Solution : https://service.sap.com/sap/support/notes/1487928 (SAP Service marketplace login required)
Summary :
SAP Note addresses an issue in IDoc inbound processing where the authorization object B_ALE_RECV and field EDI_MES check ALE/IDoc authorization for a communication user, but not for HTTP inbound message type-dependent checks. This has been rectified by implementing correction instructions provided, which can be applied via Note Assistant or by importing a Support Package. To enable this authorization check, activate it via report RSEHTTPAUTH, requiring authorization S_IDOCCTRL with activity 02. Default activation is set from Basis Release 7.03 and 7.30 onwards. Communication users should only be assigned authorization to create allowable message types.
Key words :
ale/idoc authorization usingthe authorization object b_ale_recv, message type-dependent authorization check, idoc inbound processing, authorization field edi_mes, attached correction instructions, note assistantor import, prevent existing processes, relevant support package, internet communication framework, message type
Related Notes :
| 1487606 | IDoc inbound processing via HTTP/SOAP |