I noticed that anyone on the backend of the site can use this component. It's probably a bad idea, since then one of the Administrators or Managers can alter the database directly, and either get access to information they shouldn't, or mess something up to where they can't fix it. I prefer to reserve this one to a Super Administrator. I altered the code in admin.ccquery.php to include this after the assertion at the beginning:

==code begin==

if( @is_object($acl)) {
    if (!$acl->acl_check( 'administration', 'config', 'users', $my->usertype )) {
        $url = htmlspecialchars($_SERVER['PHP_SELF']);
        if (headers_sent()) {
            echo "<script>document.location.href='$url';</script>\n";
        } else {
            @ob_end_clean(); // clear output buffer
            header( 'HTTP/1.1 403 Forbidden' );
            header( "Location: ". $url );
        }
    }
}

==code end==

It's a small hack, and it just redirects back to the control panel with no error, but it keeps non-SuperAdministrators out.