SAP Knowledge Base Article - Public

2847030 - S4HC: Business Role's Restriction doesn't work in Business Partner Fiori Apps

Symptom

  • It is not possible to view data in read-only mode in Business Partner Fiori Apps i.e. Manage Business Partner Master Data, Manage Customer Master Data or Manage Supplier Master Data, even though Write access is set to No Access.
  • The business role restrictions do not work as expected in Apps Manage Business Partner Master Data, Manage Customer Master Data or Manage Supplier Master Data.
  • Restrictions work as expected in App Maintain Business Partner but not in Business Partner Fiori Apps.

    Disclaimer: "Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP S/4HANA Cloud

Reproducing the Issue

  1. Go to App Maintain Business Roles.
  2. Create a copy of Standard Business Role SAP_BR_BUPA_MASTER_SPECIALIST.
  3. Set Write Access = No Access on this Business Role.
  4. Assign this Role to a Business user.
  5. Login with this Business user.
  6. Go to App Manage Customer Master Data.
  7. It is possible to create a new customer and save it.

Cause

Maintenance Business Catalog is mapped to the Business Role. Even though Write Access is set to No Access for the business role, it does not provide a read only mode for Business Partner Fiori Apps. The presence of Maintenance Business Catalog such as SAP_CMD_BC_CUSTOMER_MAINT_PC overwrites the Write access restriction set for Business Partner Fiori Apps.

Resolution

Currently there is no app that supports display of Business Partner Customer Master Data or Supplier Master data in read-only mode. Business Partner, Customer or Supplier Factsheet can be used as an alternatve solution to view the data in display mode only.

The business catalog are as follows:

  1. SAP_CMD_BC_BP_DISP_PC - Master Data - Business Partner Display
  2. SAP_CMD_BC_CUSTOMER_DSP_PC - Master Data - Customer Display
  3. SAP_CMD_BC_SUPPLIER_DSP_PC - Master Data - Supplier Display

The solution is to either create a new role with only display business catalog as mentioned above or remove the Maintenance Business Catalog such as SAP_CMD_BC_CUSTOMER_MAINT_PC  from the business role.

Note: In either of these two options, the SAP_CMD_BC_CUSTOMER_MAINT_PC role shouldn’t be assigned to the user who just needs display authorisation.

 To access data via factsheets, follow the stesp below:

  1. Go to search button and select business partner, customer or supplier from the dropdown.
  2. Search for the business Partner.
  3. Click on the business partner for detailed view.

    customer.PNG

See Also

2815985 - How to Maintain Business User Roles For Business Partner Maintenance.
2598733 - Maintain Restrictions in Business Role.

Keywords

S4_PC, write, read, modify, create, access, restrictions, S/4HANA Cloud, LO-MD-FIO-CM, LO-MD-BP, authorizations, BP, bp, business, partner , KBA , LO-MD-FIO-CM , Fiori UI for Customer Master , LO-MD-FIO-VM , Fiori UI for Vendor Master , LO-MD-BP , Business Partners , Problem

Product

SAP S/4HANA Cloud all versions