06-19-2009 7:26 PM
We develop queries in Dev and transport to production. In production, it would still be very helpful to be able to view the infoset defintion in SQ02 for various reasons.
Is it possibel to limit SQ02 to display only? We do not want infosets created, changed, deleted in production.
We do not see a security object to do this in the standard code. Any other options that any one has seen?
06-19-2009 7:58 PM
Possible Man.... go to SU21 .. open the node BC_C .. go to change mode in the object S_QUERY ... and Add 03 as permitted activities.
Then go to the role through which the users are provided the access to SQ02...
Go to authorization data ... find objects and maintain the values as provided below:
S_CTS_ADMI CTS_ADMFCT=TABL
S_QUERY ACTVT=23;
(If you have added 03 as Permitted activity, then you can add it too in ACTVT for S_QUERY)..
generate profile and the user will have only display access.
Note: Don;t forget to change this field value by copying the instance of S_QUERY and deactivate the standard one.
Regards,
Dipanjan
06-19-2009 7:58 PM
Possible Man.... go to SU21 .. open the node BC_C .. go to change mode in the object S_QUERY ... and Add 03 as permitted activities.
Then go to the role through which the users are provided the access to SQ02...
Go to authorization data ... find objects and maintain the values as provided below:
S_CTS_ADMI CTS_ADMFCT=TABL
S_QUERY ACTVT=23;
(If you have added 03 as Permitted activity, then you can add it too in ACTVT for S_QUERY)..
generate profile and the user will have only display access.
Note: Don;t forget to change this field value by copying the instance of S_QUERY and deactivate the standard one.
Regards,
Dipanjan
06-20-2009 2:43 AM
Hi,
This can be done by getting into su24->give transaction name->execute->Click on the transaction and modify the value of s_query authorization object. Find the role which contains the transaction and then modify the auth objects as mentioned already by Dipanjan in Dev system. Generate the role and carry it to Production. Else you may create a new role for this purpose. But since you are doing this change to s24 please do remember that in future if you add this txn to a role default vale 03 will me maintained. Please let me know if any issue.
Regards
Aveek.
07-09-2009 12:48 AM
Thank you both. Helpful answers. Unfortunately I haven't gotten the security team to look at doing it yet. Maybe some time soon.