We have a scenario where we have two kind of service.
POST Service , which updates data in SAP- Create Operation in Gateway
Other Read Service which only reads data from SAP - GetEntity(Read) or GetEntity(Query)
We need to restrict set of users who will have only POST service Authorization.
We tried by using Z Authorization object which will be maintained for POST Service users with activity 10 POST and coding AUTHORITY-CHECK OBJECT in POST Service.
But it is not working. Users who is not having POST service authorization, still they are able to access and post(Create) data in SAP.
Any Ideas on what is going wrong or how we can achieve the requirement?