Hi Experts,
We got requirement from HR business to protect credit card details in PA20/PA30 transactions.
We found that there is one cofig option to mask the credit card data.
But business wants only few users should have access to actual credit card data.
By referrign the SAP help portal , i got to know if "Additional authoirzation check for unmasked display" is checked , then user whoever has B_CCSEC auth object can see the credit card unmasked in PA20/PA30 though the config is set to security level -'MAsked display'.
But when I tested this scenario by creating test user with this auth object plus needed authorization, user can see only masked credit card no , not actual data.
(as attached)
Can you pls let me know why B_CCSEC auth object is not getting checked while displaying credit card data in PA20 when the configuartion exists as per the screenshot?