This blog contains experience gained over the years of implementing (and de-implementing) large scale IT applications/software.

Values for SAP Auth Objects F_REGU_BUK and F_REGU_KOA

Whilst configuring some new read-only SAP roles for FICO access, you may be struggling to find the descriptions for the actions for authorisation objects F_REGU_BUK and F_REGU_KOA and the values for FBTCH (Action for Automatic Procedure).
The descriptions do not appear in the usual auth object display screens.

Within the SAP GUI, if you go into transaction F110, then from the menu select “Environment -> Authorizations”, a popup will be displayed with the following legend:

02Edit parameters
03Display parameters
11Execute proposal
12Edit proposal
13Display proposal
14Delete proposal
15Create payment medium proposal
21Execute payment run
23Display payment run
24Delete payment run payment dat
25Create payment media of paymen
26Delete payment orders of payme
31Print payment medium manually

For a read-only role, I would recommend only actions 03,13,23 and possibly 31 (in case the electronic BACS payment method breaks).

SAP Authorisation Objects Naming Convention

The first letter of SAP authorisation objects is intelligently coded to represent the SAP module for which it belongs:
e.g. F_KNA1_BUK

A   Assets Accounting
C   Classification System
E   Consolidation
F   Financial Accounting
G   Special Ledger
K   Controlling
L   Logistic execution
M   Materials Management
P   Human Resources
S   Basis
V   Sales and Distribution

If the second character is an underline, then this indicates this authorisation object is a SAP standard one.

Use transaction SU03, SU21 or table TOBJ, to list the authorisation objects in the system and drill-down into the authorisation fields and their possible values.

If using the tables, you may need the other related tables to pull the texts: TOBJ, TOBC (classes), TOBJT.