I am facing below strange issue with authorization of Person Responsible (Field = VERNR) at Project Definition Level:
Business has some high confidential R&D projects going on during the year. During system testing, we witnessed that if any unauthorized user wants to access that project then he can follow below steps:
While Entering Project Number he is not able to access any object of that Project. In order to access and control the project completely he will schedule the project. As soon as system schedules the project, system opens complete project for a moment which can be editable until you switch the tab from Basic Data to Control, that user can change the person responsible name and the project is all available for him.
This is a system loophole, you can say we have a change option available despite of no authorization just before we click or refresh the screen.
Please guide how to fix that bug if anyone have faced this kind of strange issue?