SAP Knowledge Base Article - Public

2733842 - Business Role Has No Access For Restriction Areas That Are Not Maintained

Symptom

  • You may see authorization errors while using different apps in SAP S/4HANA Cloud Public Edition
  • Example "No authorization for maintaining sales documents in <Sales Organization ID>"

Environment

SAP S/4HANA Cloud Public Edition

Reproducing the Issue

  1. Create a Business Role to give access to some app, using Maintain Business Roles
  2. Add restrictions to the role, by clicking Maintain Restrictions
  3. Update one of the restriction areas to have a value, like setting the Company Code value that the user will have access to
  4. Now access the app that the role is providing access to
  5. You may see errors even when viewing or creating items for the Company Code you have access to

Cause

  • By default the restriction areas that had no value maintained are set to "No Access"
  • Even though you have provided access to the correct Company Code, some other authorization is blocking access

Resolution

If you do not want other restriction areas to block access, changing the blank entries to "Unrestricted Access" will stop those restriction areas from having an impact:

  1. Create a new role from template
  2. Click on Maintain Restrictions
  3. Change one of the dropdowns to "Restricted" for Write, Read, or Value Help
  4. Now at the top of the "Restricted" section, there is a checkbox that says "Restriction Area and Values"
  5. Select that checkbox, which will now select all restrictions that are available for that section
  6. [Optional] If you already have restrictions set for a role, then you can still select all of the restrictions in step 5, and just de-select all of the values that you have already set (like Company Code in this example)
  7. At the top of the section click "Unrestricted Access" which will now set all selected values to "Unrestricted"
  8. At this point you have now changed the default behaviour of the restrictions to be unrestricted unless otherwise stated.
  9. You can now set specific options like Company Code to be restricted

Keywords

KBA , BC-SRV-APS-IAM , Identity and Access Management , Problem

Product

SAP S/4HANA Cloud 1805