- There is the requirement to restrict the – “Payment Transaction” screen in transaction XK01 for Users and only allow Payment Dept.
- Users to access the screen we tried restricting through object, but it wasn’t possible.
- Users with access to display vendor master data (i.e. XK03) can see the bank information as it is part of the option and no authorization check is needed.
- Users with access to SE16 can also see Credit card information as it is included in a table.
Reason and solution proposals
- Regarding this issue reported the authorization object F_LFA1_GEN controls the Address data, the Control data and the Payment transactions data together. You cannot control the payment transactions data separately.
- However a workaround exists. The workaround is based on the idea that there are three transactions XK03, FK03 and MK03 displaying the general data (Address data, Control data and Payment transactions data) or the same for creating XK01, FD01, MK01.
- You can use OB23 to customize one of them (e.g. FK03) not to display the Payment transactions data and allow the normal users to use this transaction only. Another transaction (e.g. XK03) can be customized to display the Payment transactions data and should only be used by the allowed users.
- Or if you want fields to be invisible you must use the customizing points:
-> Financial Accounting
-> Vendor Accounts
-> Master Data
-> Preparations for Creating Vendor Master Data
-> Define Account Groups with Screen Layout (Vendors)
or -> Define Screen Layout per Activity (Vendors)
Since the bank details belong to the general data section and thus are the same for all company codes, the company code specific customizing is not relevant in this context.
How exactly you can use these two customzing points depends on your scenario.