3495075 - Unable to create restrictions for Purchase Order Document Types in SAP S/4 Hana Cloud - Public edition

Issue with restricting Purchase Order Document Types, which is also affecting Purchase Requisitions. For example, selecting NB B automatically selects NB F, which is causing unintended consequences.

SAP S/4HANA Cloud Public Edition 2502 and higher

• The issue occurs because the user is assigned to multiple business roles that contain the same business catalogs and/or restriction types.
• If at least one of the assigned business roles is unrestricted, the system grants unrestricted access to the user, even when another assigned role contains restrictions. 
• This is standard authorization behavior in SAP S/4HANA Cloud, where unrestricted roles take precedence over restricted ones. 

1. Ensure that users are not assigned multiple business roles with conflicting restriction settings for the same business catalogs.
2. If restricted access is required, remove or adjust any unrestricted business roles assigned to the user.
3. From SAP S/4HANA Cloud release 2508 onward, use IAM transactions to define and enforce granular access restrictions.
4. It is recommended to use IAM apps to manage, validate, and monitor authorizations to avoid overlapping or conflicting role assignments.
5. From release 2508, the IAM transactions can be used to restrict the access See more information  Work with IAM Apps of the App Authorization Variant Type | SAP Help Portal 

How to Define Authorizations Based on Restrictions

S4_HC, S4_1C, Restrictions, Catalogs, Business roles, Restriction types, Unrestricted, MM-PUR-IAM , KBA , MM-PUR-IAM-2CL , Identity Management for Procurement (Public Cloud) , Problem