Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Question S_QUERY and HR-AdHoc-Queries

Former Member
0 Kudos
446

Hello,

I've posted the following in the SAP-Solutions -> SAP-HCM forum, but got no answer yet; maybe this issue is more security related:

We are planning to give our users access to transaction S_PH0_48000510 so they can execute queries on their own.

The according InfoSets and UserGroups have been created and so far out tests work fine.

What we are now aiming to, is to give our users not only execution-rights, but allow them to create/save/modify "personal" queries.

(that is, the rights depend on the username)

My understanding of security-object S_QUERY is, that it gives access to all queries in a given InfoSet, and that is not desirable.

Any hints how make "personal" queries work ?

cheers Axel

4 REPLIES 4

Former Member
0 Kudos
91

S_QUERY will actually give access to all queries in all user groups. To do what you want you will have to use the query security - in SQ03 you will find user groups (not the same as user groups in SU01) - where you can assign users to user groups. Just make sure the users have the check box selected.

Former Member
0 Kudos
91

Well, thank you in the first place for your answer, but I think I need some further clarification. Below is the SAP-Help-text from this little checkbox in SQ03:

<quote>

SAP Query: Authorizations

Only the users for whom this field has been selected are authorized to change or create queries.

Authorization object S_QUERY controls authorization to change or create queries (value 02 in field 'ACTVT').

This check box allows you to revoke special user group authorization for users who have authorization according to authorization object S_QUERY.

Use

Revokes authorization to change or create queries for a specific user.

</quote>

So I think this checkbox is intended for revoking rights already given via S_QUERY (and not limiting them to ones's own account).

0 Kudos
91

Sorry I should have been more clear. If you want to just have users execute queries and not create / change for a user group, then S_QUERY is not needed in their role. Just add them to the query user group. If you want users to create / change queries for a user group, then they will need S_QUERY with value 02 - giving them value 23 (maintain) will give them access to all user groups - and be set up in the user group. When you set up a user it will default with a check. If the user already has access to S_QUERY with value 02 and you don't want them to create /change, then you can revoke the check box.

Hope that clarifies.

Former Member
0 Kudos
91

OK thanks, I tkink I see the point.

S_QUERY seems to be not suitable for "fine-adjusting" user-rights. Well, I'll try it with creating "personal" user-groups and unchecking this box for members of more "public" groups.