- A business user has been customised so that it cannot create certain Customer/Supplier Business Partner Master Data (based for example on Role(s), Account Group, Authorization Group etc.)
- A business user has been customised so that it cannot view Customer/Supplier Business Partner Master Data of certain conditions (based for example on Role(s), Account Group, Authorization Group etc.)
SAP S/4HANA Cloud
Reproducing the Issue
- The Business Roles of a Business User have restrictions or privileges (see KBA 2598733 - Maintain Restrictions in Business Role)
- The Business user however has more authorization privileges then intended
The way Business Roles work is that their assigned business catalogs contain authorizations which are cumulative and so when a user has multiple roles which have the same catalogs and authorizations, the least restrictive settings will take precedent over an business role which has the same catalogs/authorizations which are more restrictive which allows the CB user to view or create data.
For example, if a Business User is assigned Business Role "ZExampleRole1" which contains a Business Catalog which allows the creation of Customer Master data and this has been restricted to only allow the creation of Customers only in the Account Group SHPT and this same user has been assigned a Business Role "ZExampleRole2" which has not been restricted at all then the unrestricted business role will take precedent and the Business User will be able to create customers for all customer account groups.
Check all of the assigned Business Roles of the Business User and ensure that they meet your business requirement.
Business Role, Business Partner, Restricted , KBA , LO-MD-BP , Business Partners , Problem