Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ad Hoc Queries Security

Former Member

‎04-22-2009 8:51 AM

0 Kudos

Hello,

We have restricted end user roles to exclude Infotype 9500 in HR (Equalities & Diversity). This works as in PA20, PA30, users no longer have authorisation to IType 9500.

However, can we restrict users from reporting on this Infotype through Ad Hoc Query, without having to go down the path of creating user groups and allocating users to infoset queries.. etc.. etc.. as this would be a massive project and we are looking for a quick fix, given the tight time scales?

From testing, it seems that the users do not require any authorisations to report against IT9500 when using Ad Hoc?

Any suggestions would be appreciated.

2 REPLIES 2

Former Member

‎04-22-2009 11:12 AM

0 Kudos

simple answer:

Do not let end users create queries ONLY Let them run queries created by Keyusers and or Consultants!

morten_nielsen
Active Contributor

‎04-22-2009 12:41 PM

0 Kudos

Hi

You need to control the access to the relevant tables as well. This is done with the authorization object S_TABU_DIS.

Infotype 9500 data is placed in table PA9500. You need to places this in an authorization group (in SE54). And then you simply make sure that the users haven't got S_TABU_DIS access to this authorization group.

Regards

Morten Nielsen