/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
How to Define Authorizations Based on Restrictions?
Example scenario: Maintain the plant restrictions on a business role to plant 1010 (access only to 1010) but users are able to edit Purchase Requisitions and Purchase Orders that do not belong to Plant (1010).
Environment
SAP S/4HANA Cloud Public Edition
Cause
Missing Business Role/Catalog restrictions.
Resolution
If multiple catalogs sharing common authorization object to different roles with different restrictions, all these roles are assigned to same user, user will have a union of all these authorizations.
Hence, if Role A allows the authorization and Role B restricts and a user is assigned both Role A and B, then authorization status is allowed. Note that assigning multiple business roles to a business user increases the risk of overriding existing authorizations.
For detailed information refer to How to Define Authorizations Based on Restrictions
Keywords
restrictions on plant, maintain business users, S4_1C, S4HC, MM-PUR-REQ-GUI, CB User access to plant, S4_PC, roles, business catalog, X4BC, union, fields, PR, PO, restrict, role, catalog, access , KBA , MM-PUR-REQ-2CL , Purchase Requisitions (Public Cloud) , MM-PUR-PO , Purchase Orders , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)