SAP Knowledge Base Article - Public

2847030 - S4HC: Business Role's Restriction doesn't work in Business Partner Fiori Apps

Symptom

  • It is not possible to view data in read-only mode in Business Partner Fiori Apps i.e. Manage Business Partner Master Data, Manage Customer Master Data or Manage Supplier Master Data.
  • The business role restrictions do not work as expected in Apps Manage Business Partner Master Data, Manage Customer Master Data or Manage Supplier Master Data.
  • Restrictions work as expected in App Maintain Business Partner but not in Business Partner Fiori Apps.
  • BP Role Restriction type does not work in Business Partner Fiori Apps i.e. Manage Business Partner Master Data, Manage Customer Master Data or Manage Supplier Master Data.

Environment

SAP S/4HANA Cloud

Cause

The system will accept authorization restrictions on a role level first, that is to say, if a Business Role has been created which allows the Business User to create data e.g. "Write, Read, Value Help" Unrestricted and then a Catalog within this Business Role has been set to "Write, Read, Value Help" No Access then the system will accept that the Business User with this Business Role has Unrestricted "Write, Read, Value Help" access as it is the least restrictive.

Resolution

Currently there is no app that supports display of Business Partner Customer Master Data or Supplier Master data in read-only mode.

The solution available are:

  1. Assign Write Restrictions to No Accesss. This will work if the user is assigned only to Business Partner Roles. 
    If multiples roles are assigned to the user (for e.g: SAP_BR_AR_ACCOUNTANT & SAP_BR_BUPA_MASTER_SPECILAIST) with no access restrictions on Write, this would not allow creation or editing in any of the Apps.

  2. Remove the Maintenance Business Catalog such as SAP_CMD_BC_CUSTOMER_MAINT_PC from the business role and assign only display business catalog as mentioned below. Business Partner, Customer or Supplier Factsheet can be used to view the data in display mode only.

    The business catalog are as follows:

  1. SAP_CMD_BC_BP_DISP_PC - Master Data - Business Partner Display
  2. SAP_CMD_BC_CUSTOMER_DSP_PC - Master Data - Customer Display
  3. SAP_CMD_BC_SUPPLIER_DSP_PC - Master Data - Supplier Display

To access data via factsheets, follow the steps below:

  1. Go to search button and select business partner, customer or supplier from the dropdown.
  2. Search for the business Partner.
  3. Click on the business partner for detailed view.

Note: BP Role Restriction type to restrict users to create/edit customer/suppliers currently works only in App Maintain Business Partner Data. The Fiori apps currently does not consider authorization settings done via BP Role Restriction.

See Also

2815985 - How to Maintain Business User Roles For Business Partner Maintenance.
2598733 - Maintain Restrictions in Business Role.

Keywords

S4_PC, write, read, modify, create, access, restrictions, S/4HANA Cloud, LO-MD-FIO-CM, LO-MD-BP, authorizations, BP, bp, business, partner , KBA , LO-MD-FIO-CM , Fiori UI for Customer Master , LO-MD-BP , Business Partners , LO-MD-FIO-VM , Fiori UI for Vendor Master , Problem

Product

SAP S/4HANA Cloud all versions