10-13-2009 1:33 PM
We are running one customized query using Tcode SQ01. We need to restrict Tcode SQ01 in company code level. We have checked about authorization object in st01. But there is no check of authorization object. Can anybody help to restrict SQ01 based on company code level?
Regards
Auroshikha
10-13-2009 3:28 PM
Hi,
You can also create separate user groups for each country code, and make sure that queries in that group retrieves information from the respective country. Now assign those specifi query groups to users.
Usually using queries is a risky option, however I see all most all the clients using them.
Regards,
Gowrinadh
10-13-2009 1:47 PM
You need to insert code in the infoset to perform the check. Your developers will be able to help you with this.
Typically the validation is performed on the selection fields for the query.
More importantly, if you want data security then think hard about usin SQ01 for reporting as it can be a false economy
10-13-2009 3:28 PM
Hi,
You can also create separate user groups for each country code, and make sure that queries in that group retrieves information from the respective country. Now assign those specifi query groups to users.
Usually using queries is a risky option, however I see all most all the clients using them.
Regards,
Gowrinadh
10-15-2009 10:14 AM
Hi Gowrinad,
Please explain the detailed step by step process. We are creating user group in Tcode SUGR. I think you are telling about this user group.
Regards
Auroshikha
10-15-2009 10:23 AM
All the info you need to implement Gowrinad's recommendation is here: http://help.sap.com/saphelp_nw04/helpdata/EN/d2/cb3f89455611d189710000e8322d00/content.htm
10-15-2009 12:01 PM
10-15-2009 12:11 PM
SQ02 -> Infoset
SQ03 -> user group
This user group is not same as user group for authorization check
10-15-2009 1:18 PM
Hi,
In Sq03 create user groups based on the country names like ITALY, GERMANY and etc. Now create queries and assign them to these user groups. Make sure that when they write or develop a query then they should retrieve data only from respective countries.
This will add more work, however effective. Also its not possible to select data always on company code level sometimes only on plant level or sales organizatio level.
there is also another way, check below link
http://wiki.sdn.sap.com/wiki/display/ABAP/HowtoincludeanauthorizationgrouprestrictioninanSAPquery
10-13-2009 5:09 PM
There is no such Company specific checks are necessary. However an option as Gowri suggested can be a option. Also if you check the proposals for SQ01 in SU24, then you will find few objects proposed by SAP containing BUKRS with only Check (No) proposals. You may try to change them to C/M and then put desired values and test if they imply any relevance for Company specific checks. Those objects are:
A_S_GSBER BUKRS GSBER
A_S_WERK BUKRS WERKS
F_BKPF_BUK BUKRS ACTVT
F_KNA1_BUK BUKRS ACTVT
F_LFA1_BUK BUKRS ACTVT
F_SKA1_BUK BUKRS ACTVT
regards,
Dipanjan
10-13-2009 5:36 PM
Hi Dipanjan
Unless a very recent patch has updated SQ01, making those updates won't force a check on the respective auth objects when a query is executed. The infoset has to be maintained to include authorisation check/s based on the query input values.
Cheers
Alex
10-30-2009 5:28 AM
Hi Auroshikha,
Itu2019s very easy to maintain authorization in your Infoset Query report. I got and implemented similar requirement i.e. restriction /authorization as per company code.
You need to use authority check for authorization object P_ORGIN in your infoset.
Please follow the bellow steps:
-->Go to SQ02, Enter your Infoset name and click on Change button.
-->Click on 'Code' (Shift+F8) icon dispalyed on application toolbar, you will be moved to Code Section of Infoset that lists different events.
-->Choose Record Processing event from code section.
-->Write the following code in 'Record processing' event of your Infoset.
AUTHORITY-CHECK OBJECT 'P_ORGIN'
*ID 'INFTY' FIELD '*'
*ID 'SUBTY' FIELD '*'
ID 'AUTHC' FIELD 'R' "read
ID 'PERSA' FIELD P0001-WERKS
*ID 'PERSG' FIELD DUMMY
*ID 'PERSK' FIELD DUMMY
*ID 'VDSK1' FIELD DUMMY.
CHECK Sy-SUBRC EQ 0.
Note: PERSA field used in this Authorization object plays an importan role , if you are in different module other that HR , then pass here table_name-companycode_field
-->Genetare Infoset
-->Go to SQ01 (in a new session) , Click on exeute or 'Test button' to check authorization is working for report
Let me know if you need any more details.
Thank you.
Regards,
Dinesh Tiwari
11-02-2009 3:18 AM
Hi Auroshikha,
Did you try the mentioned suggestion to create authorization on company code in your Infoset.
Let me know if you need any other information.
Regards,
Dinesh
11-03-2009 5:08 AM
Hi Auroshikha,
Use Authorization object 'F_BKPF_BUK' instead of P_ORGIN (if you are not in HR module).
You need to perfoem authority check for object F_BKPF_BUK in record processing event.
Please try and let me know if your getting it correct.
Regards,
Dinesh