julius.
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 10/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 11/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
I rest my rant 🙂
Thanks.
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 12/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Thank$
G Lakshmipathi
MoazzaM
These sort of activities are purely lies with Security team. Also since you yourself have
indicated
I have shared some very technical documents as well but it is not always for
experts and gurus like you. Sometime we have to take care of beginners and
middle level users as well.
definitely, no beginners or middle level users should try this considering the fact that in a
real time projects, they would not be handling this.
Also, ideally, this blog is applicable to beginners or middle level users of Security and not
functional consultants. Hence, this can be moved to Security forum.
G. Lakshmipathi
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 13/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Sir
Ideally this is security team’s responsibility to control and manage this kind
of authorizations and this is also SAP best practice. Being on functional
side we should at least know this whether it is possible or not and if
possible how we can do this. This is my personal opinion which you or other
users can agree or disagree.
Thank$
Former Member
Cheers, Julius
Dear Julius
Thank$
G Lakshmipathi
G. Lakshmipathi
Sir
Regards
Jyoti Prakash
Document moved from SAP ERP Sales and Distribution (SAP SD) to Security
Please test this and update me if you feel any issue. I have shared SAP note relevant to
this document. You can take help from that note too.
Thank$
Former Member
Former Member
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 16/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Hi MozzaM,
Infect though this is technical information, its very useful for functional
consultants considering, sometimes new Technical consultants does not
know all these points and these questions comes to us for answering that is
it possible in standard SAP or not.
Regards,
MJ.
Former Member
Hi Mahendra,
Thanks.
Hi Mahendra Jani
Thank you for your words and yes I came across such
requirement for sales documents. For that we can use custom
authorization object. We have to create object in SU21 and
then assign that in respective userexit with authority check
logic.
Dee Sear is right that these objects are for master data. For
transactional data there are different controls. Sometimes we
can can control through custom objects and sometimes
through SHD0 variant.
Thank$
Former Member
Hi MoazzaM,
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 18/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Thanks.
Hi Dee Sea
Thank$
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 19/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Former Member
Hi MoazzaM,
Thanks.
Shiva Vasireddy
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 20/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Hi moazzam,
Hidayathulla Hasan
MoazzaM,
Thank$
Hidayath
Former Member
Dear Moazzam,
I have tried to do same with Vendor Master, the only issue I have faced with the process
is that I’m not able to find out Fields related to vendor master.
Can you please provide me list of fields for the same which can be applicable to Vendor
Master.
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 21/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
I want to allow user to change only withholding tax information. All other fields will be in
display mode for this user in T-code XK02.
Regards,
Parth Raval
Hi
I hope you would have found some solution. I am sorry I couldn’t respond
you timely. Let me know if you have still the same issue.
Thank$
Former Member
Dear Moazzam,
Thanks in advance.
Hi
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 22/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Thank$
Former Member
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 23/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Parth Raval
Hi
Former Member
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 24/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Hi
Thank$
Former Member
Former Member
Hi MoazzaM,
thx for this really useful manual, I had to create a new role for a customer which in XD02
would not be able to edit Payment Transaction fields but all the others, so creating a field
group with that bank data and assign that field group to the auth object works! 🙂
The thing is, I need to do the opposite, I mean, grant access only to Payment
Transactions fields but not to the rest of the XD02… I could create another field group
and add ALL these fields .. but could be really hard …. Is there any other way to do this?
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 25/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
to have the whole XD02 not editable but only some few fields from Payment Transaction
tabs by a role?
Thx!
Hi
Sometimes in life we need to take hard decisions and I believe this is one of
those for you 🙂
I don’t see any other way without using ABAP or screen variants. In
standard this is the only way I know dear.
Thank$
Former Member
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 26/27
12/19/2018 Field level authorization for customer and vendor master in SAP. | SAP Blogs
Sitemap Newsletter
https://blogs.sap.com/2013/12/31/field-level-authorization-for-customer-and-vendor-master-in-sap/ 27/27