I have the following requirement. My HR uers need to be able to create and run ad hoc queries but should be restircted to only being able to run existing SAP queries. Is this possible? If so, how?
Do you want them to be able to create queries or just run them.
I assume you want to restrict users to certain user groups no matter what?
If the user should just be allowed to run a query:
You need to add your users to the usergroup your infoset is hooked up to. Go to SQ03. Open the usergroup. Enter the users and untick the box for authorizations next to the user.
Make sure the users don't have too wide authorizations. Auth.object S_QUERY should be set to '2'.
If the user should be able to create/change a query:
Tick off the authorization box.
---
Addition: PAAH is the "full" adhoc query transaction. Or s_ph0_4800513 (brings you directly to standard area).
Thanks for your response. Maybe it does contradict itself and that is the problem. Can I have a user that can create, maintain and run queries in ad hoc (S_PH0_48000513 ) but only run queries using SQ01? If so, how do I accomplish that? We want the users to have full access in ad hoc but only be able to run queries built by IT using SAP query.
I see. I've been trying to achieve that myself without any luck. Not sure it's possible. I think the 2 transactions are part of same authorization an user group concept. Correct me if I'm wrong.
You could consider making transactions out of the queries built by IT. I know this is less flexible, but it might be the only way. I'll be interested in hearing if you find anything different.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.