Skip to Content
author's profile photo Former Member
Former Member

Authorization based on Queries

Hello Experts,

I have the following problem requirement:

I have in total 4 Queries which are using the Infoobject Z_EMPLOYEE (Authorization relevant object).

out of the 4 Queries, I need that 2 Queries should show results based on the logged in user(Employee Number contained in Z_EMPLOYEE) only.

For this I have created a Authorization variable over Z_EMPLOYEE and restricted the Query based on the logged in user in the user authorization profile.

Further, I am not able now to display the other 2 Queries without any restriction of the logged in user!

If I remove the authorization variable over Z_EMPLOYEE in the Query, no results are shown. And if I restrict the Z_EMPLOYEE with the authorization variable, only data relevant to the Employee is displayed.

Can anyone shed some light on how to handle this situation?

Thanks in advance.

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Aug 30, 2013 at 02:40 PM


    So you want two queries be restricted and two without? that is not going to work that easily you would have to create an authorization object that containes the queries names and z_EMPLOYEE and for two queries you limit it to the employee id and for the two others you set it on *. (Use : if you only need to show the aggreagted value)

    hope it helps


    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Kiran,

      Step 1 : RSECADMIN-->Maintenance-->Create Authorizations by based on ZEMPLOYEE with * and name this whole Authorization as Query1. Repeat the same for Query2 but ZEMPLOYEE with some restricted values but not * here. This is what your requirement, right?

      Step 2 : Go to User tab in RSECADMIN. Click on Assignment button-->It will take you to Assignment of User. As you said, you have to repeat this process for all 6 users. You have to enter either in Manual( You have to enter what you created in Step 1). Repeat the same for two scenarios.

      Step 3 : Go to PFCG-->Create two separate roles for two queries. In role definition-->Authorizations Tab-->Change Authorizations data-->See below pic

      Do the same for your second role also. That's it, your issue will be resolved. I have given you how Authorizations generally we assign with our customized requirements. Hope your issue will be resolved.



      Auth2.JPG (51.1 kB)
  • Posted on Aug 30, 2013 at 04:00 PM

    You have to create separate roles for 2 queries each. In the second set of 2 queries, do not use Z_EMPLOYEE field in Authorizations at all. Then your requirement will be achieved. Inf irst 2 queries, use as you are using now.

    Add a comment
    10|10000 characters needed characters exceeded

    • You have to create 2 separate roles as i said earlier.

      You need to first 2 queries to first role and other 2 to second role in PFCG.

      Before that, you need to create Authorizations for these two roles separately in RSECAADMIN-->Maintenance screen. and keep * in first Authorization and do not keep ZEMPLOyee in second one in Maintenance screen.

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.