SQ01 - User Group Restrictions

Using transcation SQ01-Sap Query in the HR module is it possible to restrict users to specific queries. I have assigned users to user groups, but this does not appear to prevent users outside of the group running the query.
All users concerned have access to the transaction with authorisation value '23'.
Thanks
Simon

Hi,
Did you check what are the restriction given while creating a Query.
For more info
http://help.sap.com/saphelp_nw04/helpdata/en/d2/cb42cb455611d189710000e8322d00/frameset.htm
Cheers
Soma
Message was edited by:
        soma pradeep

Similar Messages

  • Restricting  Access for SQ01 User Group

    Hi ,
    Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
    Thank you
    Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

    Hi,
    Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
    If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

  • Copy SQ01 User Group Assignments During New User Creation

    When creating a new user (copy-from method), can the SQ03 user group assignments also be copied at this time or must this be maintianed separately?

    Hi, As far as I am aware it is separate.

  • ACS 4.2 (Trial) User Group Restrictions?

    I'm currently in the process of migrating from Microsoft IAS to Cisco ACS 4.2. I'm running an Eval of CSACS v4.2 for Windows in a Lab so I can work out the issues.
    So far I've been fairly successful getting user accounts authenticated with active directory credentials using the "Windows Database" as my external user database. The only problem I've run into is that I can't seem to figure out how to restrict access to Active Directory group membership.
    For instance, in the lab I have a Cisco 3750 switch that is using ACS to control login access. But given my current ACS configuration everyone in the windows domain can login to the switch. How can I restrict that down to just the Network Operations group in Active Directory?

    Yogesh:
    To move existing users from one group to another you can:
    - go manually to each user and change its group membership. OR:
    - Use RDBMS synchronization where you can fill a CSV file with the actions that you want (change group membership in your case) and import that to the ACS.
    For RDBMS sync you can read the user guide:
    http://tiny.cc/n13b1w
    This config example may also be useful about how to import the csv file:
    http://tiny.cc/533b1w
    I suggest that you read the guide and come back to ask here if you have any concern.
    HTH
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • How to restrict a user group of SQ01 for only execution for some users

    Hi,
       I would like to know if it is possible to restrict the access to SQ01 transaction for some users. I would like that these users have only execution access to some queries associated with an user group.
       Do I have to associate the user group to the users I want to have access to it? How can I do it=
       Do I have to associate the queries created on SQ01 to the users? or it is enough to assign the users to the user group where the queries are defined?
       Do I have to associate the infosets created on SQ02 to the users? or it is enough to assign the users to the user group to which the infosets are associated?
       Thank you,
       Luz D.

    I suggest you do a web search on SQ01 and SQ02. That'll bring along SQ03 as well.
    There's so much information available on the web that there's no reason to repeat it here.
    [try google|http://www.google.com/search?hl=en&safe=off&q=SAPsq01sq02&meta=]
    Jurjen

  • Restricting Queries in HR: Compensation Management User Group

    I am trying to restrict the Infoset /SAPQUERY/HR_XX_CM_03, which contains salary/compensation queries, assigned to User Group /SAPQUERY/H0, from being accessed by anyone.  In SQ03, user group /SAPQUERY/H0, there are no users assigned but users with access to SQ01 can select the user group /SAPQUERY/H0  and access the queries tied to infoset /SAPQUERY/HR_XX_CM_03.  Why are users able to access the infosets of the user group when no users are assigned to the user group?

    Turns out that security authorization for access to SQ01 had an S_QUERY value of 02 which allows for full change.  With this value the user group/user assignments done via sq03 did not work.  Setting S_QUERY to 23 allows for user group assignment to restrict access in sq01

  • Restrict metadata field during an update to a specific user group

    Hello everyone,
    I am having some trouble figuring out the best way to restrict permissions to change some metadata fields for 2 different groups of users.
    I have two user groups, A and B. Group A will be checking in documents that the B group will then review for accuracy and quality. Group B will then update an optionlist field called "Status" with either "Recommended" or "Not Recommended".
    This is not a workflow situation as the scope requires that all documents are immediately available for searching. I currently have a CheckIn and Search profile for the content permitting read write access to groups A and B. The "Status" field is hidden on the CheckIn page. Can anyone please suggest a good way to restrict the field "Status" on an Update page to just "B" users? Groups A and B should be able to update all fields with the exception of the B restricted "Status" field.
    Thanks!
    Edited by: user6750815 on Jun 2, 2010 4:11 PM

    Hey rMac,
    I understand it this way you have one profile for A and B user groups. On this profile Status field is hidden.
    If this is your problem you can approach it from two places, while making the rule for hiding the Status field, use rule activation condition. Make it active only for users with Role A . This way even with single profile some of the user with Role B will be able to see the Status field.
    otherwise you can put similar code in Restrict Personalization Link where in you make this hidden field editable and compulsory for Users in B.
    cheers,
    sapan

  • How to change user group of a query (sq01)

    Hi,
    I'm working with SAP Queries (SQ01) and I don't know how can I change the user group assignation of a query. We did only one user group for all users and queries and know in order to arrange it a bit we've created three user groups.
    We know how to assign users to new user groups but for each query of the old group we neet to move it to one of the new user groups, how could we do this?
    thanks in advance

    Hi
    pls go through these links
    http://help.sap.com/saphelp_46c/helpdata/en/35/26b413afab52b9e10000009b38f974/content.htm
    Step-by-step guide for creating ABAP query
    http://www.sappoint.com/abap/ab4query.pdf
    ABAP query is mostly used by functional consultants.
    SAP Query
    Purpose
    The SAP Query application is used to create lists not already contained in the SAP standard system. It has been designed for users with little or no knowledge of the SAP programming language ABAP. SAP Query offers users a broad range of ways to define reporting programs and create different types of reports such as basic lists, statistics, and ranked lists.
    Features
    SAP Query's range of functions corresponds to the classical reporting functions available in the system. Requirements in this area such as list, statistic, or ranked list creation can be met using queries.
    All the data required by users for their lists can be selected from any SAP table created by the customer.
    for more information please go thru this url:
    http://www.thespot4sap.com/Articles/SAP_ABAP_Queries_Create_The_Query.asp
    http://goldenink.com/abap/sap_query.html
    Please check this PDF document (starting page 352) perhaps it will help u.
    http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCSRVQUE/BCSRVQUE.pdf
    check the below link will be helpful for u
    Tutorial on SQVI
    once you create query system generates a report starting with AQZZ/SAPQUERY/ABAGENCY2======= assing this report to tr code for the same

  • SQ00 Restrict Access By User Group

    Hi all,
    I've just created a BOM Overview Report (Query) in SQ00 by using a logical database. I've assigned user's to the User group for the Z_BOM info set to run the report.   
    In Production client nobody has permissions to run SQ00 at this time. My question is if I put transaction SQ00 or SQ01 in a role and assign to users will they be able to run for any info set, or try and create new queries on thier own in there?   I don't want my production floor folks being able to see financial queries.....how do I set this up from a security standpoint...so these users only see the new SQ00 BOM Overview Report?  Thanks for your Input!!

    Let me tell you a better way of doing this for all users...
    Steps:
    1. Remove authorizations for tcodes SQ00, SQ01, SQ03, SQVI.
    2. If possible remove authorization for SA38, SE38. This is to prevent users by copying the program name from other queries (menu >> system >> status) and executing.
    3. Note down the report name for a particular query. In SQ01 you can do this by clicking In background button or following the menu path Query >> More functions >> Display Report name
    4. Create a custom authorization object e.g. Y_SHOP_FLOOR in tcode SU21 (similarly for financials etc if you want) and assign it to relevant users.
    4. Create a Z or Y transaction code in SE93 (of type report), assign the step 4 custom authorization object to this tcode and enter the report name from step 3.
    Edited by: Jeevan Sagar on Feb 5, 2012 1:18 AM

  • TMG2010 - Exhcange 2010 - Restrict User Groups

    Hey Guys, 
    We have TMG2010 currently reverse publishing OWA however no Pre-Auth is being used, the Exchange 2010 Auth Form is being used. 
    The TMG box is not Domain Joined, however if we joined it to the domain would we be able to use AD Security Groups to restrict access to certain services such as OWA?  Without enabling the "Pre-Auth" Functions of TMG? 
    Thanks, 
    Robert 
    Robert

    Hi,
    yes it is possible to restrict access to specific services like OWA/EAS/OA on the TMG Server for specific user/groups if the TMG Server is a member of the domain. You can also use pre-auth if the TMG Server is a member of a workgroup if you use LDAP
    on the TMG Server:
    TMG publishing:
    http://www.microsoft.com/en-us/download/details.aspx?id=8946
    TMG and LDAP:
    http://www.isaserver.org/articles-tutorials/configuration-general/Microsoft-Forefront-TMG-Using-LDAP-RADIUS-Authentication.html
    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3570

  • Restrict password resets to certain user groups in UME

    I am investigating if it is possible to create a UME action which restricts admins to unlocking/locking IDs and resetting passwords for users in a certain user group.  I know you may need to create a UME permission class and action.  Has anyone done this?  If so how?
    Thanks and Regards,
    Mosi

    Hi Mosi,
    did you have a look at the <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/2b/306bb5bc98f24f8a85d489449af456/frameset.htm">Documentation about the Company Concept</a>? This can also be used to delegate administrative taks in your case.
    Regards,
    Patrick

  • RE : user group(sq01) -- query modification

    Hi All,
    when i am trying to execute the query called ZTIMES in the user group SQ01 it is navigating the screen to selection-screen with some inputs to be given here on the selection screen company code is mandatory as an input.So, i want to set default value for the company code as 1000 in the selection screen while i am executing.
    Thanks
    Raju M

    Hi Anitha,
    How to Enhance the Standard Report? :
    When I am trying to execute the query called ZTIMES in the user group SQ01 it is navigating the screen to selection-screen with some inputs to be given here on the selection screen company code is mandatory as an input. The company code field is having the search help and it is fetching the values for the company code from table called PROJ  Table (Project definition Table).But I want the company code should fetch the value from the  PRPS Table ( Work break structure(WBS Element) Level).
    Tables used are PROJ and PRPS.
    The company code in PROJ is PROJ-VBUKR
                                    In PRPS is PRPS-PBUKR
    In the coding part related to that selection screen I have to replace PROJ-VBUKR with
    PRPS-PBUKR.But it is standard report to enhance.
    What is suggestible solution for this issue?
    Thanks,
    Raju M.

  • Restrict user group authorization on reporting

    Hi all;
    I've problem restriction of user groups on monitoring reports.
    By using RSSM transaction I gave only one user group to reach the reports but I still see the other groups on report.
    Thanks.
    Korel.

    Hi Chris,
    There is no standard report available for this purpose. However all this information is stored in table UME_STRINGS.
    You can write your own SQL queries to generate such reports. However please note that this table is not normalized, and it's a master UME table. You should use it strictly for READ ONLY purpose.
    For a sample code you which i wrote some time back, you might refer:
    http://forums.sdn.sap.com/thread.jspa?threadID=2088099&messageID=10859334#10859334
    Thanks
    Prashant

  • Not able to restrict user groups from accessing certain entities

    We have created user groups and are trying to give them restricted access to certain entities so that they can perform consolidations only for those entities. But even after creating Security Classes (and assigning them to the entities in the metadata) and assigning [Default] security class access as Read Only, the users are still able to access and consolidate all the entities using process control.
    Can anyone please let me know how to restrict consolidation to only certain entities?

    To solve this you need the following information:
    -- What roles do the users have? Anyone with the Administrator role has full access to all classes.
    -- Examine the groups. If any users are members of a group which has more access than the users have as individuals, they get the greater access level. You can generate a report which shows all roles for all users including the derived roles.
    -- Examine your metadata. Do the entities in question have the classes you intend? If you omit a class (the field has been left blank), HFM treats it like the [Default] class.
    With this information we could help you troubleshoot the issue.
    --Chris                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • How can we restrict the other user to add their user id's to the user group created in SQ03?

    Hello All,
    How can we restrict the other user to add their user id's to the user group created in SQ03?
    When we enter the user group name and click on "Assign users and Infosets" button in the attached pic "User Group" .
    I was able to enter my user id in other user groups. How to Grey out the other rows in the attached pic "User Group 1".

    How strange I answered (or at least helped) this very same question earlier today. Here the link to my previous answer then:
    http://scn.sap.com/thread/3536135

Maybe you are looking for

  • Strange problem in java

    Hi, I have a following program , this program call aother classes . my problem is that if I run loop to call the classe      for (int i =3;i<=4;i++), I get a strange error saying : Classification accuracy = 100.0 % error accuracy = 0.0 % Accuracy = 1

  • Base class

    Hi , What will happen if I have a derived class default constructor which does not call the base class constructor as below? Will this cause any issues? Thanks, public class Base{ private String st = null; public Base (){} public Base(String str){ st

  • Large Multiplot XY Graph very slow to update visibility/color/line width changes

    Hello everyone,  I have an interesting problem for you all. I am trying to update characteristics of a large XY graph (3600 data points for each of 160 different plot lines, all on one graph) by reference and it's going incredibly slowly. What I have

  • Query on SRM Shopping Cart ,plz help its very very urgent

    Hi Friends, I have a query on workflow. Users creates PO through SRM shopping cart and immedeately they receive a mail in there mail box.Below is the process flow of sending the mail to the user inbox from srm shopping cart. SRM Shopping Cart>Busines

  • How to calculate stock on hand initial based on VALUATED not Category group

    Dear Expert, Now, i want run SNP with initial stock on hand calculated by stock on hand based on VALUATED not category group like CC or CI. Because in ECC we used a lot of valuation types for materials. please show us. thanks so much hungth