Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
cancel
Showing results for 
Search instead for 
Did you mean: 
Stephen_Ward
Product and Topic Expert
Product and Topic Expert
9,026

***Examples/Data/Images this Blog is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.***

Hello SAP S/4HANA Cloud Community,

Introduction:

I work on the LO-MD-BP component for SAP S/4HANA Cloud and I have had several customers raise incidents about how Authorizations Groups work in the area of Customer and Supplier Business Partner Master Data in S/4HANA Cloud so I thought it would be good to write a blog on the topic to share my knowledge and experiences.

 

What Are Authorization Groups:

If a Customer or Supplier Business Partner Master record has an entry maintained in the Authorization Group field then it is possible to set restrictions based on that.



 

For the purpose of explanation let us assume that in your system you have only the three standard delivered authorization groups

Stakeholder: Visibility 0 (Unrestricted) <<<< Blank entry
0001 Visibility 1 (Restricted)
0002 Stakeholder: Visibility 2 (Very Restricted)



 

Example of How to Use an Authorization Group:

If for example you have a certain group of suppliers who's master data you would like to add an extra layer of protection to then the Authorization Group field would be a good way to do so. It would be possible to assign an Authorization Group value such as 0001 (or one of your creation) to the Suppliers who's master data you would like to protect.

When you want to use the functionality of the Authorization groups to restrict a Business User from seeing certain Suppliers/Customers it is important to not use the "Blank" Authorization Group "Visibility 0" in the restriction field as it doesn't provide any functional value. This is because when a Customer or Supplier Business Partner master record has a blank value in the authorization group field then the authorization group functionality is seen as not being used.

This means that if a user has authorization to see Suppliers with Authorization Group 0001 then they will also see Suppliers which have no Authorization Group maintained, meaning they will see Suppliers which have Authorization Group 0001 and Suppliers which have a "Blank" entry for Authorization Group "Visibility 0"

A Business Role can then be created which allows Business Users who are assigned this role the authorization to see Suppliers with Authorization Group 0001. See this blog for general information on how to create business roles and maintain restrictions

How Can Authorization Groups be Created / Edited:

Authorization Groups can be created or edited via the following configuration 
Maintain Authorization Groups for Business Partner (105622)
Define Authorization Groups for BP Suppliers (105669)
Define Authorization Groups for BP Customers (105670)
 

Information on Additional Authorization Related Blogs:

For information on how to create Business Roles, Maintain Restrictions and how to assign Business Roles to Business Users please see the blog:
How to Manage Authorizations by via Business Roles for Customer and Supplier Business Partner Master...

For information on how to avoid Business Role and Catalog conflicts see this blog:
Business Role / Catalog Conflicts (LO-MD-BP examples but relevant across other areas)

The examples in this blog are intended for explanation purposes.

Kind Regards,
Stephen 

5 Comments