Question:
hi All,
could any one know how to secure BAPI function in SAP .
Thanks
Answer:
Is it called from internal or external?
Is it custom or SAP?
Is it does it have internal Authorization checks?
What ID are you using to call it?
Etc
Answer:
Which function? Do you mean DOCUMENT_POST or USER_CHANGE, or both?
It would make alot of sence to enhance SAPīs auth check params BEFORE you start or continue restricting the auths for SFRC, otherwise you will be afforded the opportunity to do the excersize twice and will waste alot of company resources (but could "sell" it as 2 successfull projects??).
Generally, once you have made the correct configs depending on the use of the BAPI, the checks in the BAPIīs are the same as it you had the user using the tcode, with the exception that they donīt need s_tcode. If you find an exception, report it to SAP.
If you find a way to trick the BAPI into doing something other than which it was meant to do, SAP will probably tell you to get a life.
_________________
Try Search
Else SAPNet
Otherwise It was designed not to work.
____________________