Users with the display authorization object M_EINF_EKO can change data using ME12 (Change info record) although they are only authorized to display.
Up to Release 3.0E, there is only an authorization check for info records at organization level. Users with the display authorization object M_EINF_EKO can change non-organization-dependent data with transaction ME12. However, organization-dependent data is only displayed.
As of Release 3.0E authorization checks are implemented at transaction level. This makes it possible to block complete transactions for users without the transaction authorization.