2007 Sep 13 7:40 AM
Hello,
I've posted the following in the SAP-Solutions -> SAP-HCM forum, but got no answer yet; maybe this issue is more security related:
We are planning to give our users access to transaction S_PH0_48000510 so they can execute queries on their own.
The according InfoSets and UserGroups have been created and so far out tests work fine.
What we are now aiming to, is to give our users not only execution-rights, but allow them to create/save/modify "personal" queries.
(that is, the rights depend on the username)
My understanding of security-object S_QUERY is, that it gives access to all queries in a given InfoSet, and that is not desirable.
Any hints how make "personal" queries work ?
cheers Axel
2007 Sep 13 1:01 PM
S_QUERY will actually give access to all queries in all user groups. To do what you want you will have to use the query security - in SQ03 you will find user groups (not the same as user groups in SU01) - where you can assign users to user groups. Just make sure the users have the check box selected.
2007 Sep 13 2:27 PM
Well, thank you in the first place for your answer, but I think I need some further clarification. Below is the SAP-Help-text from this little checkbox in SQ03:
<quote>
SAP Query: Authorizations
Only the users for whom this field has been selected are authorized to change or create queries.
Authorization object S_QUERY controls authorization to change or create queries (value 02 in field 'ACTVT').
This check box allows you to revoke special user group authorization for users who have authorization according to authorization object S_QUERY.
Use
Revokes authorization to change or create queries for a specific user.
</quote>
So I think this checkbox is intended for revoking rights already given via S_QUERY (and not limiting them to ones's own account).
2007 Sep 13 3:20 PM
Sorry I should have been more clear. If you want to just have users execute queries and not create / change for a user group, then S_QUERY is not needed in their role. Just add them to the query user group. If you want users to create / change queries for a user group, then they will need S_QUERY with value 02 - giving them value 23 (maintain) will give them access to all user groups - and be set up in the user group. When you set up a user it will default with a check. If the user already has access to S_QUERY with value 02 and you don't want them to create /change, then you can revoke the check box.
Hope that clarifies.
2007 Sep 14 7:53 AM
OK thanks, I tkink I see the point.
S_QUERY seems to be not suitable for "fine-adjusting" user-rights. Well, I'll try it with creating "personal" user-groups and unchecking this box for members of more "public" groups.