Showing results for 
Search instead for 
Did you mean: 

How to restrict user on authorization objects in Business Roles?

0 Kudos



I want to segregate user based on read, write and display roles. How can I do this?


Learn more about the SAP Support user and program here.
View Entire Topic
0 Kudos

Dear Customer, 


In S/4HANA Cloud, restriction fields are organized in restriction types. Restriction types that contain general organizational restriction fields can be found in the top section called General. These restriction types contain only one restriction field. The settings you make for the single restriction types sum up to the authorization that is granted to the business role and therefore to the assigned business users.

Using the Maintain Business Roles app, you have the following options for maintaining restrictions:

In the Maintain Restrictions UI, you can maintain restrictions for business roles. These restrictions are the basis of authorizations that are granted to the business users who are assigned to this business role. The business catalog defines which access categories are available for maintaining and for which fields restriction values can be maintained.

The following access categories are available:
  • Write, Read, Value Help (write access)
  • Read, Value Help (read access)
  • Value Help (value help access)

The available restriction fields represent the authorization-relevant attributes of the business objects that are used in a role. Authorization for these fields can be granted on write, read or value help level (for example for a particular sales area).

You can select or enter single values (pre-defined by SAP or customer-specific configuration) and ranges.


Please check the procedure and more details regarding the restrictions in SAP Help Portal | How to Define Authorizations Based on Restrictions


Thank you!