destrict access to SQ01
Hello Gurus ,
I would like some help with restraining access to users that have Tx SQ01.
I know there are two ways to do this :
1. With authorization objects
2. With user groups in SQ03.
Allthough i created user groups , in SQ01 i have still the option to go over
> Edit>Other user groups and choose a different user group. This is probably because i have more rights . How can i be sure , or better deactivate this option to a user that is using SQ01 so he can execute, create Queries only within a limited SAP area with the infosets that are assigned to his user group ?
David (SAP Basis)
deepa joshi replied
Like Jurjen said, Securtiy SAP is not about denying but granting access carefully.
Many user perform daily reporting combining different criteria and queries are to ease their their life
You can give access only to SQ01 and deactivate S_QUERY.
Then assign the users to to particular query user groups using SQ03 so that they may have access to execute queries which they actually need.
When the users execute SQ01, they can see the queries for which they are authorized.
This is a two forked advantage.You prohibit change access in SQ01 at the same granting access to queries which the user needs for reporting on display.
And if you are speaking of production environments, then there is no danger of user creating a query via SQ01 as the prd client is normally closed for changes!