SAP Knowledge Base Article - Public

3354117 - Not able to assign Business Roles Groups to Business Users Groups. - SAP S/4HANA Cloud

Symptom

It's not possible to assign Users Groups to Roles Groups using the Maintain Business Roles Groups and Maintain Business Users Groups applications.

It's not possible to provide authorization to business users by assigning to them Business Roles Groups.

Environment

SAP S/4HANA Cloud

Reproducing the Issue

Maintain Business Roles Groups :

  1. Go to Maintain Business Roles Groups app.
  2. Open a Business Role Group.
  3. There's no option to assign this group to a user.

Maintain Business Users Groups :

  1. Go to Maintain Business Users Groups app.
  2. Open a Business User Group.
  3. There's no option to assign this group to a role.

Cause

Improper user handling.

The authorization concept in SAP S/4HANA Cloud is based on assigning Business Roles to Business Users through the Maintain Business Roles and Maintain Business Users applications.

With the Maintain Business Roles app, creating business roles by combining pre-defined business catalogs that contain the actual authorizations that allow users to access apps for a specific business area. If necessary, change the restrictions for the access categories value help, read, and write on field level. Once a business role is created, assign it to multiple business users who perform similar business tasks in the Maintain Business Users. Business users are all persons that need access to the solution, such as employees or contractors.

Assign Business Role Groups to Business Users Groups and this is not the purpose of these applications. The Maintain Business Role Groups and Maintain Business User Groups features were created to assign Roles to Role Groups and Users to Users Groups in order to help you to organize your area.  

In Business Role Groups, for example, Business Roles 1, 2 and 3 are from Finance Group.
In Business Use Groups, for example, Business Users 1, 2 and 3 are for Extensibility. This helps you to organize your system.

However, these applications are not intended to grant authorizations.

Resolution

Authorization management must be done using the Maintain Business Roles and Maintain Business Users applications. 

See Also

For more information regarding Business Users and Roles Groups, check the SAP Blog Post | How to use the Maintain Business Role Groups functionality.

For more information regarding authorization concept, check the following documentations:
SAP Help Portal | Maintain Business Roles
SAP Help Portal | Identity and Access Management

Keywords

maintain business users, maintain business roles, business role group, business user group, IAM, authorization, user, grant, provide , KBA , BC-SRV-APS-IAM , Identity and Access Management , Problem

Product

SAP S/4HANA Cloud Public Edition all versions