Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

destrict access to SQ01

Hello Gurus ,

I would like some help with restraining access to users that have Tx SQ01.

I know there are two ways to do this :

1. With authorization objects

2. With user groups in SQ03.

Allthough i created user groups , in SQ01 i have still the option to go over

SQ01> Edit>Other user groups and choose a different user group. This is probably because i have more rights . How can i be sure , or better deactivate this option to a user that is using SQ01 so he can execute, create Queries only within a limited SAP area with the infosets that are assigned to his user group ?

Regards,

David (SAP Basis)

replied

Like Jurjen said, Securtiy SAP is not about denying but granting access carefully.

Many user perform daily reporting combining different criteria and queries are to ease their their life

You can give access only to SQ01 and deactivate S_QUERY.

Then assign the users to to particular query user groups using SQ03 so that they may have access to execute queries which they actually need.

When the users execute SQ01, they can see the queries for which they are authorized.

This is a two forked advantage.You prohibit change access in SQ01 at the same granting access to queries which the user needs for reporting on display.

And if you are speaking of production environments, then there is no danger of user creating a query via SQ01 as the prd client is normally closed for changes!

Regards

Deepa

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question