04-22-2009 8:51 AM
Hello,
We have restricted end user roles to exclude Infotype 9500 in HR (Equalities & Diversity). This works as in PA20, PA30, users no longer have authorisation to IType 9500.
However, can we restrict users from reporting on this Infotype through Ad Hoc Query, without having to go down the path of creating user groups and allocating users to infoset queries.. etc.. etc.. as this would be a massive project and we are looking for a quick fix, given the tight time scales?
From testing, it seems that the users do not require any authorisations to report against IT9500 when using Ad Hoc?
Any suggestions would be appreciated.
04-22-2009 11:12 AM
simple answer:
Do not let end users create queries ONLY Let them run queries created by Keyusers and or Consultants!
04-22-2009 12:41 PM
Hi
You need to control the access to the relevant tables as well. This is done with the authorization object S_TABU_DIS.
Infotype 9500 data is placed in table PA9500. You need to places this in an authorization group (in SE54). And then you simply make sure that the users haven't got S_TABU_DIS access to this authorization group.
Regards
Morten Nielsen