SAP Knowledge Base Article - Public

2727008 - Custom Business Object Issues with No Write Access

Symptom

In the generated UI for a Custom Business Object, a user with read only access is still able to add new objects

Environment

SAP S/4HANA Cloud

Reproducing the Issue

  1. Create a new custom business object in the Custom Business Objects app
  2. Once the nodes are defined, ensure that Generate UI is selected when publishing the new business object
  3. Click Maintain Catalog Extensions to assign the new generated UI to a Business Catalog
  4. Now that the business object is created with a UI, and the UI is assigned to a catalog, create a role that has access to the Business Catalog
  5. In the Maintain Business Roles app, assign the catalog to the new role, ensuring that "No Access" is configured for Write restrictions
  6. Assign a user to the business role as well
  7. When this user accesses the Fiori Launchpad, they are able to see the new tile for the custom business object
  8. Inside the UI for this object, the user is able to create new rows, even though they had no wrtie access

Cause

Currently custom business objects do not allow write restrictions, so anyone that has access to the tile is able to create new rows

Resolution

  • As this is expected behaviour, plan any roles accordingly, knowing that any user with access to the tile will be able to create, edit, and delete rows
  • New enhancements are planned for future releases of SAP S/4HANA Cloud that will allow roles to restrict write access for custom business objects

See Also

Creating Custom Business Objects

Keywords

Generate UI Maintain Catalog Extensions Custom Catalog Extensions No Access Read-Only , KBA , BC-SRV-APS-EXT-BO , Custom Tables and Nodes , Problem

Product

SAP S/4HANA Cloud all versions