09-12-2012 1:41 PM
Hi Experts,
We built a custom role that includes transaction code CL6AN - Class List (ALV) in it. Furthermore, "class type" fields is restricted to values 001, 002, and 003. The auth objects were C_TCLA_BKA and C_TCLS_BER. However, upon testing, user were still able to display values for other class types.
Has anybody encountered the same? Please share how did you solve. We would appreciate any response and inputs for clarification.
Thanks,
Philip
09-13-2012 2:05 AM
Hi,
I quickly checked the source code of this transaction and there are some authorization checks. So have you run ST01 to see what checks are executed in your case.
Cheers
09-13-2012 2:05 AM
Hi,
I quickly checked the source code of this transaction and there are some authorization checks. So have you run ST01 to see what checks are executed in your case.
Cheers
09-13-2012 7:51 AM
Hi Martin,
Thanks for looking. Yes, we already performed a trace using ST01 while the transaction code is being executed. Trace result shows auth checks were performed with the same objects defined in the authority-check as specified in the source code.
Do you think this is a bug on the source code?
I have attached a file showing screenshot of part of the trace that failed.
Regards,
Philip
11-06-2012 10:02 AM