BAPI authorization check
i have a situation: when execute BAPI FM in R/3,is there any way to restrict any transaction post?
ex. FM BAPI_INCOMINGINVOICE_CREATE' use to post LIV document by SE37 directly,it's a risk
that no auth.check in this FM...if need,which auth.object can use to avoid this ?
In addition to Fredrik's good advise, please take note that you are talking about 2 different types of authority-checks now.
Previously, we were discussing checks performed by the BAPI itself (for example F_BKPF_BUK and F_BKPF_KOA etc).
What you are now refering to are the S_DEVELOP checks performed within the development workbench when generating the test environment for the function module. These are performed before the BAPI's own checks are.
That the system is checking activity '03' when executing the function module, is because you are most likely on a 46C SAP system.
I strongly recommend that you implement SAP Note # 587410 (can be done easily via SNOTE) to differentiate between displaying such development objects, and executing them directly from the workbench tools...