We want to restrict end users from accessing Fb01 transaction from front end, but if they process any failed BDC(which requires FB01) should be allowed.
I was trying to identify what are the options to meet these expectations, I see following options, but not sure about their feasibility and pros/cons:
1. To identify if there is any security object which can permit BDC processing but restrict front end execution of Tcode.
2. To build a validation (if possible) to restrict FB01 execution via front end (may be we can put a check if session_name field is blank or not or use a user exit for the same.
Please share your experience and if there is any other better way of achieving this.