I have set this up in the past one or more times without any problem.
If you still need to set up this requirement you can always email me the requirement itself AND screenshots of the configuration in customizing and roles you made.
-Requirement Info needed in such a case:
* what field groups does your business need to protect for people working a certain function
(e.g. change of field authorization group should not be changed by business - see tabpage "control" in tcode BP)
>> in such a case the relevant field is AUGRP stored in table BUT000
You can check which is the relevant fieldgroup using transaction code BUS2.
As it turns out this field is stored in FieldGroup 12 (AUTHORISATION GROUP) and contains following fields:
BUT000 AUGRP -- this is an input field
TB037T BEZ50
Now that you know the relevant field group to protect, you define in customizing:
SAP Implementation Guide>> Cross-application components>> SAP Business Partner>> Business Partner>> Basic settings>> Authorization management>>Define field groups relevant to authorisations
Here you select via the input help the field group (0012 - authorization group)
Next in the authorization role you put for the object B_BUPA_FDG for example the following values:
Activity: 03 (display)
Fieldgroup: 0012
TIP: The reason why it might not have worked is probably the following:
In customizing, if you check the field group it says 12 instead of 0012 (which is the actual value).
So in your role; you might have put 12 instead of 0012 and as a result it would not work !!
Therefore Try always to use the input help (F4) instead of manually typing in the values where possible.
cheers
Davy Pelssers
SAP CRM /Security consultant
http://www.dasap.be