I have seen many scenarios where you were asked to restrict access for queries. Okay we will take a scenario where user should be able to Change /Delete/Display or execute his queries but he need to be restricted with just Display/Execute access to other’s queries.
Well, how will you handle the scenario?
First and foremost you should know the authorization objects for Query Components to restrict the access. Below two are the Authorization objects for Query components
1. S_RS_COMP–Business Explorer – Components
2. S_RS_COMP1–Business Explorer – Components: Enhancements to the Owner
Let the user know the naming convention for his Queries should start with C*(you can use some unique naming conventions as well).
Now, create a new role in PFCG and go to Authorization Tab and Click on Display Authorization Data.
Add the authorization objects S_RS_COMP and S_RS_COMP1 from and make the Activity as Display/Execute and Name (ID) of a reporting component as * which gives Display/Execute authorization for all queries as below and generate the profile(Red and White Circle Icon).
Technical names of the Authorizations can be seen from Utilities section from Menu bar.
Create another role in PFCG and add the authorization objects S_RS_COMP and S_RS_COMP1 and make the Activity as * and Name (ID) of a reporting component as C* which gives all authorizations for queries starting with C as below.
Assign these Roles to the user.
Suppose if another role which has Query component Authorizations for changing all the Queries i.e. Activity as * and Name of a Reporting Component as *, then all our work is waste as obviously this will overwrite our Display/Execute authorizations. So, make sure apart from these two roles other roles should not have Query component Authorizations.
Now the user can only Change his Queries but still he can Execute or Display other’s Queries.