We have restricted CAT2 using the P_PERNR auth object (after switching PERNR on in OOAC) for our Portal implementation. One of our controls for Employee Portal time entry is that employees can only enter time up to 2 weeks in advance at most.
This is set in the SU01 user parameter CVR with our custom data entry profile set. However, if the user logs into SAP GUI and runs CAT2 they are able to select a different data entry profile and thus enter time 3 weeks or 3 years in advance.
Is there any way to control access to the data entry profile within CAT2