Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Around "Quick Viewer"

Go to solution
Former Member

‎06-26-2008 12:44 AM

0 Kudos

Looking for some advantages and disadvantages of giving user's access to SQVI in Prod. From what I searched so far that SQVI could take up lot of system resources if the query is not designed correctly. Besides a performance issue has any body encounter any other issues.

One can argue that user will get access to all the data like SE16 but wil not be able to change it, how does that considers a risk?

I believe this might not be the right forum, but let me ask if there is a check list or steps which one needs to follow to insure not to take up much of the system performance.

Regards

Neha

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-26-2008 7:27 AM

0 Kudos

SQVI is an easy way to get a lot of data and in this respect, it's biggest risk is that users have direct access to table data and can easily extract potentially sensitive data in the same way that giving them SE16 would.

Performance isn't as much of an issue as it used to be, though if you are reporting out of large tables, it's advisable to get a developer to check the report.

Another risk is that by letting users create their own reports, they start using this for their day-to-day reporting. Different users can use different reports and you get many versions of the truth & people are talking about different sets of numbers due to the way they constructed their quick views.

4 REPLIES 4

Go to solution
Former Member

‎06-26-2008 7:27 AM

0 Kudos

SQVI is an easy way to get a lot of data and in this respect, it's biggest risk is that users have direct access to table data and can easily extract potentially sensitive data in the same way that giving them SE16 would.

Performance isn't as much of an issue as it used to be, though if you are reporting out of large tables, it's advisable to get a developer to check the report.

Another risk is that by letting users create their own reports, they start using this for their day-to-day reporting. Different users can use different reports and you get many versions of the truth & people are talking about different sets of numbers due to the way they constructed their quick views.

Go to solution
Former Member
In response to Former Member

‎06-26-2008 6:49 PM

0 Kudos

Alex,

Thank you for the quick response.

What kind of tables (besides HR) are considere to have sensitive data, can you name a few?

I guess I am struggling with the definition of "sensitive", SQVI is normally given to managers, who would want to have access to financial information to make important decisions anyways....... What I am trying to comprehend is what kind of Data even Managers should not supposed to have access to....Any example would greatly help.

Neha

Go to solution
Former Member
In response to Former Member

‎06-26-2008 7:28 PM

0 Kudos

The entire customer list is one example - this is commercially sensitive & in some territories commercial data has similar legal protection to personal data.

Price lists, financial information etc, every company deems different data to have different importance. Use something like SQVI and someone can easily extract the whole lot in a reasonably efficient format

Go to solution
Former Member
In response to Former Member

‎06-26-2008 9:35 PM

0 Kudos

> What kind of tables (besides HR) are considere to have sensitive data, can you name a few?

More risks are:

- They make incorrect assumptions about tables and stupid decisions based on this...

- They download bank accounts or credit card numbers from the system...

- They gain sensitive password information about other systems, or other security settings...

- ...