BAPI_ACC_DOCUMENT_POST + Authorizations
This is quite a popular BAPI for posting FI documents due to it's excellent speed in contrast to traditional call transaction or BDC processing for FI document creation.
Just wondered if many people using it have implemented appropriate security around it, as it does not perform any FI document posting authorization checks. So no Company code F_BKPF_BUK, GL Account F_BKPF_BES, Customer F_BKPF_BED, Vendor F_BKPF_BEK, etc. auth checks are done.
I've used the BADI called within the above and the BAPI_ACC_DOCUMENT_CHECK function, the ACC_DOCUMENT BADI to put tight checks in akin to the ones that occur in FB01. I added code within an implementation of BADI's CHANGE method, it works well as a solution.
Just wondering how other people have dealt with this BAPIs lack of auth checks ?
Message was edited by: Declan Kearney