Question:
Hi,
When running a query using TRX s_pho_48000513 the SAP system block data display if the user has no access.
When running the same report using SQ01 all data is displayed. Is there some way of blocking access to information when using SQ01 other than the user group assignment/management? Currently the query does not appear to be checking objects in authorization profiles when running reports from TRX SQ01.
Regards HK
Answer:
The query will only block the data if you use the Logical databases as a source for your data, SQ01 should not be used if you need to restrict data access.
_________________
John A. Jarboe
Answer:
Hi John,
Thanks for the feedback, are you confirming that SQ01 overrides authorization unless only a logical data base is used?
The problem we have is the ABAP 4 Query is assigned to a SAP supplied logical data base but the end user is able to access data that they normally can't via transactions.
Regards HK
Answer:
Hi,
Thanks guys, confirmed that SQ01 over writes authorization and displays all.
Regards HK
Answer:
SQ01 is a pain in the butt for authorisations, but you can remove it and create TCodes for the queries to "secure" it that way or add authorisation groups to the Query/Infoset etc. to control access to information.
Infosets can also have code added to use standard authorisation objects which can also help.
_________________
Kind Regards
Rosie Brent
Please remember to search the forum and check the FAQ before posting questions, thank you.
Tuly Idiot most of the time, part-time Guru
Answer:
Hey
let us face it SQ is a complete pain and should be avoided as much as possible. The ONLY sound way to use it is to create quick and dirty queries in a development system to show to end users. But then create a real ABAP and transport that to Production. In that ABAP all authorisation checks wanted can be build in!!!