Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
cancel
Showing results for 
Search instead for 
Did you mean: 
Stephen_Ward
Product and Topic Expert
Product and Topic Expert
7,797
***Examples/Data/Images this Blog is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.***

Hello SAP S/4HANA Cloud Community,

Introduction:

I work on the LO-MD-BP component for SAP S/4HANA Cloud and I have had several customers raise incidents about how Authorizations Groups work in the area of Customer and Supplier Business Partner Master Data in S/4HANA Cloud so I thought it would be good to write a blog on the topic to share my knowledge and experiences.

 

What Are Authorization Groups:

If a Customer or Supplier Business Partner Master record has an entry maintained in the Authorization Group field then it is possible to set restrictions based on that.



 

For the purpose of explanation let us assume that in your system you have only the three standard delivered authorization groups

Stakeholder: Visibility 0 (Unrestricted) <<<< Blank entry
0001 Visibility 1 (Restricted)
0002 Stakeholder: Visibility 2 (Very Restricted)



 

Example of How to Use an Authorization Group:

If for example you have a certain group of suppliers who's master data you would like to add an extra layer of protection to then the Authorization Group field would be a good way to do so. It would be possible to assign an Authorization Group value such as 0001 (or one of your creation) to the Suppliers who's master data you would like to protect.

When you want to use the functionality of the Authorization groups to restrict a Business User from seeing certain Suppliers/Customers it is important to not use the "Blank" Authorization Group "Visibility 0" in the restriction field as it doesn't provide any functional value. This is because when a Customer or Supplier Business Partner master record has a blank value in the authorization group field then the authorization group functionality is seen as not being used.

This means that if a user has authorization to see Suppliers with Authorization Group 0001 then they will also see Suppliers which have no Authorization Group maintained, meaning they will see Suppliers which have Authorization Group 0001 and Suppliers which have a "Blank" entry for Authorization Group "Visibility 0"

A Business Role can then be created which allows Business Users who are assigned this role the authorization to see Suppliers with Authorization Group 0001. See this blog for general information on how to create business roles and maintain restrictions

How Can Authorization Groups be Created / Edited:

Authorization Groups can be created or edited via SSCUI 500092. The exact steps would be;

1. Open the Manage Your Solution App
2. Press Configure Your Solution
3. Search for SSCUI 500092
4. Press the Configure button on Step 5. Maintain authorization groups (ID 102740)
5. Choose the Authorization Group Object to be created or edited i.e. BUPA for Business Partner , CUST Customers or SUPPL Supplier Authorization Groups
6. Edit the existing authorization groups or press New Entries to add a new one.



 

Information on Additional Authorization Related Blogs:

For information on how to create Business Roles, Maintain Restrictions and how to assign Business Roles to Business Users please see the blog:
How to Manage Authorizations by via Business Roles for Customer and Supplier Business Partner Master...

For information on how to avoid Business Role and Catalog conflicts see this blog:
Business Role / Catalog Conflicts (LO-MD-BP examples but relevant across other areas)

The examples in this blog are intended for explanation purposes.

Kind Regards,
Stephen Ward
SAP Product SupportCustomer
5 Comments

great content, will make sure Edmin is aware of it too!

Stephen_Ward
Product and Topic Expert
Product and Topic Expert
0 Kudos

Thanks Eva, Edmin continues to learn at an impressive rate.

Karl
Product and Topic Expert
Product and Topic Expert

Great post!

veroolmillo
Explorer
0 Kudos

Hi @Stephen_Ward

I am in a case where we have two companies in the system, and the users that manage one company should not be able to see or modify the business partners of the other company, not even the basic address data. For this, it has been proposed to create two groupings of business partners, and to be able to restrict the visibility according to the grouping; and the problem is that we have not seen that this restriction can be used. At the basic data level of the business partner, there are only the authorization groups, but it does not work, since it is not possible to restrict according to the company.

Can someone help me to solve it? 

#bp #businesspartnerrestriction #saps4hanapubliccloud

Thanks a lot,

Regards

 

PabloCaravantes
Newcomer
0 Kudos

Maintain authorization groups (ID 102740)

https://userapps.support.sap.com/sap/support/knowledge/en/3280297

The SSCUI 102740 - "Maintain authorization groups" is not available for the cloud customer for use

On my Partner Demo System i cannot edit BP Clasiffication for Poland. Anyone can help. 102740 apps is not available on S4H Public Cloud. 

PabloCaravantes_0-1717499570900.png