The Administrator can control access rights to the InfoSet query using roles or SAP Query user groups.
The technical background to controlling access authorization using roles is as follows:
Exactly one SAP Query user group must be assigned to a role.
InfoSets have to be assigned to this user group. These InfoSets can then be used by role users for reporting.
It is not necessary to enter the users into the user group as they are assigned in the role assignment. This means: This assignment is only valid, however, if the user uses the role to call the InfoSet query. This assignment is only valid, however, if the user uses the role to call the InfoSet query. If the InfoSet query is accessed in any other way, then the general access authorization implemented using SAP Query user groups applies.
To be able to save queries, a user needs the relevant 'change' authorization for queries (authorization object S_QUERY, field ACTVT, value 02). If the user does not have this authorization, then the user can use the existing InfoSets and queries within the role, but cannot save them.
You can find further information under Including the InfoSet Query in Roles.
The procedure for controlling access rights using user groups is exactly the same as with the SAP Query. This means that, per user group, you determine which InfoSets can be accessed and which users belong to a user group. Users allowed to create and change queries, must be given the 'change' authorization (authorization object S_QUERY, field ACTVT, value 02).
For more information, see Authorizations for the SAP Query.