Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization for generic object services - GOS - payroll data

Go to solution
Former Member

‎2011 Jun 15 3:31 PM

0 Likes
848

Is there anyway to restrict what people see via GOS? I can't see any authorisations behind it except S_OC_ROLE. Seem users can view payroll details of a workflow agent in the workflow logs(view with technical details). Its a wild shot that an end user will find this information in the container tab but it look like a massive security flaw.

I will be interested to know if others have the same problem and how they resolved it.

Thanks

1 ACCEPTED SOLUTION
Read only

Go to solution
Bernhard_SAP
Product and Topic Expert
Product and Topic Expert

‎2011 Jun 16 11:57 AM

0 Likes
766

Hello Savo,

please have a look at SAP note 491271.

b.rgds, Bernhard

3 REPLIES 3
Read only

Go to solution
Former Member

‎2011 Jun 16 11:24 AM

0 Likes
766

anyone else come across this problem?

Read only

Go to solution
Bernhard_SAP
Product and Topic Expert
Product and Topic Expert

‎2011 Jun 16 11:57 AM

0 Likes
767

Hello Savo,

please have a look at SAP note 491271.

b.rgds, Bernhard

Read only

Go to solution
Former Member

‎2011 Jul 01 4:03 PM

0 Likes
766

This issue relates to authorisations. Depending on infotypes available to the user, they will be able to view data relating to the info type.

I will now have to review all authorisations to ensure there is no unauthorised access.