03-19-2012 6:18 PM
Hi all,
We are implementing the security in the SAP Retail solution.
We have transaction WOTB2 that needs to be restricted. According to transaction SU24, we have the possibility to do it by Purchasing group. Although the object M_BEST_EKG is set accordingly, the object is not checked during the execution of the transaction.
Has anyone experienced this issue? Are we missing a configuration?
Regards, Jose.
03-19-2012 10:46 PM
Hi,
it seems like the authorization check is not implemented for WOTB2. The structure of this transaction is bit more complex. It works with class CL_WRF_PBAS_WORKBENCH but it actually works with subclasses inherited from this class (classic example of polymorphism). For transaction WOTB2 it should be class CL_WRF_POTB_WORKBENCH_CTR. Here you can see that method CHECK_AUTHORIZATION is empty. If this is true then you have two options: raise a message with SAP why it does not perform any authorization check. The second solution is to talk with developers and they can implement that method using enhancement framework. It might not work if SAP does not call this method at all. It does not have any parameters, so it seems to me that SAP did not finish development.
Cheers
03-19-2012 10:46 PM
Hi,
it seems like the authorization check is not implemented for WOTB2. The structure of this transaction is bit more complex. It works with class CL_WRF_PBAS_WORKBENCH but it actually works with subclasses inherited from this class (classic example of polymorphism). For transaction WOTB2 it should be class CL_WRF_POTB_WORKBENCH_CTR. Here you can see that method CHECK_AUTHORIZATION is empty. If this is true then you have two options: raise a message with SAP why it does not perform any authorization check. The second solution is to talk with developers and they can implement that method using enhancement framework. It might not work if SAP does not call this method at all. It does not have any parameters, so it seems to me that SAP did not finish development.
Cheers