Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization for generic object services - GOS - payroll data

Go to solution
Former Member

‎06-15-2011 3:31 PM

0 Kudos

Is there anyway to restrict what people see via GOS? I can't see any authorisations behind it except S_OC_ROLE. Seem users can view payroll details of a workflow agent in the workflow logs(view with technical details). Its a wild shot that an end user will find this information in the container tab but it look like a massive security flaw.

I will be interested to know if others have the same problem and how they resolved it.

Thanks

1 ACCEPTED SOLUTION

Go to solution
Bernhard_SAP
Advisor
Advisor

‎06-16-2011 11:57 AM

0 Kudos

Hello Savo,

please have a look at SAP note 491271.

b.rgds, Bernhard

3 REPLIES 3

Go to solution
Former Member

‎06-16-2011 11:24 AM

0 Kudos

anyone else come across this problem?

Go to solution
Bernhard_SAP
Advisor
Advisor

‎06-16-2011 11:57 AM

0 Kudos

Hello Savo,

please have a look at SAP note 491271.

b.rgds, Bernhard

Go to solution
Former Member

‎07-01-2011 4:03 PM

0 Kudos

This issue relates to authorisations. Depending on infotypes available to the user, they will be able to view data relating to the info type.

I will now have to review all authorisations to ensure there is no unauthorised access.