Required SAP authorizations for Journal Entry
Winshuttle Journal Entry fully protects SAP® security features. In no circumstances can Journal Entry override SAP authorization restrictions you are bound to. This document can help you and your security team to understand the SAP authorizations required to work with Journal Entry. In most cases, these SAP authorizations are already in place. However, if you have tried Journal Entry but cannot use it or if you are seeing error messages then this document will help you address the issue.
SAP Customers running SAP with Support Pack stack 24 or higher will need to implement the custom Winshuttle Function Module for Journal Entry templates to work.
Transaction Authorization via SAP GUI
Journal Entry cannot run a transaction if you cannot run that transaction in the SAP GUI. If you do not have access to a particular transaction, please obtain authorization for it before you run that transaction in Journal Entry.
|
T-code |
Description |
Comments |
|
F-02 |
Enter G/L Account Posting |
|
|
F-05 |
Post Foreign Currency Valuation |
|
|
FB01 |
Post Document |
|
|
FB01L |
General Posting for Ledger Group |
|
|
FB50 |
Enter GL account document |
|
|
FB50L |
Enter G/L Account Doc for Ledger Grp |
|
|
FB60 |
Enter Incoming Invoices |
|
|
FB65 |
Enter Incoming Credit Memos |
|
|
FB70 |
Enter Outgoing Invoices |
|
|
FB75 |
Enter Outgoing Credit Memos |
|
|
FBB1 |
Post Foreign Currency Valn |
|
|
FBD1 |
Enter Recurring Entry |
|
|
FBS1 |
Enter Accrual / deferral Document |
|
|
FV50 |
Park GL account document |
|
|
FV50L |
Park G/L Acct Doc. for Ledger Group |
|
|
FV60 |
Park Vendor Invoice |
|
|
FV65 |
Park Vendor Credit Memo |
|
|
FV70 |
Park Vendor Invoice |
|
|
FV75 |
Park Vendor Credit Memo |
|
|
SDV |
Document Viewer |
To view the attached document in document viewer for GOS |
|
SHD0 |
Transaction and Screen Variants |
|
|
SU53 |
Evaluate Authorization Check |
|
|
FB02 |
Change Document |
|
|
FB03 |
Display Document |
|
|
FBV3 |
Display Parked Document |
|
| Additional authorizations required for Journal Entry 9.4 | ||
| F-43 | Post Vendor Invoice | |
| F-22 | Post Customer Invoice | |
| FBV1 | Park document | |
| F-65 | Park document | |
Remote Function Calls (RFC) Authorization
Journal Entry uses an RFC connection to interact with SAP. You must have this additional access assigned to you. In most cases, these authorizations are already assigned to you. The following objects with the indicated values should be in your SAP user profile for working with Journal Entry.
For the S_RFC Authorization Object:
- Field RFC_TYPE Value FUGR (function group)
- Field ACTVT Value 16 (execute) or *
- Field RFC_NAME
The following values are required for running shuttle files:
SYST, SRFC, SUSR, RFC1, RFCH, ATSV, STTF, SDTX, RHF4
To check if a user is authorized to use a given rFM, Journal Entry validates if the user has EXECUTE(16) permission on the Function Group. Accordingly, when a given Function Module executes, it accesses the structures defined in the Function group too, authorization for the Function Group is needed.
The Authority_Check RFM validates whether the user is authorized to use the Function Module of a given Function Group.
To attach documents to a journal entry posting, the following is required:
- For the S_RFC authorization object, value BDS_BAPI is needed
- Access to object S_BDS_DS is required with all values for all class names, class types, and ACTVT, except for the ACTVT value for lock and delete
Table Level Authorizations
Journal Entry can get logs, extended comments, field descriptions, and messages. For this, the user must have access to few tables. Table level access is controlled by authorization object S_TABU_DIS.
Transaction needs access to this table: T100
This is used for storing Messages information. It is the SAP Objects Authorization for reading descriptions and for extended logs.
|
Authorization object |
Values |
Comments |
|
s_rfc |
"/WINSHTLQ/FLR_GOS_DOC |
RFC authorizations with the set values |
|
S_TABU_DIS |
SS FA |
Authorizations for displaying or maintaining tables |
|
S_CTS_ADMI |
* |
|
|
S_GUI |
* |
Authorization for GUI activities |
|
S_BDS_DS |
ALL EXCEPT LOCK AND DELETE |
SAP Objects Authorization for Viewing BDS/ Authorizations for Document Set |
|
S_ALV_LAYO |
23 |
SAP Objects Authorization for Viewing BDS/ ALV Standard Layout |
|
S_BDS_D |
ALL EXCEPT LOCK AND DELETE |
SAP Objects Authorizations for Accessing Documents |
|
S_WFAR_OBJ |
* |
Required to store the business document - (GOS)/ Archive Link: Authorizations for access to documents |
|
K_TP_VALU |
02 AND 03 |
General Ledger: Authorization for Transfer Price Valuation |
|
F_BKPF_BED |
* |
Limit the entry and processing of line items in customer accounts |
|
F_BKPF_BEK |
* |
Determine for which vendor accounts line items can be posted and processed |
|
F_BKPF_BES |
* |
SAP Security Authorization Object : Account Authorization for G/L Accounts |
|
F_BKPF_BLA |
* |
determine with which document type line items can be posted and processed |
|
F_BKPF_BUK |
* |
Determine in which company codes documents can be processed |
|
F_BKPF_BUP |
* |
SAP Security Authorization Object: Authorization for Posting Periods |
|
F_BKPF_GSB |
* |
SAP Security Authorization Object: Authorization for Business Areas |
|
F_BKPF_KOA |
* |
SAP Security Authorization Object: Authorization for Account Types |
|
F_FAGL_LDR |
* |
General Ledger: Authorization for Ledger |
|
F_FAGL_SEG |
* |
General Ledger: Authorization for Segment |
|
F_KMT_MGMT |
O3 |
SAP Security Authorization Object: Auth. for Maintenance and Use |
|
F_KNA1_BUK |
* |
To check the authorization at Company Code level |
|
F_SKA1_BUK |
1 |
SAP Security Authorization Object: G/L Account: Authorization for Company Codes. |