Symptom
Some line items are not visible in apps such as 'Display Line Item Entry' and 'Display Line Items in General Ledger' after the upgrade to S/4HANA Cloud 2402.
Environment
SAP S/4HANA Cloud
Reproducing the Issue
- Open 'Display Line Item Entry'.
- Search for an affected journal entry.
- See 1 or more line items are not visible despite successfully being posted.
Note: The above example refers to 'Display Line Item Entry' app but the issue may occur in many apps accessing backend tables ACDOCA and BSEG.
Cause
With SAP S/4HANA Cloud 2402 major changes to the authorization checks for access to Universal Journal Entry Items are delivered. This affects many of the apps accessing data from ACDOCA and BSEG.
Resolution
You need to check for the following restriction types in Authorizations in Analytics for Universal Journal as there are changes with CE2402. The authorization checks for these restriction types are now relevant for all authorization contexts:
Name of Restriction Type |
Technical Name of Restriction Type |
Where to find |
Asset Postings: Company Code / Asset Class |
A_B_ANLKL |
|
Cost Center / Cost Element |
KOSTL_KSTAR |
|
Account Type |
KOART |
|
Functional Area |
FKBER |
General |
Order Category / Order Type for Journal Entries |
F_BKPF_ORD |
|
Sales Area |
SALES_AREA |
|
Sales Area / Sales Office / Sales Group |
SALES_AREA_OFFICE_GROUP |
|
Sales Document Type |
AUART |
General |
Segment for Segmental Reporting / Record Type |
SEGMENT_GLRRCTY |
|
Valuation Area |
BWKEY |
General |
If you want to grant access to all users, choose Unrestricted Access (*). This setting should cover most cases.
In case you do not grant unrestricted access for the following restriction fields in the listed restriction types, you need to explicitly grant access to Journal Entry Items with initial value, if required.
Restriction Type |
Restriction Field |
Remark |
Asset Postings: Company Code / Asset Class |
Asset Class |
|
Cost Center / Cost Element |
Cost Center |
|
Financial Account Type |
Financial Account Type |
Set to unrestricted to get initial values |
Order Category / Order Type for Journal Entries |
Order Type |
|
Sales Area |
Sales Organization |
|
|
Distribution Channel |
|
|
Division |
|
Sales Area / Sales Office / Sales Group |
Sales Organization |
|
|
Distribution Channel |
|
|
Division |
|
|
Sales Office |
Set to unrestricted to get initial values |
|
Sales Group |
Set to unrestricted to get initial values |
Sales Document Type |
Sales Document Type |
|
Segment for Segmental Reporting / Record Type |
Segment |
|
Valuation Area |
Valuation Area |
|
If you want users to see line items with an empty restriction type, such as an empty functional area, go to the Ranges tab and choose Add. Enter a pair of single quotation marks (ASCII code alt + 39). It doesn't matter whether there is a space between them (' ') or not (''). Choose Add and then Close.
Do NOT use double quotation marks " (ASCII code alt + 34)
For example:
- A journal entry is posted with 2 line items. The Cost Center on line item 1 is filled as 'ABC', and Cost Center is Initial (empty) on line item 2.
- User A has restriction type Cost Center maintained as 'Unrestricted'. They can view both line items.
- User B has restriction type Cost Center maintained as 'ABC', ' '. They can view both line items.
- User C has restriction type Cost Center maintained as 'ABC'. They can only view line item 1.
Detailed Examples
If business users shall have access to line items with initial values (for example, empty cost centers), you need to add the value ''. That is, you need to enter a pair of single quotation marks (ASCII code alt + 39). It doesn't matter whether there is a space between them (' ') or not ('').
This needs to be done for the restriction field in the respective restriction type in the following way:
Asset Postings: Company Code / Asset Class: In case restriction field Asset Class is not maintained with unrestricted access (* asterisk), you need to add the value '' to the list of asset classes the business role has been granted access for. This needs to be done for all company codes the user has been granted access to.
Example:
Asset Class: ANLCL1, ANLCL2, ANLCL3
Company Code: 1000
Asset Class: ANLCL1, ANLCL2
Company Code: 2000
To grant access for initial values this needs to be changed to:
Asset Class: ANLCL1, ANLCL2, ANLCL3, ''
Company Code: 1000
Asset Class: ANLCL1, ANLCL2, ''
Company Code: 2000
Company Code / Profit Center / Cost Element: In case restriction field Profit Center is not maintained with unrestricted access (* asterisk), you need to add the value '' to the list of profit centers the business role has been granted access for. This needs to be done for all company codes the user has been granted access to.
Example:
Company Code: 1000
Profit Center: PC01, PC02
Cost Element: *
Company Code: 2000
Profit Center: PC01, PC02
Cost Element: 1000000 to 1500000, 2000000 to 2500000
To grant access for initial values this needs to be changed to:
Company Code: 1000
Profit Center: PC01, PC02, ''
Cost Element: *
Company Code: 2000
Profit Center: PC01, PC02, ''
Cost Element: 1000000 to 1500000, 2000000 to 2500000
Cost Center / Cost Element: In case restriction field Cost Center is not maintained with unrestricted access (* asterisk), you need to add the value '' to the list of cost centers the business role has been granted access for.
Cost Center: CC01, CC02
Cost Element: *
Cost Center: CC03, CC04
Cost Element: 1000000 to 1500000, 2000000 to 2500000
To grant access for initial values this needs to be changed to:
Cost Center: CC01, CC02, ''
Cost Element: *
Cost Center: CC03, CC04, ''
Cost Element: 1000000 to 1500000, 2000000 to 2500000
Account Type: In case restriction field Financial Account Type is not maintained with unrestricted access (* asterisk), you need to add the value '' to the list of financial account types the business role has been granted access for.
Example:
Account Type: D
To grant access for initial values this needs to be changed to:
Account Type: D, ''
Order Category / Order Type for Journal Entries: In case restriction field Order Category is not maintained with unrestricted access (* asterisk), but Order Type is maintained with unrestricted access you do not need to add the initial value to Order Type. In case restricted access for Order Type is defined, you need to add the value '' to the list of order types the business role has been granted access for. This applies in case unrestricted access (* asterisk) has been granted for Order Category as well as in case restricted access has been granted for Order Category. In case restricted access has been granted for the field Order Category this needs to be done for all order categories the user has been granted access to.
Example:
Order Category: *
Order Type: 0001, 0002, 0003
Order Category: 01
Order Type *
Order Category: 05
Order Type: RM01
To grant access for initial values this needs to be changed to:
Order Category: *
Order Type: 0001, 0002, 0003, ''
Order Category: 01
Order Type *
Order Category: 05
Order Type: RM01, ''
Sales Area: In case any of the available restriction fields is not maintained with unrestricted access, you need to add the value '' to the list of restricted restriction fields.
Example:
Sales Organization: 1000
Distribution Channel: *
Division: *
Sales Organization: 1000
Distribution Channel: 00
Division: *
To grant access for initial values this needs to be changed to:
Sales Organization: 1000, ''
Distribution Channel: *
Division: *
Sales Organization: 1000, ''
Distribution Channel: 00, ''
Division: *
Sales Area / Sales Office / Sales Group: For this restriction type the same applies as described for restriction type Sales Area.
Except for the restriction fields Sales Office and Sales Group. For these you need to maintain Unrestricted.
To avoid effects on the restricted values for existing authorizations in case you do not grant unrestricted access to the restriction fields Sales Office and Sales Group, you need to add a new authorization as follows:
Sales Organization: ''
Distribution Channel: ''
Division: ''
Sales Office: *
Sales Group: *
Note that this is only relevant in case you do not use restriction type Sales Area. In case Sales Area is used, restriction type Sales Area / Sales Office / Sales Group is ignored.
Sales Document Type: In case restriction field Sales Document Type is not maintained with unrestricted access, you need to add the value '' to the list of sales document types the business role has been granted access for.
Example:
Sales Document Type: AEBO
To grant access for initial values this needs to be changed to:
Sales Document Type: AEBO, ''
Segment for Segmental Reporting / Record Type: In case restriction field Segment for Segmental Reporting is not maintained with unrestricted access, you need to add the value '' to the list of segments the business role has been granted access for.
Example:
Segment for Segmental Reporting: SEGM_A
To grant access for initial values this needs to be changed to:
Segment for Segmental Reporting: SEGM_A, ''
General - Valuation Area: In case restriction field Valuation Area is not maintained with unrestricted access, you need to add the value '' to the list of valuation areas the business role has been granted access for.
Example:
Valuation Area: 0001
To grant access for initial values this needs to be changed to:
Valuation Area: 0001, ''
General - Functional Area: In case restriction field Valuation Area is not maintained with unrestricted access, you need to add the value '' to the list of valuation areas the business role has been granted access for.
Example:
Functional Area: 0001
To grant access for initial values this needs to be changed to:
Functional Area: 0001, ''
This How to Use 'Maintain Business Roles – Mass Maintenance' to Apply the New Functional Area Restriction Coming with the 2402 Upgrade of SAP S/4HANA Cloud Public Edition blog describes how to maintain the required authorization as mass maintenance.
This blog is done at the example of Functional Area and Unrestricted. You need to apply this process to the restriction type listed in the KBA, as described in the blog for the combinations of access category and restriction type. The only relevant access category is Read.
See Also
What's New in SAP S/4HANA Cloud 2402 IAM: Authorizations in Analytics for Universal Journal
There are 70 Catalogs listed. Ensure review of same.
Examples of a selection FIORI apps using some of business catalogs referenced in What's New
Financial Plan Data Report (Cloud)
Sales Orders - Actuals (Cloud)
Cost Centers - Actuals (Cloud)
Cost Centers - Plan/Actuals (Cloud)
Profit Centers - Actuals (Cloud)
Keywords
Display, line, item, general, ledger, entry, authorization, missing, restrictions, 2402, upgrade, cost, profit, center, (GENLDGR (General Ledger Accounting), ASSET (Fixed Asset Accounting), OVHDCOST (Cost Accounting – Overhead), SALES (Cost Accounting – Sales), INVTRY (Cost Accounting – Inventory), PRODNCOST (Cost Accounting – Production) , analytics , KBA , FI-FIO-GL-IS-2CL , Reporting Apps (Public Cloud) , How To