Authority Check in Queries (SQ01 / SQ02)

Similar Messages

• Infoset Queries SQ01/SQ02/SQ03

  Hi Experts,
  I am designing query using SQ01/SQ02/SQ03 where I will input either installation or rate category (both present in table EANLH). But problem here is Installation is key field for EANLH while tariff type is not. Therefore, it returns multiple rate category for single installation. Now within these multiple rate category I need to retrieve only the latest rate category (this table does contain date field BIS & AB - Date fields by using which I can select latest record).
  But my problem here is how to do this in Infoset Queries? Where I need to make changes or do some config?
  Please let me know.
  Thanks.

  Yes, but I am not able to figure exactly how to implement it? I mean I can do this same code in SE38 where I know names of the internal tables. But when in SQ02 we can't modify/read system tables (I found name of the system tables using report generated by SQ01). So how you will access them, then how you will reflect our changes in output ALV grid?
  Example:
  Data:
  Rate Cat.      Installation     Date
  71     60000984     20/10/2009
  71     60000984     20/12/2009
  71     60001101     10/09/2009
  78     60000310     10/09/2009
  78     60000315     10/09/2009
  83     60000297     10/09/2009
  so in this case I want output:
  Rate Cat.      Installation     Date
  71     60000984     20/12/2009
  71     60001101     10/09/2009
  78     60000310     10/09/2009
  78     60000315     10/09/2009
  83     60000297     10/09/2009
  You will see 71     60000984     20/10/2009 is not the latest one, therefore I don't want that row. I can do the ABAP logic for this, but exactly what and how to implement in SQ02?

• Authority check POWL queries

  Hi all,
  is possible to hide some queries in POWL depending on the user's roles ?
  For example; in tab SRM Administration I want that all users can use the queries; "Suppliers", "Bidders" and "Contact Persons" ... , but i want that only some users can use the queries; "Locations" and "Employees"...
  is it possible?
  thanks in advance.

  Hi RM,
  Yes it is possible....you can restrict the POWL query based on roles or users..
  Please check the below mentioned SPRO Path
  SAP Implementation Guide-->SAP Web Application Server-->Cross-Application Components-->General Application Functions--> Generic SAP Business Suite Functions-->Personal Object Worklist-->Define Query Visibility at Role Level----->Execute
  or transaction POWL_QUERYR  .
  Here you can define the quesirs for roles.
  Thanks,
  Anubhav

• SQ02 AUTHORITY-CHECK

  Hello,
  I try to control the access of the financial center of the table FICTR by FMFCTRT function AUTHORITY-CHECK in Infoset (SQ02 TX).
  I assume that this code is correct:
  AUTHORITY-CHECK OBJECT 'F_FICA_CTR'
  'd FM_AUTHACT 'FIELD '03'
  'd FM_FIKRS 'DUMMY
  'd FM_FICTR 'FIELD' XXX '. "XXX is the selected variable in the selection that I can not recover !!!!!
  IF sy-subrc NE 0.
  write 'NO ACCESS'.
  LEAVE LIST-PROCESSING.
  ENDIF.
  If someone could tell me what section of code must be placed and whether the program is correct (no error generation).
  Knowing that when I go into the code AT SELECTION SCREEN, I am automatically redirected to the code DATA??
  And how to retrieve FM_FICTR has been selected to power the test.
  Thank you in advance for your answers!

  Use the logical database as the data source for the query:
  " < ... > you should always use logical databases as the data source within InfoSets that are used for query-based reporting. Using a logical database as your data source guarantees that the SAP solution is smart enough to know which areas of the data a user is allowed to see so that only the appropriate data will show in an SAP query report. Regardless of what type of security access the person who created the report has, the system is smart enough to display only the appropriate data for the user executing the report. (Note that this is the case only when logical databases are used as the data source if a SAP query is created using an InfoSet that is based on anything other than a logical database (for example, a table, a table join, a program). It is fair to say that no security whatsoever is in place when the query is run because all records within the tables are displayed in the report output.)"
  Edited by: Jelena Perfiljeva on Jan 20, 2009 5:15 PM
  Edited by: Jelena Perfiljeva on Jan 20, 2009 5:15 PM

• SAP Query (SQ01/SQ02/SQ3)

  Hi Experts,
  I have created query (SQ01/SQ02/SQ03) to display below fields: Hazard Code, Device Location Number, Hazard Code Description, Loc. Created by, Loc. Created on Date.
  Now in the output list I want to display a summary of all the count of records by the key characteristic for the query. For example, the Device Location by Hazard Codes query should give us a summary of the count of all device locations per each hazard code.
  Practical Scenario:
  Device Location Hazard Code
  40002748              01
  40002751              05
  40002481              07
  40002746              04
  40002749              04
  40002994              01
  Then in this case it should either display additional third column or additional row saying:
  Device Location Hazard Code
  40002748              01
  40002994              01
  Total Hazard Count: 2
  40002746              04
  40002749              04
  Total Hazard Count: 4
  40002751              05
  40002481              07
  or
  Device Location Hazard Code Total Count
  40002748              01                
  40002994              01                 2
  40002746              04
  40002749              04                 2
  40002751              05                 1
  40002481              07                 1
  I checked statistic tab present in SQ01 also URL [http://help.sap.com/erp2005_ehp_02/helpdata/en/d2/cb4256455611d189710000e8322d00/frameset.htm] but still I am not able to figure out how to display this data.
  Please let me know.
  Thanks

  Hi,
  If you're getting the output in ALV Display, you can simply click on the location column & then click on the Sub-Total button on the ALV toolbar, it will sort all the records according to the location (1 or 2 or...) & give you the total/count of the particular location.
  For any further clarification, let me know.
  Prateek

• Convert query made u200Bu200Bin SQ01, SQ02 and SQ03 for a transaction set

  Hello people, how do I create a transaction for a report I did in queries with the transaction SQ01, SQ02 and SQ03? ...
  hugs

  Hi Stelio Mucavele
  i had the same issue resolved by below steps
  1>go to SQVI t code and  enter your query name and press enter
  2>In the menu path select Quick view--> additional functions-->Generate Program
  3>After Generating the program In the menu path select Quick view--> additional functions-->Display report Name
  4>Now in se38 enter the report name in Program field and execute
  5>You will get the Initial Selection screen of the report . Go to Menu of System -->Status
  6> Note down the Program name and Screen number
  7>Go to SE93 and Create a Z tcode for the query, Enter the description  and importantly you have to select the 2nd Option radio Button Program and Selection Screen (Report Transaction) and Press enter
  8>In the next screen enter the Report name In Program field and enter the screen number
  9>In the classification Section select Professional user  Transaction
  10>In GUI support section select all the options  i.e SAPGUI for HTML,Java,Windows
  and save
  the system will ask for Package select your package if not there then select local object
  now execute the Z tcode your report will run sucessfully
  Regards
  Vijay hebbal

• Export & import of query (SQ01/SQ02/SQ03)

  Hi,
  How to export/import SAP Query (SQ01/SQ02/SQ03) without any transport request.
  waiting for ur reply.
  Thanks in Advance,
  Pranab

  Hi,
  If you dont want to create any transport request number then you need to download/upload the query instead of import/export.
  Please follow the below steps for downloading/uploading the query
  (Go to the system from where you wnat to export the query)
  1. Goto transaction SQ02.
  2. Click on ' Transports' icon (CTRL+F3).
  3. In 'Transport action' select 'Download'.
  4. Select 4th radio button 'Transport Queris'.
  5. Enter the name your user group and query and click on execute.
  6. Give the file name and location where you want to save the query backup and click on save.
  (Now goto the system where you want to import your query)
  1. Goto SQ02 and click on 'Transports' .
  2.  In 'Transport action' select 'Upload' and click on execute.
  3. Enter/select the name of the file which you have downloaded before and click open.
  Please let me know if this is helpful.
  Regards,
  Priya Bhat

• Utilizing SQ01 SQ02 for user report generation of production data

  I am interested in utilizing sap query transactions SQ01, SQ02, and SQ03 to create and customize end user reports that will be used  by our audit team to analyze SAP data in our production environment. My objective would be to have one person with authorization to run SQ01,02,03 and have that user create all the reports that would be required for the team to use. This way there isn't a bunch of users out there using SQ01 indiscriminately or perhaps not using it at all. I currently have authorization to run SQVI but it is limited. From what I understand there is more flexibility with SQ01 because they allow you to create calculated fields and offer more formatting options. Most of these reports would be related to finance, sales, vendor, customer, etc.
  My question is this. How do I create these custom queries and allow multiple users to access and run them? Are the queries created directly in production? Are they created in DEV and then tested in QA before being transported to Prod? I understand you can map an sap query program to a transaction and then add that to a role but isn't the program name generated by SQ01 different in every instance? I would like this code to be reproducible as I have 5 different SAP instances in which these reports would be used. Same reports, different data.
  I am looking to leverage the power of SAP query to produce meaningful reports for our team without having to use programmers to develop them from scratch. What is the optimal approach to doing this without creating a lot of hassles and without creating additional security risks?
  If I create a query based on SAP tables I have access to does the general user also have to have authorization to those tables in order for the query to run for them? In theory the entire team should have authorization to the same standard SAP tables because we all have the same roles assigned but I may have some additional tables assigned to me because I am the IT auditor. Just confirming.
  I appreciate any and all suggestions. I would like to proceed with the best solution as soon as possible.
  Thank you very much.
  Mark

  Hi Mark,
  It is best to create queries in dev rather than doing it in prd directly.
  Query user group can be used to control the access in production.
  You can have one query administrator with access to sq01,2,3 and sqvi who will assign query user group to respective users in prd so they can run these.
  BR,
  Mangesh

• Authority check in infoset query for field with multiple entries

  how can i perform the authority check in sq02 "at selection screen" for a multiple entry field
  e.g. EKORG low  0001 - high  0005
  or EKORG 0001, 0004, 0005
  I already added the following statements
  How the field for EKORG check must be filled
  if EKORG is initial.
    message 'Bitte Einkaufsorganisation wählen' TYPE 'E'.
  endif.
  AUTHORITY-CHECK OBJECT 'M_BEST_EKO'
           ID 'ACTVT' FIELD '03'
           ID 'EKORG' FIELD ?????.
  IF sy-subrc = 4.
    MESSAGE 'Keine Berechtigung für EKORG  sy-subrc 4'  TYPE 'E'.
  ENDIF.

  hi,
  which event do you use for your coding ?
  it must be AT SELECTION-SCREEN
  A.

• Authority-Check in ABAP Query

  Hello,
          I have a requirement to add authority check on two fields "Sales Organization" & "Plant" in a ABAP Query.
  Please let me know how can I do it?
  Will I be required to add some "Authority-check" code in sq02 or is there any button/checkbox available to do the same.
  Please let me know.
  Thanks in advance.
  Best regards,
  Tejas Savla

  Hi Ronak,
  Check this thread, this might help you.
  Authorisation on field
  Regards,
  Chandra Sekhar

• Authority Check - Best Practice - Optimum Way

  Hi Experts,
  I want to use authority check in my reports. The requirement is to filter data on the selection screen and execute the query. Error messages are not to be thrown because, a user will find it difficult to enter all the document types/company codes/sales areas etc authorized and remove the ones not authorized from the range.
  I am planning to create range tables and populate it with the authorized values and use it in the select queries.
  I have two concerns:
  1. I will have to build range tables based on the values authorized. This will take some time, keeping in mind that append is an expensive statement.
  2. What if the range table becomes big enough to give me a dump in the select query in some scenario. (What if scenario? Its a rare possibility that some field like this also needs to be authorized)
  What is the best practice or rule of the thumb that you have figured out.
  Thanks,
  Abdullah Ismail.

  Are they asking you to check the authorisations for each of the following?
  1.     Sales Organization
  2. Distribution Channel
  3. Division
  4. Sales Group
  5. Sales Office
  6. Sales Document Type
  7. Sales Country
  8. Material Group(Brands)
  If so that is completely over engineered and good luck with that.  Surely you only need to check at one level of the sales structure, the lowest level I would guess.  Your auths team should be able to guide you here and I cannot imagine they would want that level of auths as it would be a nightmare for them to build it. I suppose you might want one on material group as well.
  Therefore they auths team or functional consultants will need to tell you at what level you are checking for each report, there will only be a small number at each level, (think you will struggle to get near the 12,000 Rob points out would cause an issue with a range) of the sales structure so I would use a range, you wonu2019t have that many appends and it wonu2019t add much to the time of the report.  While for all entries is great you can also use the range where the report may have already used for all entries on a select and better not to have to rebuild the whole report.
  Also I would do the auths check first up and make the field mandatory if they really want it nice and tight so the user has to choose, you can use a PID to make it a bit more friendly.
  If you know the setup is the same each time you could use a standard include and subroutine, or ABAP objects would probably be the best route with a set of standard methods to call.
  Hope that helps,
  Tim

• Convert queries (SQ01) to Z-transaction - the easy way

  We have a lot of queries developed in SQ01 and want to convert many of these into z-transactions.
  What is the best and easiest way of doing. One requirement is that whenever we need to change anything in the quereis (SQ01, SQ02 etc) - we should still keep the same z-transaction. Is this possible?
  Kind regards
  Simen

  Hi,
  You can use below FM. I have done using this .it works perfect.
  in case any problem, let us know.
  Data:    QUERY LIKE  AQADEF-QUNAME,
           USERGROUP LIKE  AQADEF-BGNAME.
  CALL FUNCTION 'RSAQ_QUERY_CALL'
    EXPORTING
  *   WORKSPACE                         = ' '
      QUERY                             = 'ZFIDOC'
      USERGROUP                         = 'ZFIGOG'
  *    QUERY                             = 'FUELREPORT'
  *    USERGROUP                         = 'PMTEST'
  *   VARIANT                           = 'zz_TEST'
     DBACC                             = 0
     SKIP_SELSCREEN                    = ' '
  *   DATA_TO_MEMORY                    = ' '
  *   FREE_SELECTIONS                   =
  * IMPORTING
  *   REF_TO_LDATA                      =
  *   LISTTEXT                          =
  *   LIST_ID                           =
  *   PROGRAM                           =
  *   USED_VARIANT                      =
  * TABLES
  *   SELECTION_TABLE                   =
  *   LISTDESC                          =
  *   FPAIRS                            =
  * EXCEPTIONS
  *   NO_USERGROUP                      = 1
  *   NO_QUERY                          = 2
  *   QUERY_LOCKED                      = 3
  *   GENERATION_CANCELLED              = 4
  *   NO_SELECTION                      = 5
  *   NO_VARIANT                        = 6
  *   JUST_VIA_VARIANT                  = 7
  *   NO_SUBMIT_AUTH                    = 8
  *   NO_DATA_SELECTED                  = 9
  *   DATA_TO_MEMORY_NOT_POSSIBLE       = 10
  *   OTHERS                            = 11
  IF SY-SUBRC <> 0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
  ENDIF.
  Have a Nice Day,
  Regards,
  Sujeet

• RRMX Authority check

  hi,
  There are two SAP BW systems , one with component SAP_BW SAPKW70017 (say B1) , and other one with SAP_BW component SAPKW70103 ( say B2)
  In B2 , When a user executes RRMX , it takes them to the Business explorer(excel sheet) , however it throws a message in the GUI that "No authorization to change role <role>
  Message no. S#423"
  This message is received as soon as you get the excel sheet opened .
  When further looked into the situation , seems like in B2 , the follwing select statement is executed ,( as soon as u execute RRMX)for checking the change access for all the users "assigned roles" ( I wonder why all roles?) with the object S_USER_AGr and throws the message when there is no 02 activity for any of the roles present with the user .
  SELECT agr_name FROM agr_users INTO l_agr_name WHERE uname = sy-uname.
      CALL FUNCTION 'PRGN_AUTH_ACTIVITY_GROUP'  -
  > "this further throws the message"
        EXPORTING
          activity_group = l_agr_name
          action_change  = 'X'
        EXCEPTIONS
          not_authorized = 12
          OTHERS         = 13.
      IF sy-subrc = 0.
        e_s_system_info-can_change_pfcg_roles = rs_c_true.
  Whereas in B1 (old release) no such message is thrown for the same user . seems there is no such change activity check in the begining?( not too sure) and only when the user clicks the Role option in Query dialog , S_USER_AGR is checked as per the ST01 trace.
  Is this a bug in SAP_BW 701 release ? If so , do you the SAP notes for correcting the same ?please reply at the earliest .Thanks in advance

  Some customers have S_USER_GRP actvt '02' in production environments for the RRMX "key" users who publish queries to be able to add them to the menu for the users. A change in authorization data might not be required, typically.
  But this "change" authority gives more access than just the menu, and the user will need other authorizations for S_USER_TCD and VAL as well.
  It has been replaced by the BEXWeb, which you should take a look into.
  As SAP "owns" the authority-checks in their programs, they seemed to have felt it appropriate to add the same check to RRMX for "key" users.
  > Is this a bug in SAP_BW 701 release ?
  I don't think it is a bug in BW 7.01. Arguably they could have added it earlier.
  There is an approach to control this via the sideinfo.dat file using the program ID of the query - but I guess few did that or even knew about it. It is not intuitive.
  Cheers,
  Julius

• Authority Check to a Query

  HELLO,
  I am trying to introduce an authority check in a query, to do this I use the SQ02 transaction but I have 2 problems:
  1.- I can't change the At selection-screen module
  2.- If I change the Start Of Selection, then I save the code and finally I generate the infoset but I can`t see the modifications in the query.
  Do you Know what can I do to solve this problem?
  Thanks

  I think you don`t understand me.
  I have put ZTCO_SOLTRAS_CAB-BUKRS in the GoTo ..., it works correctly, but it is not my problem. My problem is:
  before I modified the query, the query read the field SP$00001(a select options) and get all the bukrs between the SP$00001-low and the SP$00001-high . Then I had to put a new field s_bukrs in the selection screen and now the user put the bukrs in muy new field, in that way I can check the authrity perfectly; so up to now all is correct...
  but the problem arrives in order to show the query results,  it doesn't matter what values fill the user in my field (s_bukrs) because the query still uses the SP$00001 field to filter data.
  An example:
  The user introduces the values 'A41' in the SP$00001-low and 'A43' in the SP$00001-high.
  I get those values and I check the authority. Imagine tha the user can see all the bukrs and the query goes on.
  Here is the problem!!!!!!!!!!! The query continuous (and it was code so) and in order to show the bukrs, goes to the field SP$00001 to filter data.( I can´t modify this code....) SP$00001 is empty so the query shows all the bukrs and the user only want to see bukrs between A41 and A43
  Do you understand me now?
  Thanks a lot, yo are helping me a lot!

• Authority check at field level in sales order

  Dear all, our business requirement is the following:
  only some users should be able to see the prices (including netwr, netpr,...) in the sales order depending on the authority check performed on the sales group field.
  This means that for an order of sales group 'A':
  a user of sales group 'A' can see the prices and change the order, a user of sales group 'B' cannnot see the prices but can change the order, a user of sales group 'C' can display the order but cannnot see the prices.
  I ask you if such a scenario can be realized in SAP.
  We currently run SAP ECC 5.0.
  thx all !
  bye Roberto

  Hi agree with Jan and Auke,
  To my knowledge it is object V_KONH_VKO which you are looking for. See the documentation in SU24 - SD class.
  But whether or not that will influence the visibility / editability of the screen in VA02 etc when turned the check on in SU24, I am not sure.
  If not, search the forum for topics relating to "transaction variants", "variant transactions" and "screen variants" to see whether those solutions will fulfill the requirement.
  Cheers,
  Julius