Queries

To find out whether a user has access to certain functionalities or not, an object level authorizations check is needed.

The knowledge about “What needs to be evaluated for which piece of functionality” is embedded in what is known as a query.

Note:
There are standardized queries available for CSI Accelerator.

Types of queries.

There are three types, related to the different analysis levels:

• Queries for analysis on S_TCODE object
• Queries for analysis on Authorization Object level (not supported in CSI Accelerator)
• Queries for analysis on Authorization Object Field level

Reasons for fine-tuning are:

• Field value authorizations often dependent on customization - so this is different per client system.
• The queries may also contain optional authorization objects. If these optional authorization objects are not used in your organization, the objects should be deactivated in the queries.
• The implementation team has build new authorization objects and authorization checks in SAP.
• Authorization objects can be disabled in the system.

You may add new queries to your application or change existing ones when doing reviews in an area not covered by standard queries.

Once you have found users with access to certain functionality, you can always trigger the profiles and authorizations that caused this access.

Menu.

Queries are found in the Audit–> Queries menu and in the Library.

Table view.

The query naming can be (de)activated at once by using the checkbox in the column header.

Changed rows are only applied after save.

Copy Query

Copy a query is found in the Audit > Mass Changes > Copy Query ... menu.

Copy a query and select the related data to be copied with it.

This document is up to date with version 11.1.12.31 of CSI Accelerator