SAP Business Partner Hide Field Visibility and Authorization to BP Groups
SAP S/4HANA Business Partner Authorization Management provides the flexibility of the control the access to the Business Partners based on the authorization assigned to the user profile in the roles and also provides flexibility to control display/change within Business Partners. This blogs provides the standard configuration delivery with SAP S/4HANA without the need of development.
Business Partner Configuration Steps:
Maintain Authorization Groups
In this step you define the corresponding values and a name for the field Authorization Group.
You can use this field to control which users are authorized to maintain business partners. Each business partner can be assigned an authorization group in the dialog.
Define the required Authorization Group and assign this Authorization Group to the Business Partner in the General Role ->Control – > Control Parameters.
Step 2 : Maintain Authorization Types in the BP configuration.
Maintain Authorization Types
In this activity you maintain authorization types.
Using the authorization types you can define flexible authorizations via business partner fields. The authorizations are maintained using the authorization object B_BUPA_ATT .
In the activity Generate and assign authorizations you can create authorizations for authorization types.
Define new authorization types if necessary, and assign the dynpro fields which should control a maintenance authorization.
In this step, I’ve created a Authorization Type for Country , Added Description , Flag Active check box and selected the screen-field ADDR1_DATA-COUNTRY. This screen-field determines the authorization for this field in the BP.
In this step select the standard field which is relevant for authorization.
Define Field Groups Relevant to Authorizations
In this activity, you choose those field groups from the existing field groups whose fields can only be maintained or displayed by individual users.
The necessary authorizations are maintained using the authorization object B_BUPA_FDG.
Create entries for the authorization-relevant field groups.
I’ve added new entry Country from the available list of fields provided by SAP as standard fields relevant for Authorizations.
Step 4 :
In this step, Generate and Assign Authorization to the new custom role for the BP.
Generate and Assign Authorizations
You can create authorizations using the Profile Generator in transaction PFCG (role maintenance).
Note the general documentation for the Profile Generator in the SAP Library. You can find this by choosing:
BC – Basis Components -> Computer Center Management System -> Users and Authorizations -> The Profile Generator
This information is also available in the Implementation Guide by
choosing Basis Components -> System Administration -> Users and Authorizations -> Maintain Authorizations and Profiles using the Profile Generator
Select the Custom Roles and Under Authorization tab, select Display Authorization data and Generate Profiles.
Once this custom role is assigned to the User, then based on the Authorization profile system can control display of the Business Partner Groups and Business Partner Fields.
As a result of user not having the authorization to display Country field. In the BP transaction display of the Business Partner Country field is not visible.
Hope this blog helps you to handle the authorization control for the Business Partner’s. Also, note that all the fields for authorization are currently not available and I’ve raised a request to SAP to add all the BP fields.
Thanks and Regards,
Thanks for the information.
The field groups relevant to authorization settings are working in Fiori apps Manage Business Partners , Create Customers , Create Suppliers apps ? I know this is working fine for the transaction BP and related app Maintain Business Partner.
Thankyou for sharing the knowledge.
Could you please let me know how were the AUthorization type ZCT and field status groups added to the Auth objects .
Were they added automatically after regeneration of role?
since there seems to be no deny function I am wondering if there is an option to make fieldgroup 0009 of Applicationobject BUPA not visible.
I already added the fieldgroup in customizing and added every fieldgroup in the authorization object except fieldgroup 0009.
But the bank details are still displayed.
Has onyone an idea?