Symptom
In the generated UI for a Custom Business Object, a user with read only access is still able to add new objects
Environment
SAP S/4HANA Cloud Public Edition
Reproducing the Issue
- Create a new custom business object in the Custom Business Objects app
- Once the nodes are defined, ensure that Generate UI is selected when publishing the new business object
- Click Maintain Catalog Extensions to assign the new generated UI to a Business Catalog
- Now that the business object is created with a UI, and the UI is assigned to a catalog, create a role that has access to the Business Catalog
- In the Maintain Business Roles app, assign the catalog to the new role, ensuring that "No Access" is configured for Write restrictions
- Assign a user to the business role as well
- When this user accesses the Fiori Launchpad, they are able to see the new tile for the custom business object
- Inside the UI for this object, the user is able to create new rows, even though they had no wrtie access
Cause
Currently custom business objects do not allow write restrictions, so anyone that has access to the tile is able to create new rows
Resolution
- As this is expected behaviour, plan any roles accordingly, knowing that any user with access to the tile will be able to create, edit, and delete rows
- New enhancements are planned for future releases of SAP S/4HANA Cloud Public Edition that will allow roles to restrict write access for custom business objects
See Also
Keywords
Generate UI Maintain Catalog Extensions Custom Catalog Extensions No Access Read-Only , KBA , BC-SRV-APS-EXT-BO , Custom Tables and Nodes , Problem
Product
SAP S/4HANA Cloud Public Edition all versions