When you enter an employeenumber in eg. PA30, you get access to "Services for object" where you can add comments, files etc. to the employee object (PREL I guess). The problem is that these services are not object to any kind of authorization control. So even if our users are limited both via P_ORGIN and structural authorizations, they can enter any employee number (if they know it) and read all information about the employee they don't have access to (and enter comments, attachments etc.)
We don't want this option to be open, so we removed authorizations. But I have 2 questions:
1. Is there a standard way to hide services for objects. Customers never like to have access to a feature and be stopped by authorization.
2. Is there a way to ensure authorization so that if you do not have access to the employee-number, you cannot enter or read anything from services for object.
/kirsten