Solved: Report Painter

Former Member · ‎08-07-2007

Giving the user's authority to utilize report painter, is there a risk with that?

Former Member · ‎08-07-2007

The other risk is that the user would be able to change existing reports. This is perhaps more of a risk since other users running these reports may not be aware that a report has been changed.If you should decide to give this access I would suggest you limit access to certain reports / report groups.

Former Member · ‎08-07-2007

There is a risk insofar as they can create reports to display data.

Depending on which library they report out of, the data can be restricted based on standard auths, though this is not defined for all libraries.

The biggest risk with this sort of access is users creating reports which they use instead of properly defined reports. Once you get people reporting on various "versions of the truth" you can get into a muddle. Centralising and controlling report creation helps to mitigate this.

Former Member · ‎08-07-2007

The other risk is that the user would be able to change existing reports. This is perhaps more of a risk since other users running these reports may not be aware that a report has been changed.If you should decide to give this access I would suggest you limit access to certain reports / report groups.

Former Member · ‎08-07-2007

Can you limit them to just running the report versus modifying reports.

Former Member · ‎08-07-2007

Yes - that can be done but I assumed that "access to report painter" meant they wanted to access the create / change functionality - as opposed to just execution of the reports. If it is just execution then access to report painter is not needed.

Former Member · ‎08-07-2007

Running reports, and not being able to modify them is done via which authorization ? thank you any system issues , with uses running these reports, I'm just thinking out loud, but if a person selects the "incorrect" criteria there is a risk it will take resources? I am fairly new to this and all the information here has been great!

Former Member · ‎08-07-2007

The report writer reports are restricted by:

G_800_GRP,G_801K_GLB & G_803J_GJB. Additionally, the data retrieved by some of them is restricted by appropriate auth objects (e.g. K_CCA for some reporting out of Cost Centre Accounting). This is a bit flaky, although there are ways of getting additional security in there if required.

I spoke to a Basis guy about performance with report painter reports a while back & he was of the opinion that if they caused a significant performance hit then the system was incorrectly specced.

Former Member · ‎08-07-2007

I would recommend that a custom parameter tcode be set up for any custom report painter reports rather than give access to the report painter tcodes - GRR1, GRR2, GRR3, etc. That way you don't have to specify in the auth objects which reports the users can access. If you need to specify access beyond that there are certain auth objects like K_CCA - for cost center and K_PCA for profit center - these will allow you to specify access according to certain cost / profit centers or cost / profit center groups.

Former Member · ‎10-23-2007

I read somewhere that you can create authorization groups and assign them to libraries and/or reports. Then a user must have that Auth Group assigned to them within the role for them to access that library/report. Has anyone ever tried this? How would it be done? This would be handy to have to allow certain users the ability to access and modify reports that are deemed sensitive. I can't seem to find the specifics on how this can be done but it sounds good in theory.

Thanks

Mark