Hi Martin,
just to explain what I mean by "out of the box" impersonation. Currently JCo call has user/pwd which needs to be provided as parameters. Together with these there will be 2 more parameters e.g. ImpersonUser/ImpersonPwd. Then when BAPI call is executed user/pwd is used to login to SAP. If there is any data manipulation in SAP by the BAPI (e.g. sales order created) ImpersonUser would be used to create that data. E.g. ImpersonUser would appear in table VBAK in its ERNAM field - which says who created the Order. Of course ImpersonUser/ImpersonPwd would also be checked whether these credentials really exists in the system before the BAPI execution otherwise whole BAPI call would be rejected (so no security hole). In short we can say that the BAPI is "run as" ImpersonUser user.
Is there any way I could somehow workaround this in JCo?
PS: What do you mean by "BO server" some BusinessObjects product?
thanks
m./