Skip to Content
Product Information
Author's profile photo Cassiano Lins

Maintain Restrictions in Business Role

Maintain Restrictions in Business Role


You want to set up restrictions for Business Role assigned to User

“Image/data in this BLOG is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.”


  • Financial Accounting (FI)
  • SAP S/4HANA Finance
  • SAP S/4HANA Cloud
  • SAP Fiori


  1. You can use catalogs to create your own roles. It is not possible to change catalogs or create own catalogs.
  2. In FIORI App Library check business catalog(s) associated with app concerned.
  3. In app Business Catalogs (APP ID F2471) check each tab, for example Used in Business Roles to see what roles business catalog is assigned. Check Restrictions tab to see what restrictions types are available for Business catalog concerned.
  4. In App Maintain Business Roles (App ID F1492) for existing Business or new role created, Select Maintain Restrictions.



For example, you would like to restrict the role write access to a specified company code only however to not want to place other restrictions on role which will be assigned to user.

CompanyCode.pngIf this role is save as it is, other restriction types are left blank. This means that the role has no authorization for other all areas.

5.Other restriction fields need to be maintained with authorization, for example maintain all authorization for them.
a. Select Restriction Area and Values
b. Click on Unrestricted Access
c. Click on Yes to Query Full Access: Do you want to grant unresricted access to yet Unrestricted Area?

unrestrictedaccess.pngThis sets other values for Unrestricted Access (Please note this is just one example, Maintain restricted access as per business requirements)


6.This means that other areas are unrestricted, there is only a restriction on company code.

7.Save and active Role. Assign to User in app Maintain Business Users.

8. Ensure you also check in app Business Catalogs for business catalog concerned, the General section to see if associated catalogs must be maintained. If this is the case the following text is referenced below which you will see the associated catalogs.

9. Maintain associated catalogs that must be assigned for user.

10. Point to note: A user which is assigned to multiple roles gets the union of authorizations. The principle of union is a generic principle e.g. a user is assigned an gl accountant role and a co overhead accountant role has the combination/union of the authorizations granted by both roles. Both roles give those authorizations on the same authorization entities (e.g. company code, account type of journal entry). Thus if for example the GL Accountant role has Write Access : No access and the CO Overhead accountant role assign assigned to user has Write Access: Unrestricted. User is able to post in app Post General Journal Entries as user has write accesses in the companies maintained in the restrictions in CO overhead accountant role


See Also

2663389 – Is it Possible to Define a Group in SAP S/4HANA Cloud

2598676 – Manage Posting Periods Authorization

2511840 – Manage Posting Period Variants and Manage Posting Periods for SAP S/4HANA Cloud 1708

SAP Knowledge Base Article: 2598733 – Maintain Restrictions in Business Role

Special thanks to @Cora Phelan

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Sandeep Kumar
      Sandeep Kumar

      Thanks for compiling this, one of the most frequent questions.

      Author's profile photo Anirban Dutta
      Anirban Dutta

      Thanks for sharing...very useful

      Author's profile photo Amith Nair
      Amith Nair

      Thanks for formulating this Cassiano, appreciate the effort!

      Author's profile photo Ryan Muller
      Ryan Muller

      good info, thanks!

      Author's profile photo Satyanarayana Sighakolli
      Satyanarayana Sighakolli

      Hi Cassiano Lins

      Good one. Thanks for sharing.