I have a small problem and I was wondering if somebody could help.
The user asked me to differentiate in a transaction (XD02 and FD02) the access of changing or simply displaying a field based on Users.
I tried to solve the problem in the following manner:
1. As the field didn't exist (ZTERM and VLIBB), I created an authorization object via transaction SU20.
2. In Authorization maintenance SU21, I created four Authorization objects, 2 for display ACTVT and 2 for Change.
3. These authorisation objects where attributed into transaction SU22 and SU24 for the transactions (XD02 and FD02).
4. Afterwards I run all checks which roles have to be changed via transaction SUIM.
5. I changed the affected roles (via transaction PFCG) and added the auhtorization objects, in a first time, I only attributed display activity.
6. But there is still a problem. The affected user can still change the fields even though he shouldn't be able to.
I checked via transaction SUIM who still has access to the authorization object but the user was not in the list. Do you have any ideas?
Thank you in advance.