***Examples/Data/Images this Blog is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.***

Hello SAP S/4HANA Cloud Community,

Introduction:

I work on the LO-MD-BP component for SAP S/4HANA Cloud and I have had several customers raise incidents about how Authorizations Groups work in the area of Customer and Supplier Business Partner Master Data in S/4HANA Cloud so I thought it would be good to write a blog on the topic to share my knowledge and experiences. 

 

What Are Authorization Groups:

If a Customer or Supplier Business Partner Master record has an entry maintained in the Authorization Group field then it is possible to set restrictions based on that.

Field.png

 

For the purpose of explanation let us assume that in your system you have only the three standard delivered authorization groups

Stakeholder: Visibility 0 (Unrestricted)    <<<< Blank entry
0001 Visibility 1 (Restricted)
0002 Stakeholder: Visibility 2 (Very Restricted)

3 Groups.png

 

Example of How to Use an Authorization Group:

If for example you have a certain group of suppliers who's master data you would like to add an extra layer of protection to then the Authorization Group field would be a good way to do so. It would be possible to assign an Authorization Group value such as 0001 (or one of your creation) to the Suppliers who's master data you would like to protect.

When you want to use the functionality of the Authorization groups to restrict a Business User from seeing certain Suppliers/Customers it is important to not use the "Blank" Authorization Group "Visibility 0" in the restriction field as it doesn't provide any functional value. This is because when a Customer or Supplier Business Partner master record has a blank value in the authorization group field then the authorization group functionality is seen as not being used. 

This means that if a user has authorization to see Suppliers with Authorization Group 0001 then they will also see Suppliers which have no Authorization Group maintained, meaning they will see Suppliers which have Authorization Group 0001 and Suppliers which have a "Blank" entry for Authorization Group "Visibility 0"

A Business Role can then be created which allows Business Users who are assigned this role the authorization to see Suppliers with Authorization Group 0001. See this blog for general information on how to create business roles and maintain restrictions

How Can Authorization Groups be Created / Edited:

Authorization Groups can be created or edited via SSCUI 500092. The exact steps would be;

1. Open the Manage Your Solution App 
2. Press Configure Your Solution 
3. Search for SSCUI 500092 
4. Press the Configure button on Step 5. Maintain authorization groups (ID 102740) 
5. Choose the Authorization Group Object to be created or edited i.e. BUPA for Business Partner , CUST Customers or SUPPL Supplier Authorization Groups
6. Edit the existing authorization groups or press New Entries to add a new one.

SSCUI 1.png

 

Information on Additional Authorization Related Blogs:

For information on how to create Business Roles, Maintain Restrictions and how to assign Business Roles to Business Users please see the blog: 
How to Manage Authorizations by via Business Roles for Customer and Supplier Business Partner Master Data in S/4HANA Cloud

For information on how to avoid Business Role and Catalog conflicts see this blog:
Business Role / Catalog Conflicts (LO-MD-BP examples but relevant across other areas)

The examples in this blog are intended for explanation purposes.


Kind Regards,
Stephen Ward
SAP Product SupportCustomer