cancel
Showing results for 
Search instead for 
Did you mean: 

Service Layer SBO10FP2011 User without license can CRUD

edy_simon
Active Contributor

Hi ankit.chauhan1 ,
Environment SBO10FP2011 MSSQL
Just checking if this is by design. - but this doesn't looks right.
On my SBODemo, I have user 'A001' and no SAP license is assigned to this user.
With this user I can login ServiceLayer, and perform CRUD operations on items, businesspartners.

Is this correct?

Regards

Edy

ANKIT_CHAUHAN
Product and Topic Expert
Product and Topic Expert

Dear edy.simon,

Till date, Service Layer is not implementing any check on SAP Business One license. You just need a valid SAP Business One User.

About the restriction or implementation of License check mechanism, it cannot be promised or commented at this moment.

Kind regards,

ANKIT CHAUHAN

SAP Business One Support

Accepted Solutions (1)

Accepted Solutions (1)

ANKIT_CHAUHAN
Product and Topic Expert
Product and Topic Expert

Dear edy.simon,

For Login into Service Layer, you just need a valid SAP Business One User. No checks are done at all.

About accessing all the Business Objects, this will depend on the User’s permissions/authorizations.

For example:

User “alex” is a Super User, will have the access to all the Business Objects because it will be having Full Authorizations.

User “alex” is not a Super User and has No Authorization for Sales Orders, then the following response will be returned by the Service Layer for “alex”:

GET /b1s/v1/Orders
{
"error": {
"code": -3000,
"message": {
"lang": "en-us",
"value": "The logged-on user does not have permission to use this object."
}
}
}

Hope it helps!

Kind regards,

ANKIT CHAUHAN

SAP Business One Support

edy_simon
Active Contributor

Hi ankit.chauhan1 ,
Does this mean that Service Layer users do not need a license in SAP?
We can create an apps which consume this for our client without having them to have a valid license?
Sounds too good to be true 🙂
If it is, is there any plan in SAP Roadmap to restrict this in the future? I would not want to over promise my clients.

In such case, Authorization 'Disable di api permission check' is very important then.
Giving this authorization will allow this user to be a SuperUser holding Professional License without actually holding any license.

Regards
Edy

Answers (0)