/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- Users are able to edit purchase orders despite not having edit permissions.
- The Purchase Order Management app is assigned to the business catalog SAP_PS_BC_PROJ_FIN_ANLYTC_MC, but it does not appear on the business role screen.
- The business role NESIC_BR_COMMON_DSP, which has the business catalog SAP_PS_BC_PROJ_FIN_ANLYTC_MC assigned, is set to "Write Access: No Access".
- Clicking the navigation of the Purchase Order Management app leads to the Manage Purchase Order app, where users can edit purchase orders.
Environment
SAP S/4HANA Cloud Public Edition
Reproducing the Issue
- Assign the business catalog SAP_PS_BC_PROJ_FIN_ANLYTC_MC to the business role NESIC_BR_COMMON_DSP.
- Search for a purchase requestion number in the Purchase Order Management app.
- Navigate to the Manage Purchase Order app through the Purchase Order Management app (0842A).
- Observe that the edit button is displayed and users can edit purchase orders despite having "Write Access: No Access".
Cause
- Start authorization for an app is checked separately from authorization to create or change business documents like purchase orders.
- The business catalog SAP_PS_BC_PROJ_FIN_ANLYTC_MC allows users to start the purchase order management app (0842a).
- The IAM apps in the catalog SAP_LE_BC_ID_PROC_MC provide authorization to create and change purchase orders.
- The catalog SAP_LE_BC_ID_PROC_MC is part of the business role NESIC_BR_PROC_REQDEPT_MEMBER.
- Therefore, users who have both the authorization to start app 0842a and the create/change authorization can edit purchase orders using the manage purchase orders app.
Resolution
- Remove the catalog SAP_PS_BC_PROJ_FIN_ANLYTC_MC from the role NESIC_BR_COMMON_DSP to prevent edit access to purchase orders.
- Alternatively, implement the BAdI BD_MMPUR_FINAL_CHECK_PO to perform custom checks before a purchase order is saved. This can prevent unwanted changes or edits to the purchase order and enforce necessary business rules.
Keywords
purchase order management, edit permissions, sap s/4hana cloud public edition, purchase order app, authorization issue, business catalog, sap_ps_bc_proj_fin_anlytc_mc, sap_le_bc_id_proc_mc, manage purchase orders app, write access no access, badi bd_mmpur_final_check_po , KBA , MM-FIO-PUR-PO , Fiori UI for Purchase Orders , Problem
Product
SAP S/4HANA Cloud Public Edition all versions
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)