Activo Auca Campo Culebra

You have learned that there are over 20 authorization items for query generator. The first three items have already been discussed. The other 20 of them are for Saved Queries–Groups. The group numbers are from 1 to 20. Among them, group numbers 16 to 20 are not available to standard user interface. Therefore, we will only discuss the first 15 groups.

The last five groups may only be used when you have an add-on or through SDK coding. Unless that is the case, they do not need to be set. Keep them unchanged as shown next:

These groups are equivalent to Authorization Groups1-15 under Create/Edit Categories. The following screenshots show you detailed setups for a few categories. For general category, common practice is to assign this category to all groups. This category will be used for the queries that can be accessed to all users. For the overlap rule, it's an exception. The main purpose for this query is for "convenience". It should only keep those frequently used, non-critical queries. It will not be a good practice if many queries are saved here, because it simply means you decided to give up query security altogether.

My suggestions to save queries under this category are as follows:

• Minimize the numbers of the queries here. Unless you know it's being frequently used and it should be available to everyone, do not save the query under this category.

• Check it more often than other categories because most users with the authority to save will easily choose to save their new queries here.

• In general, finance-related queries should not be saved here.

• When naming the query under this category, the names of the queries should be clear so that everyone knows what the query results are. For example, a query of "Sales Report" does not tell you much, but when the query is named "Sales Report by Customer for Annual Commission Calculation", it is more readable as to what the query is doing.

You can find the Formatted Searches category in the next screenshot. It is also assigned to all the groups. This is because most Formatted Searches queries cannot be run directly. However, any user may require this function. It is safe to assign this category to all the authorization groups. A detailed discussion about formatted search can be found in the next chapter. The following screenshot shows the Format Searches category assigned to all groups similar to General category.

The names of all queries under this category need to be more concise. Because it only links to Formatted Search, the query name should reflect where it will be triggered. This topic is beyond this chapter's scope. You can browse the next chapter for detailed information.

The following screenshot shows the first module Administration. All queries related to users can be saved here. Assigning Group 1 would be an easy match to remember.

The same principle applies here: Financials has been assigned as Group 2 because it's the second module.

In a similar way, Sales–A/R has been assigned Group 4. This is the fourth module in the system.

Again for Purchase–A/P: The fifth module in SAP Business One with Group 5. For Business Partners: a different approach with not only Group 6 but also Group 4 and 5.

It sounds redundant for more than one screenshot to show groups' assignments. You may wonder whether it can be explained just through a few paragraphs. However, it's more effective to show you more screenshots. In this way, you can follow these suggestions easily. Remember, these are the only ways to solve the issue. You can assign any groups by using the combination of these 15 groups, as long as it meets your business needs.

After you have carefully assigned all the authorization groups, user security becomes pretty straightforward. If the users belong to the purchase department, you may assign Group No. 5 to them. As pointed out earlier, only assign Read-Only authorization first. Do not allow them to save query unless necessary. You will find out they can access both Purchase–A/P and Business Partner categories because the latter belongs to three different groups namely Group 4, 5, and 6. The following screenshot shows this concept:

Individual users can be assigned to more than one saved queries group. For example, a sales person can be given Group 3 and 4 to use all queries under Sales Opportunities, Sale A/R, as well as Business Partner categories.

These saved queries groups are not equivalent to the department or any other user groups. It is flexible for you to design overlapped user privileges based on actual

From these examples, you may wonder about whether you do not want the sales person to access the Business Partner category. Well, if that is the case, you have to assign a Business Partner to only one group instead of three in order to define the authorization without binding them.

To plan for business growth, it is better to leave a couple of authorization groups without assignments. If you have assigned all 15 groups, you would not be able to deal with any future needs or growth. If the business is very stable, you can use them all.

How to use query for approval