SAP Crystal Reports and Secure Query enable users to design and generate their own queries and reports from system database files. Any user who has access to Crystal Reports or Secure Query can view any field without restrictions—unless you use Ad Hoc Reporting Security, which restricts the database files and fields available to a security group when using Crystal Reports or Secure Query.
Ad Hoc Reporting Security involves two parts:
- Assigning an access level to each field in your Sage HRMS databases.
- Assigning an ad hoc reporting security access level to each security group.
Note: The access levels you assign for ad hoc reporting affect access only in Crystal Reports and Secure Query—they do not impact the rest of the system.
How access levels work
Access levels range from 1 to 9, where 1 is the lowest and 9 the highest. The MASTER user ID has an access level of 9 and can access all fields.
Initially, the access level for a security group is set to 1, so the group’s users can access all the fields set to 1. Initially, every field in the databases is set to 1. If you do not want users in a group to access all fields when they generate reports using Crystal Reports or Secure Query, assign those fields an access level of 2 or more.
If the access level for a security group is 2, users in that group can access database fields whose access levels are 1 or 2. If the access level for a security group is 3, users in that group can access database fields whose access levels are 1, 2, or 3. If the access level for a security group is 9, users in that group can access all database fields (fields in levels 1 through 9).
There are two security groups: Data Entry and Pay Manager
We want the users in these groups to have the same capabilities generating custom reports in Crystal Reports and Secure Query except the Data Entry group cannot generate custom reports containing the Earnings/Deductions Code field. To do this:
- Change the access level for the Earnings/Deductions Code field to 5.
- Assign an ad hoc reporting security access level to the Pay Manager group to 5 (so the users in that group can access fields in level 5 and lower).
- Leave the ad hoc reporting security access level for the Data Entry group at 1 (so the users in that group cannot access fields in levels above 1.
Note: If the access level for the Earnings/Deductions Code field is set to 6 or more, even users in the Pay Manager group are unable to use that field in Crystal Reports or Secure Query.
Assigning access levels to fields
The Ad Hoc Reporting Security page contains a table with every field in every database file in your Sage HRMS system.
- The first column displays the database file names in alphabetic order.
- The second column displays the field descriptions.
- The third column displays the field’s access level. There are nine access levels (one through nine). Initially, all fields are set to access level 1.
Before setting access levels, determine to which fields you want to have restricted access.
Tip: Use the product’s Data Dictionary to help you locate a specific field within a database file.
- Select Setup > System > Security > Ad Hoc Reporting Security.
- On the Ad Hoc Reporting Security page, change the access levels if necessary.
- To set the level for all fields in all database files, select a number from 1 to 9 for Change Security Level for All Fields at the top of the page. All fields change to that access level number.
- To set the level for all fields within one database file, locate the database file and click any line item within the file. Enter a number from one to nine in the Fields for Selected File at the top of the page. All fields within the selected database file change to that access level number.
- To set the level for one field at a time, select the row with the field, and then enter a number from 1 to 9 in the Access Level column.
- Click either:
- Apply to save the settings and remain on the Ad Hoc Reporting Security page.
- to save the settings and close the page
Tip: Set the access level for all fields in all database files first. If you want a different access level for specific files, set them next. Remember, setting an access level for all fields overrides any previously set field levels.
Assigning access levels to security groups
When you set up security for a group, the ad hoc reporting security level is initially set to 1, but you can change it. This access level determines which fields in the Sage HRMS system databases the security group’s users are able to access when they use Crystal or Secure Query.
- Select Setup > System > Security > Group Security.
- On the Security Groups page, double-click the group whose access level you want to change.
- For Ad Hoc Reporting Security Level (on the bottom of the Group Level Security tab of the Security Group page), select a number from 1 to 9.
- Click to save the setting for this group and return to the Security Groups page.
- Repeat steps 2 - 4 for each security group whose access level you want to change.
- When you are finished, click
(the close page icon).