Question:
Using PA20, some users have data on IT369 hidden and others can view the data. Normally this is based on UGR but in this case UGR or MOLGA of user does not seem to matter. It does not seem to be access rights cause user does not get a no authorisation message, it just seems like there is no data in that infotype.
Also all users can view with SE16.
Any help will be appreciated.
Answer:
This is by design, there are security checks on you PA transactions, however SE16 is simply a data browser and shows all fields. For this reason SE16 should be restricted to users that have access to all data.
For my clients I recommend only giving this access to support persons or those with central access or “ALL access” security profiles.
Answer:
SE16 can be as restrictive as PA20 if you configure S_TABU_LIN ( it original intent was to limit HR data in SE16)
_________________
John A. Jarboe