12-08-2009 1:54 PM
Hello everybody,
I want to save queries to roles with BEx Query Designer. I have assigned the authorization object S_USER_AGR with activity 01, 02, 03, 06, 22, 36, 68 and 78 (according to note 316470) and all roles. The user also has the necessary permissions for queries (create, save, ...). But if I try to save a query I only see the roles which are assigned to the user. Is there any possibilty to restrict the roles which can be selected here? I want to allow this user to assign workbooks/queries directly to roles without giving him the role itself. Of course I could user seperate menu roles but I would prefer to control it with authorization objects.
Can you help me, please?
Best regards
Sabine
12-08-2009 2:52 PM
Hi,
If you want to see the roles in which you can save your workbook/query you also have to add authorization object S_RS_FOLD with the option false.
I usualy work with a role called develop, test and production. It is easy to copy from these roles in the PFCG to other roles you are making for the end user.
Have fun
Bye Jan van Roest
12-08-2009 4:03 PM
Hi,
thanks for your fast answer! I have assigned object S_RS_FOLD too. But I thought there would be a possibilty to assign some kind of "query distributor" authorization. The user who creates queries is just a normal accountant without any IT permissions (except of BEx). She wants to add new queries directly to the roles but we don't want her to have access to PFCG. But the IT also doesn't want to do the update of the menu. And they don't want to create seperate menu roles. So your copy-solution is a very good idea but unfortunately not practicable for us. As you can see, it's a little bit tricky Is there any other authorization object I could use?
Best regards,
Sabine
12-08-2009 11:59 PM
Hello,
Instead of giving access to all the roles in S_USER_AGR, please restrict the access to certain roles to which they should be attaching workbooks or queries. We follow naming convention ZR* for reporting roles and give access to ZR* for role names in S_USR_AGR.You can go deeper in role naming convention and restrict the access accordingly- for Ex: To restrict a user to attach finace to reports to ZRF, you can develop roles accordingly and give ZRF for role name in S_USER_AGR. You also need to give object S_USER_TCD with value RRMX for workbook authorizations.
S_RS_FOLD object is used to disable the Infoareas button in the BEx Analyzer open queries dialog box, so that the user can only see folders History, Favorites and roles.