- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Re: Query Designer Folder Role
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Query Designer Folder Role
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2010 12:15 AM
Hi ,
I have requirement as below ,
1>Requirement for super users can only u201CPUBLISHu201D queries starting with the letter X ONLY
i am able to restrict every thing but to PUBLISH queries starting with X , i Have tried to restrict in s_rs_comp and s_rs_comp1 - 22, enter include assign , but it did not work .
2> Also need help in BUSINESS Explorer .
when Super user open query designer--> PoP up window comes with infoarea, roles, favourites, history, find option and in top will have serach in , delete (X) , refresh, display properties , display object names.
Once Query Designer is open in infoarea - a pop up window opens to select a query, i.e In the select query menu a Delete (X) option is grayed out . can you please let me know how to enable this .
Once select any query is there any posibility delete(x) option on pop up window(open query :Select Query )
(Closing this thread martin suggested SAP note 962530)
If any body worked please help
Thanks
rao
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2010 12:38 AM
Hi,
Include S_USER_AGR and with X* in the AGR Name.
This will restrict saving queries only in X roles.
Regarding issue # 2, what version of BEx you are using. Try to upgrade your SAP GUI version. Also, I hope this should go to BW forums.
Rgds,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2010 1:57 PM
Thanks Raghu for your responce
you suggested to assgin X* in S_USR_AGR object (i.e role name) , but X * is my query name which super users save .
and regarding query designer option we are using SAP GUI 7.10 16 patch ..
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2010 7:17 AM
HI Rao,
Sorry as I can't remember the exact authorization object, but you can have a look into S_RS_* objects in SUIM -> Authorization Objects by complex selection criteria. From the text description of the objects you can easily find out the relevant one. Check the description of the object.
Regards,
Dipanjan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2010 9:27 AM
Hi Rao,
Yes. You should include it in S_USER_AGR with 02 activity, which allows them to save queries/workbooks under the specific roles.
Please note S_RS_COMP and S_RS_COMP1 are used to provide authorization to infoareas/infocubes with the respective queries. S_RS_COMP1 is for you to specify the owner name.
Hope this helps!!
Warm Regards,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2010 11:22 AM
Hi Rao,
Just simulated the request. To give authorization add the following:
S_USER_AGR with activity 01,02,03,16,22
S_BDS_DS - <same activities> for Workbook reassignment.
along with S_RS_COMP and S_RS_COMP1 with X* for Queries to restrict.
S_USER_AGR - To restrict the roles in which they can save queries
S_RS_COMP & S_RS_COMP1 to restrict the type of queries they can publish.
This will get you the required authorization.
Warm Rgds,
Raghu
Edited by: Raghu Boddu on Nov 8, 2010 4:54 PM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2010 8:51 PM
Thanks Raghu, I have seperated the roles and it working fine ,
I have a problem with folder role restriction in production, Instead of giving PFCG to users, Any objects or workaround which users can able to delete query from folder role in query designer . I tried with S_USER_AGR - * values and other couple of PFCG related objects . it doesn't work .
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2010 4:56 AM
Hi Rao,
Why PFCG access in production?? The query should be deleted from the folder roles in Development and should be transported to production environment. Your approach is wrong. Please educate your management on the risks by opening PFCG access in production and take immediate action.
Rgds,
Raghu
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2010 10:36 PM
I agree with you, but it is quite common "in the wild" to let "key users" manage their own users role sets in an exclusive role name range, without the ability to do anything on the authorization tab nor any changes to other "real" roles.
You can also give then the ability to change the role without ability to assign it, if you want.
If you have isolated the name range, then you might not care if their other authorizations are correct.
If they are very familiar with folders in PFCG menus then this will not harm them much.
Weening them off SU03 will probably be more difficult.... that is your job...
Cheers,
Julius
- SAP Managed Tags:
- Security
