3756041 - How to avoid it Purchase Order approvers can edit purchase orders in Purchase orders Apps

• Users assigned only to approve purchase orders can also edit them in the Manage Purchase Orders app.
• When the approver role includes the business catalog SAP_MM_BC_PO_WIAPPROVE_PC, the Edit action is available and changes can be saved.

• Product: SAP S/4HANA Cloud Public Edition
• Purchase Order Workflow (Public Cloud)

1. Assign a user an approver role that includes the business catalog SAP_MM_BC_PO_WIAPPROVE_PC.
2. Open the Manage Purchase Orders app with that user.
3. Observe that the user can edit and save changes to the purchase order in addition to approving or rejecting it.

This is by design: the approval workflow updates the purchase order using the approver’s authorizations; therefore, the approver requires change authorization to set the final status, which makes edit capability available.

• This will make the approver with authorization to release/reject PO 
• The APP Change Purchase order will not appear in approver´s Launchpad.
• Approvers will see the app display purchase order
• if they try to edit the PO , they will receive an error message about missing authorization.

refer to: 3114205 - Roles created with the catalog SAP_MM_BC_PO_WIAPPROVE_PC can Edit Purchase Orders

sod, segregation of duties, approver edit, purchase order approval, manage purchase orders, sap_mm_bc_po_wiapprove_pc, authorization, iam, workflow approval, edit prevention, badi bd_mmpur_final_check_po, approval and edit conflict, po approver permissions, purchase order governance, compliance, IAM , KBA , MM-FIO-PUR-PO-WFL-CL , Purchase Order Workflow (Public Cloud) , Problem