Changes and Deletion of Document Attachments

In the SAP standard system document attachments of business objects are not protected sufficiently against unauthorized changes or deletion.
In particular, the SAP authorization objects S_OC_ROLE and S_GOT_ATT cannot completely prevent the deletion or change of an attachment list after successful archiving of the respective business object. PBS provides a solution for this!

Solution to the problem

PBS extends the SAP object services to include the additional authorization object Z_GOS_TOOL that can be defined per user for the creation, change, and deletion of attachment lists. It is possible to restrict object services at transaction level. The subsequent change of an attachment list is generally ruled out for archived documents.

The buttons "change" and "delete" are greyed out and cannot be executed.
PBS service attachment list
We would be happy to advise you regarding the implementation of the solution.
PBS closes security gap