SAP Knowledge Base Article - Public

3382114 - How to restrict users from Accessing Supplier Invoices that belong to a Different Company?

Symptom

You have set restricted access in Edit-> Access Rights view for a certain user but the user is still able to access supplier invoice which belongs to a different company.

Environment

SAP Business By Design

Reproducing the Issue

  1. Go to Application and User management work center
  2. Select Business Users view
  3. Edit Access Rights for user A (A refers to a user)
  4. Navigate to Access Restrictions view and restrict only to the specific company Q to which the user A belongs to.
  5. Now login as the user A
  6. Select Supplier Invoicing work center->Invoices and Credit memos view
  7. User A is still able to access invoices belonging to different company say R

Cause

Restriction rules are not created in this system.

Resolution

To restrict users from creating supplier invoices which do not belong to their company, you have to create Restriction rules.

Steps:

  1. Go to application and user management work center
  2. Select view Business role
  3. Edit/create a business role.
  4. Assign Invoices and Credit Memos view in work center and view assignments tab.
  5. Click on access restrictions tab and select view Invoices and Credit Memos and assign restricted read and No access to write.
  6. Scroll down and select rule "Restrict to Employee's Company".
  7. Assign business role to required users and confirm.

Now the users who are assigned to this business role can only access the invoices belonging to their company.

If the above does not work as expected kindly perform the below actions as well:

  1. Afterwards Perform Update Access Rights of the business user ID and then verify that the SRM_INVOICESCANNING restriction settings of role and user match.
  2. In case the issue remains, perform Actions > Check Access Rights Consistency for the user for any related inconsistencies. The effective access rights consist of the sum of the different access restrictions. If permission is granted in any view of an activity group, it will overrule restrictions of other views in the same activity group.

Keywords

access restrictions, supplier invoice access based on company, business role, Restrict to Employee's Company , KBA , AP-SIP-SIV , Supplier Invoice , How To

Product

SAP Business ByDesign all versions