Restrict accessing of Good Receipts & Invoices
The client is using SRM 4.0 as a P2P solution in Extended Classic Scenario.
The client uses a number of contractors to process confirmations and invoices.
The security/access issue is for contractor personnel who are working within the buyer's offices on behalf of the buyer. These contractors are acting, for examples, as "Goods Recipients" in the P2P process flow. A vendor submits a goods receipt, and then these contractors, who are not buyer staff, need to access SRM to verify the supporting documentation and approve or reject the goods receipt.
The current security problem is that anyone with the Goods Recipient role can see any Goods Receipts in the system. We want that contractors cannot see any Goods Receipt in the system that were not workflowed to their user ID.
Please suggest a solution to implement this scenario. In case of further clarification please revert.
You can implement the BBP_WF_LIST for the influencing the search results based on your requirement. The BADI documentation has very detailed information about how to implement this. Hope this solves your problem.