-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Re: BAPI_ACC_DOCUMENT_POST + Authorizations
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
BAPI_ACC_DOCUMENT_POST + Authorizations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2006 May 13 1:51 PM
- SAP Managed Tags
- ABAP Development
This is quite a popular BAPI for posting FI documents due to it's excellent speed in contrast to traditional call transaction or BDC processing for FI document creation.
Just wondered if many people using it have implemented appropriate security around it, as it does not perform any FI document posting authorization checks. So no Company code F_BKPF_BUK, GL Account F_BKPF_BES, Customer F_BKPF_BED, Vendor F_BKPF_BEK, etc. auth checks are done.
I've used the BADI called within the above and the BAPI_ACC_DOCUMENT_CHECK function, the ACC_DOCUMENT BADI to put tight checks in akin to the ones that occur in FB01. I added code within an implementation of BADI's CHANGE method, it works well as a solution.
Just wondering how other people have dealt with this BAPIs lack of auth checks ?
Message was edited by: Declan Kearney
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2006 May 23 3:49 PM
- SAP Managed Tags
- ABAP Development
Hi,
in those cases create a Wrapper RFC enabled FM, inside that you can check the Authorizations and call the BAPI .
Regards
vijay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2006 May 23 3:52 PM
- SAP Managed Tags
- ABAP Development
Or Before calling the BAPI check the authorizations inside the Program and accordingly call the BAPI. if the BAPI call is inside the Program.
or if it is RFC Call then above suggestion works.
Regards
vijay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2006 May 23 4:07 PM
- SAP Managed Tags
- ABAP Development
Creating a Wrapper RFC function to front a standard SAP BAPI (which itself is RFC enabled ) , would work but to me is just adding more layers and not solving the underlying weakness. So long as someone has S_RFC access they can still post when you would not want them to by calling this BAPI directly
Message was edited by: Declan Kearney
Message was edited by: Declan Kearney
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2006 May 23 4:29 PM
- SAP Managed Tags
- ABAP Development
apart from s_rfc you will check other Authrization objects also. not simply one RFC access check. even you can create your own Authority objects and stop them to use before calling the BAPI by using Authority Check,.
Regards
vijay
Bluesky