Symptom
- A Role has been created using the Catalog SAP_CMD_BC_PR_MAINT_PC with Write / Read restriction on 'Authorization Group for Product Group' but the app "Manage Product Master Data" returns all products incorrectly
- A user only has Authorization to access Products with a certain Product Group but all Products are viewable in the App "Manage Product Master Data"
- A Product / Material Group has a Authorization group maintained in the SSCUI "Define Material Groups" ( 102665 ) and Restrictions maintained to view Products Associated with the Material Group but this is ignored in the Product Master
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Environment
SAP S/4HANA Cloud Public Edition
Reproducing the Issue
- Access the Launchpad with the Custom Role where catalog SAP_CMD_BC_PR_MAINT_PC is assigned or use the Standard Role SAP_BR_PRODMASTER_SPECIALIST with restrictions maintained for 'Authorization Group for Product Group'
- Open the App "Manage Product Master Data"
- Press Go
- Products are returned in the results that are not assigned to the Product Group
Cause
When searching in the App "Manage Product Master Data" , the table V023 which is behind the SSCUI "Define Material Groups" ( 102665 ) is read
It checks if the field AGrp is maintained and what value it has .
If the field AGrp is maintained with the same Authorization Group that is allowed for the user in the catalog SAP_CMD_BC_PR_MAINT_PC = the Product is displayed in the search results.
If the field AGrp is maintained with a different Authorization Group then the Group allowed for the user in the catalog SAP_CMD_BC_PR_MAINT_PC = the Product is not displayed in the search results.
If the field AGrp is blank in the SSCUI "Define Material Groups" ( 102665 ) , the Product is shown regardless in the search results.
Sample Scenario to illustrate
Product Number | Product Group | Authorization Group |
MAT1 | Z001 | A |
MAT2 | Z002 | B |
MAT3 | Z003 |
SSCUI "Define Material Groups" ( 102665 )
Unrestricted authorization for the catalog SAP_CMD_BC_PR_MAINT_PC returns all 3 materials
restriction maintain for the catalog SAP_CMD_BC_PR_MAINT_PC where 'Authorization Group for Product Group' is A
Product MAT1 is correctly returned as Product Group Z001 assigned in the header of the product has Authorization Group A assigned.
Product MAT2 is ommited as Product Group Z002 assigned in the header of the product has Authorization Group B which the user does not have authorization to in the Role
Product MAT3 is returned as Product Group Z003 assigned in the header of the product has no authorization group maintained
Resolution
System works as designed.
See Also
- For the restriction on 'Authorization Group for Product Group' in the catalog SAP_CMD_BC_PR_MAINT_PC to work , both restrictions "Write , Read, Value Help" and "Read,Value help" need to maintained
Same restriction maintained for "Write , Read, Value Help" in the App "Maintain Business Role"
Sample Restriction maintained for "Read, Value Help" in the App "Maintain Business Role"
- Please make sure that there is only a single role that has the auth object ''Authorization Group for Product Group' associated with it, if there are multiple roles with conflicting authorization values then the restriction will not apply.
Keywords
"Manage Your Solution" , "Configure Your Solution" , ILM ,SAP_BR_PRODMASTER_SPECIALIST , 'Master Data Specialist - Product Data' ,BEGRU , Material Group (MATKL) , m_mate_wgr,Authorization Group for Product Group, SAP S/4HANA Cloud Public Edition, , KBA , LO-MD-MM , Material Master , LO-MD-FIO-MM , Fiori UI for Product Master , How To