SAP Knowledge Base Article - Public

2808362 - Restriction "Authorization Group for Product Group" ignored when using the App "Manage Product Master Data"

Symptom

  • A Role has been created using the Catalog  SAP_CMD_BC_PR_MAINT_PC with Write / Read restriction on 'Authorization Group for Product Group' but the app "Manage Product Master Data" returns all products incorrectly
  • A user only has Authorization to access Products with a certain Product Group but all Products are viewable in the App "Manage Product Master Data"
  • A Product / Material Group has a Authorization group maintained in the SSCUI "Define Material Groups" ( 102665 ) and Restrictions maintained to view Products Associated with the Material Group but this is ignored in the Product Master

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP S/4HANA Cloud Public Edition

Reproducing the Issue

  1. Access the Launchpad with the Custom Role where catalog SAP_CMD_BC_PR_MAINT_PC  is assigned or use the Standard Role SAP_BR_PRODMASTER_SPECIALIST with restrictions maintained for 'Authorization Group for Product Group'
  2. Open the App "Manage Product Master Data"
  3. Press Go
  4. Products are returned in the results that are not assigned to the Product Group

Cause

When searching in the App "Manage Product Master Data" , the table V023 which is behind the SSCUI "Define Material Groups" ( 102665 ) is read

It checks if the field AGrp is maintained and what value it has .

If the field AGrp  is maintained with the same Authorization Group that is allowed for the user in the catalog  SAP_CMD_BC_PR_MAINT_PC = the Product is displayed in the search results.

If the field AGrp  is maintained with a different Authorization Group then the Group allowed for the user in the catalog  SAP_CMD_BC_PR_MAINT_PC = the Product is not displayed in the search results.

If the field AGrp  is blank in the SSCUI "Define Material Groups" ( 102665 ) , the Product is shown regardless in the search results.

Sample Scenario to illustrate 

Product Number   Product Group   Authorization Group
MAT1  Z001            A
MAT2    Z002            B
MAT3   Z003              

maintainedEntries.png

                                                     SSCUI "Define Material Groups" ( 102665 )  

 

AllMaterialShown.png

                                                                                                                      Unrestricted authorization for the catalog SAP_CMD_BC_PR_MAINT_PC returns all 3 materials

restricted.png

                                                                                                            restriction maintain for the catalog SAP_CMD_BC_PR_MAINT_PC where 'Authorization Group for Product Group' is A

 

      Product MAT1 is correctly returned as Product Group Z001 assigned in the header of the product has Authorization Group A assigned.

      Product MAT2 is ommited as Product Group Z002 assigned in the header of the product has Authorization Group B which the user does not have authorization to in the Role

      Product MAT3 is returned as Product Group Z003 assigned in the header of the product has no authorization group maintained

 

Resolution

System works as designed.

See Also

  • For the restriction on 'Authorization Group for Product Group' in the catalog  SAP_CMD_BC_PR_MAINT_PC to work , both  restrictions "Write , Read, Value Help" and "Read,Value help" need to maintained

WriteReadValueHelp.png

                                       Same restriction maintained for  "Write , Read, Value Help" in the App "Maintain Business Role"

ReadValueHelp.png

Sample Restriction maintained for  "Read, Value Help" in the App "Maintain Business Role"

 

 

  • Please make sure that there is only a single role that has the auth object ''Authorization Group for Product Group' associated with it, if there are multiple roles with conflicting authorization values then the restriction will not apply.

 

Keywords

"Manage Your Solution" , "Configure Your Solution" , ILM ,SAP_BR_PRODMASTER_SPECIALIST , 'Master Data Specialist - Product Data' ,BEGRU , Material Group (MATKL) , m_mate_wgr,Authorization Group for Product Group, SAP S/4HANA Cloud Public Edition, , KBA , LO-MD-MM , Material Master , LO-MD-FIO-MM , Fiori UI for Product Master , How To

Product

SAP S/4HANA Cloud Public Edition all versions