- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Restriction of Tcode SQ01 based on Company code
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Restriction of Tcode SQ01 based on Company code
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2009 1:33 PM
We are running one customized query using Tcode SQ01. We need to restrict Tcode SQ01 in company code level. We have checked about authorization object in st01. But there is no check of authorization object. Can anybody help to restrict SQ01 based on company code level?
Regards
Auroshikha
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2009 3:28 PM
Hi,
You can also create separate user groups for each country code, and make sure that queries in that group retrieves information from the respective country. Now assign those specifi query groups to users.
Usually using queries is a risky option, however I see all most all the clients using them.
Regards,
Gowrinadh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2009 1:47 PM
You need to insert code in the infoset to perform the check. Your developers will be able to help you with this.
Typically the validation is performed on the selection fields for the query.
More importantly, if you want data security then think hard about usin SQ01 for reporting as it can be a false economy
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2009 3:28 PM
Hi,
You can also create separate user groups for each country code, and make sure that queries in that group retrieves information from the respective country. Now assign those specifi query groups to users.
Usually using queries is a risky option, however I see all most all the clients using them.
Regards,
Gowrinadh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 10:14 AM
Hi Gowrinad,
Please explain the detailed step by step process. We are creating user group in Tcode SUGR. I think you are telling about this user group.
Regards
Auroshikha
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 10:23 AM
All the info you need to implement Gowrinad's recommendation is here: http://help.sap.com/saphelp_nw04/helpdata/EN/d2/cb3f89455611d189710000e8322d00/content.htm
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 12:01 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 12:11 PM
SQ02 -> Infoset
SQ03 -> user group
This user group is not same as user group for authorization check
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 1:18 PM
Hi,
In Sq03 create user groups based on the country names like ITALY, GERMANY and etc. Now create queries and assign them to these user groups. Make sure that when they write or develop a query then they should retrieve data only from respective countries.
This will add more work, however effective. Also its not possible to select data always on company code level sometimes only on plant level or sales organizatio level.
there is also another way, check below link
http://wiki.sdn.sap.com/wiki/display/ABAP/HowtoincludeanauthorizationgrouprestrictioninanSAPquery
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2009 5:09 PM
There is no such Company specific checks are necessary. However an option as Gowri suggested can be a option. Also if you check the proposals for SQ01 in SU24, then you will find few objects proposed by SAP containing BUKRS with only Check (No) proposals. You may try to change them to C/M and then put desired values and test if they imply any relevance for Company specific checks. Those objects are:
A_S_GSBER BUKRS GSBER
A_S_WERK BUKRS WERKS
F_BKPF_BUK BUKRS ACTVT
F_KNA1_BUK BUKRS ACTVT
F_LFA1_BUK BUKRS ACTVT
F_SKA1_BUK BUKRS ACTVT
regards,
Dipanjan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2009 5:36 PM
Hi Dipanjan
Unless a very recent patch has updated SQ01, making those updates won't force a check on the respective auth objects when a query is executed. The infoset has to be maintained to include authorisation check/s based on the query input values.
Cheers
Alex
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2009 5:28 AM
Hi Auroshikha,
Itu2019s very easy to maintain authorization in your Infoset Query report. I got and implemented similar requirement i.e. restriction /authorization as per company code.
You need to use authority check for authorization object P_ORGIN in your infoset.
Please follow the bellow steps:
-->Go to SQ02, Enter your Infoset name and click on Change button.
-->Click on 'Code' (Shift+F8) icon dispalyed on application toolbar, you will be moved to Code Section of Infoset that lists different events.
-->Choose Record Processing event from code section.
-->Write the following code in 'Record processing' event of your Infoset.
AUTHORITY-CHECK OBJECT 'P_ORGIN'
*ID 'INFTY' FIELD '*'
*ID 'SUBTY' FIELD '*'
ID 'AUTHC' FIELD 'R' "read
ID 'PERSA' FIELD P0001-WERKS
*ID 'PERSG' FIELD DUMMY
*ID 'PERSK' FIELD DUMMY
*ID 'VDSK1' FIELD DUMMY.
CHECK Sy-SUBRC EQ 0.Note: PERSA field used in this Authorization object plays an importan role , if you are in different module other that HR , then pass here table_name-companycode_field
-->Genetare Infoset
-->Go to SQ01 (in a new session) , Click on exeute or 'Test button' to check authorization is working for report
Let me know if you need any more details.
Thank you.
Regards,
Dinesh Tiwari
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2009 3:18 AM
Hi Auroshikha,
Did you try the mentioned suggestion to create authorization on company code in your Infoset.
Let me know if you need any other information.
Regards,
Dinesh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2009 5:08 AM
Hi Auroshikha,
Use Authorization object 'F_BKPF_BUK' instead of P_ORGIN (if you are not in HR module).
You need to perfoem authority check for object F_BKPF_BUK in record processing event.
Please try and let me know if your getting it correct.
Regards,
Dinesh
- SAP Managed Tags:
- Security
