Authorization Group in Open - Close Posting Period (Transaction - OB52) - SAP Blogs

11/10/2020 Authorization Group in Open/Close posting period (Transaction: OB52) | SAP Blogs
Follow RSS feed Like

Community
Ask a Question Write a Blog Post
Former Member
September 11, 2014 7 minute read
Authorization Group in Open/Close posting period (Transaction: OB52)

9 Likes 34,797 Views 3 Comments
Authorization Group in Open/Close posting period (Transaction: OB52)
. Authorization Group – Overview
The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. The
authorization groups usually occur in authorization objects together with an activity.
Authorization fields store permissions for system access. The system checks these values before granting users access to protected areas.
Authorization objects enable you to permit select users access to restricted transactions by grouping up to 10 authorization fields together.
The authorization functionality streamlines the process and ensures that only the selected users can make changes.
1.1 Posting Period Variant
https://blogs.sap.com/2014/09/11/authorization-group-in-openclose-posting-period-transaction-ob52/ 1/15
A ‘Posting Period Variant’ is useful in ‘opening/closing’ Finance posting periods across many Company Codes at one time. You define a posting
period variant and assign it to various Company Codes. Since the posting period variant is cross-Company Code, the opening and closing of
the posting period is made simple. Instead of opening and closing individually for different Company Codes, you just need to open or close the
posting period variant.
It is possible to selectively control the ‘opening’ and ‘closing’ for various types of accounts. Usually, a ‘+’ is mentioned in the top-most entry
indicating that all the account types are allowed for posting. Now, for the GL(S) accounts, you will need to specify the period which needs to
be opened. This ensures that all the account types are open for the current period, indicated by ‘+,’ and only the GL accounts are open for the
previous period. Select account types can also be opened or closed for a specific period; select accounts within an account type can also be
opened or closed.
SAP allows you to open or close the posting period only for specific users. This can be achieved by maintaining an authorization group at the
document header level.
1.2 Authorization Group for opening/closing of FI posting period

In related to posting period, when you need to permit a select group of users to post to a previous period, you can use authorization groups
to automate access. This prevents unauthorized users from posting to the previous period without requiring you to adjust the posting settings
manually after a period closes. This means that in month-end or year-end closing for example, you can open some posting periods for specific
users only. The authorization group only has an effect on time period 1. The authorization object is F_BKPF_BUP (Accounting document:
Authorizations for posting periods). The authorization object F_BKPF_BUP consists of just one field, authorization group.
All releases of R/3 and ECC have standard functionality that allows a limited number of users to post to the previous period while blocking
postings by unauthorized users. This functionality, which involves the use of authorization groups, is needed because accounting periods are
typically left open for posting to the previous period for several days, depending on the type of business transaction.
1.3 Special posting period Scenarios

1. Normal business transactions such as posting a sales order or an invoice are usually posted in the current calendar period. Most users are
not allowed to post to the previous calendar period, with the exception of a few power users.
2. Period close transactions, such as cost center assessment and order settlement, need to wait until all normal postings are complete, and
run typically in the first couple of days of the next month. A dedicated team usually handles these transactions, often covered by specific
authorization roles containing access to the appropriate transactions.
3. Correction postings for errors and manual provisions and accruals are generally posted last, before the period is considered finally closed.
Typically, only a select group of users is allowed to carry out these postings.
. Activating
Follow Authorization
RSS feed Group
Like
1. Identify security role or create a new security role. (Roles: ZTEMPR1/ZTEMPR2)

2. Assign Authorization object F_BKPF_BUP (Accounting Document: Authorization for Posting Periods) to the identified role.
3. The Authorization Object F_BKPF_BUP contains only one field (Authorization Group)
4. Maintain Authorization group value in Authorization object F_BKPF_BUP. (Auth. Group DE01 assigned to ZTEMPR1 role & DE02 assigned to
ZTEMPR2)
5. Assign the security role to required users. Users would be able to access provided in the assigned group.

. Posting Scenarios using Authorization group (AG)
3.1 AG (DE01) at only Account Type +

1. Normal Users: System first checks period is opened in Interval 2 at account type +, then it checks if the period is opened in both Interval 1
& 2 for the given account.
2. Authorized users (DE01): System first checks period is opened in Interval 1 & 2 at account type +, then it checks if the period is opened in
both Interval 1 & 2 for the given account.

Period Normal user Authorized user
5-7 Yes Yes
4 No Yes
No Authorization for posting period

004 2014
3 No No
No Authorization for posting period Period 003/2014 is not open for

003 2014 account type K and G/L 4000
3.2 AG (DE01) at Account Type + and particular account

1. Normal Users: System first checks period is opened in Interval 2 at account type +, then it checks if the particular account is to be posted
then period is opened in Interval 2, if other accounts to be posted (with blank Authorization group) the period is opened in both Interval 1
& 2.
Vendor Acc GL 400300 Vendor Acc GL 400300

4000 4000
7 Yes Yes Yes Yes
6 Yes No Yes Yes
No Authorization
for posting period
006 2014
5 No No Yes Yes
No No Authorization
Authorization for posting period
for posting 005 2014
period 005
2014
3.3 AG (DE01) at particular account

1. Normal Users: System first checks period is opened in both Interval 1 & 2 at account type +, then it checks if the particular account
(Authorization group DE01) is to be posted then period is opened in Interval 2, if other accounts to be posted (with blank Authorization
group) the period is opened in both Interval 1 & 2.
Vendor Acc GL 400300 Vendor Acc GL 400300

4000 4000
6-7 Yes Yes Yes Yes
5 Yes No Yes Yes
No Authorization
for posting period
005 2014
3.4 AG (DE01) atRSS

Follow
Account
feed
TypeLike
+ and AG (DE02) particular account
1. Normal Users: System first checks period is opened in Interval 2 at account type +, then it checks if the particular account is to be posted
then period is opened in Interval 2, if other accounts to be posted (with blank Authorization group) the period is opened in both Interval 1
& 2.
2. Authorized users (DE01): System first checks period is opened in both Interval 1 & 2 at account type +, then it checks if the particular
account is to be posted then period is opened in Interval 2, if other accounts to be posted (with blank Authorization group) the period is
opened in both Interval 1 & 2.
3. Authorized users (DE02): System first checks period is opened in Interval 2 at account type +, then it checks if the period is opened in
4. Authorized users (DE01 & DE02): System first checks if period is opened in both interval 1 & 2 at account type +, then it checks if the
period is opened in both Interval 1 & 2 for the given account.
Account: 400300
Period Normal User Auth User Auth User Auth User

(DE01) (DE02) (DE01 &
DE02)
7 Yes Yes Yes Yes
6 No No Yes Yes
No Authorization No Authorization
for posting for posting
period 006 2014 period 006 2014
5 No No No Yes
No Authorization No Authorization No Authorization

for posting for posting for posting
period 005 2014 period 005 2014 period 005 2014
Vendor Account: 400000

(DE01) (DE02) (DE01 &
DE02)
6-7 Yes Yes Yes Yes
5 No Yes No Yes
period 005 2014 period 005 2014
3.5 AG (DE01) at one account and AG (DE02) other account

5. Normal Users: System first checks period is opened in both Interval 1 & 2 at account type +, then it checks if the account (Authorization
group DE01 or DE02) is to be posted then period is opened in Interval 2, if other accounts to be posted (with blank Authorization group)
the period is opened in both Interval 1 & 2.
6. Authorized users (DE01): System first checks period is opened in both Interval 1 & 2 at account type +, then it checks if the account
(DE02) is to be posted then period is opened in Interval 2, if other accounts to be posted (Authorization group Blank or DE01) the period is
7. Authorized users (DE02): System first checks period is opened in both Interval 1 & 2 at account type +, then it checks if the account
(DE01) is to be posted then period is opened in Interval 2, if other accounts to be posted (Authorization group Blank or DE02) the period is
8. Authorized users (DE01 & DE02): System first checks if period is opened in both interval 1 & 2 at account type +, then it checks if the
period is opened in both Interval 1 & 2 for the given account.
Account: 400300

(DE01) (DE02) (DE01 &
DE02)
7 Yes Yes Yes Yes
6 No No Yes Yes
period 006 2014 period 006 2014
Vendor Account: 400000

(DE01) (DE02) (DE01 &
DE02)
6-7 Yes Yes Yes Yes
5 No Yes No Yes
period 005 2014 period 005 2014
4. System Behavior
Alert Moderator
1. Without Authorization group Interval 1 is treated as Normal posting period, while with authorization group Interval 2 is treated as Normal
posting period.
Assigned tags
2. Without Authorization group all users could post in the period opened in the interval 1 & 2. With authorization group, all users including
users who are part of Authorization group can post in the period opened in the interval 2.
FIN (Finance) | authorization group | authorization groups | month end | month end procedure |
3. Only users who are part of Authorization group can post the period opened in Interval 1.
View more... Authorization can be restricted at Account type and account level. If no authorization group is assigned to particular account range
4. Posting
then, generic user can post in all the periods opened in Interval 1 & 2.
5. When authorization group is assigned to particular Account range, system first checks if the Posting period is opened (Interval 1) for
Related Blog Posts
Account Type + & then it check for concern account range (Interval 1).
OB52 – Maintain posting period control through authorization group.

. By
Caution
Rohidas Shinde , Jul 08, 2014
Transaction MRBP Posting date determination value 2
By Former Member , May 07, 2014
1. With User role having authorization object F_BKPF_BUP with * value, Authorization Group functionality would not work.
Interval 3 in OB52
2. Identify such user roles and remove access to authorization object F_BKP_BUP.
By Joshi Milind , Oct 09, 2015
3. Impact analysis should be done before removing before removing * access.
Related Questions
Two intervals in Open and Close Posting Period (OB52)

By Former Member , Aug 23, 2007
Posting Period - Period Interval
By Former Member , Mar 02, 2007
Use of Authorization Group in OB52

By Former Member , Feb 03, 2010
3 Comments
Former Member
January 22, 2015 at 7:01 am

Hi sandeep,
Thanks for the document, very much helpful for me as i m fresher to sap .
regards
Iti Bhargava
Like (0) | Reply | Alert Moderator
wael samir
January 23, 2015 at 2:24 am
Hi sandeep,
Good Documentation, with screen shots, make it easy to understand.
Thanks n Regards,
Former Member
June 21, 2016 at 3:13 pm
Very Helpful, thanks
Follow RSS feed Like Add Comment
Find us on
Privacy Terms of Use
Legal Disclosure Copyright
Trademark Cookie Preferences
Newsletter Support

Authorization Group in Open - Close Posting Period (Transaction - OB52) - SAP Blogs

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Authorization Group in Open - Close Posting Period (Transaction - OB52) - SAP Blogs

Uploaded by

Copyright:

Available Formats

11/10/2020 Authorization Group in Open/Close posting period (Transaction: OB52) | SAP Blogs

Follow RSS feed Like

Ask a Question Write a Blog Post