Adhoc Query Issue - How to restrict /SAPQUERY/H2 access

Similar Messages

• How to restrict the change access in CRM for OLTP orders

  Hi Guru's,
  Please let me know  how to restrict the change access in CRM for the orders that are created in ECC. The ECC orders will only for display in CRM but not for change,
  We have  the orders that are  created in ECC, it will flows to CRM and should restrict the access to get in to the change mode in CRM but as of now CRM  system is allowing change mode for ECC orders and ending up with errors.
  Is there any additional middleware parameter that needs to be added to SMOFPARSFA table to get this functionality! Please advice! Thank your for your help.
  Regards
  Suneel

  Hi.
  You can use the PFCG role to control if the user is able to create, change, delete or only display a business transaction type.
  Regards.

• Adhoc query Issue in IT0001- Additional fields.

  Hi Everyone,
          Im facing issue in adhoc query, In IT0001- Additional field .The supervisor name is not getting displayed in the output  even though personnel number is getting fetched.Output value attributes is  chosen  as 'value and text'.
  Details of the field:
  Name of the field: Personnel number of superior (Org. Manag
  Technical name :SYHR_A_P0001_AF_OMNGR_NR (Additional field)
  This is happening after the implementation of A3 to A9 notes.
  Thanks in Advance.
  Regards,
  S P Joshi.

  Did you try Ted's solution of identifying the "addtional field 'SYHR_A_P0001_AF_OMNGR_NA' "as a displayed field ?
  Note that if that field is not already in your Info-Set, you will have to add it (using t-code sq02).

• AdHoc Query Issue

  Hi Gurus,
  I am running 1 Adhoc Query.We are getting an error in Job description.
  We are passing Job code as input.For that job code it is not displaying Corresponding Job description.
  Ex :  Job Code -  - - -  1126
  This is the Data avilable in table M_PLOMC.
  Required Output  :  YOUTH SERVICE SPECIALIST    OTYPE2  =  C
  Current Output  :  ELEM TEACHER                           OTYPE2 =  S
  I specified OTYPE2 as C in the Infostet Code  to identify the Job description . SAVE and Generate
  i created new quey i can see the change code.
  If i run the Program behind the Query from SE38 it is displaying output Correctly.
  But if i run Query directly from SQ01 no Output.
  Bcaz of this Adhoc query also displaying No output.
  Please help me...
  What is this the difference in running program behind the Query and Running directly the Query?
  Here C specifies JOB.
          S specifies POSITION.

  Hi
  The program name is decided at the runtime...
  Might be you have taken the program name before doing some modifications to the adhoc query..
  Please check if the program name generated cuurently and the program name you are using the same...
  Thanks
  Sushmitha

• Configured Nacs- how to restrict AAA client access by specified Password

  Hi all
  i hav given the below config in AAA Client& added the Client in User,Group, the NAR is configured for all Clients ,
  But my requirement is restrict AAA client access by specified Password
  aaa new-model
  aaa group server tacacs+ NACS_Group1
  server 10.x.x.x
  server 10.y.y.y
  aaa authentication login default group NACS_Group1 local
  aaa authentication enable default group NACS_Group1 enable
  aaa authorization config-commands
  aaa authorization exec default group NACS_Group1 if-authenticated
  aaa authorization exec NACS_Group1 group tacacs+ local
  aaa authorization commands 1 default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+

  You use the Network Access Restrictions table in the Advanced Settings area of User Setup to set NARs in three ways:
  Apply existing shared NARs by name.
  Define IP-based access restrictions to permit or deny user access to a specified AAA client or to specified ports on an AAA client when an IP connection has been established.
  Define CLI/DNIS-based access restrictions to permit or deny user access based on the CLI/DNIS that is used.
  Note: You can also use the CLI/DNIS-based access restrictions area to specify other values. See the Network Access Restrictions section for more information.

• Performance Issue-;How to restrict the total output of the report.

  Hi Experts
  I need your advise to resolve one performance issue in my BI Publisher report.
  My report query is extracting more than 80000 records at once. To load these records into the report template it is taking all most 14 to 15 hours. Unfortunately i cannot change my logic to put some more filter to restrict the query output, as this is the requirement from the client.
  Is there any way i can restrict my report so that it will extract the first 1000 record and on the event of pressing next it will extract the next 1000 record and so on from the point when it left in last time.
  Kindly let me know if you have any solution for this.
  Thanks in advance.
  Regards
  Srikant

  Hi experts...
  Any update on this...

• BEx Query Help   How to restrict  Organisation Unit  Like 'D%'    in Bex

  Hi all ,
  In a cube i have a columb   ORGUNIT     which is having Values from
  A_152,
  A8373 ,
  D_983,
  B_0293,
  C09 ,
  D6653 .
  In bex Query Designer I want to restric that infoobject  & organisation unit which is starting with 'D' .
  means  output will be   :  D_983 ,
                                          D6653
  ABAP statement    for this             ORGUNIT  LIKE 'D%' .
  how we do same in BI restriction .
  Thanks Regards
  Sanjeev Kumar
  Edited by: skarya2003 on Dec 6, 2009 9:01 AM

  Hi,
     Try using customer exit .
    chk out this doc which helps u,  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/90f8b363-882d-2c10-ea91-9f08ce4c658a&overridelayout=true
  Regards,
  Priya.

• SQL query issue, how to improve it?

  Hello all, I want to create a query with with result in the following result. Every first person of an department starts with the letter A and goes up like this:
  Name department
  A Person1 3
  B Person2 3
  C Person3 3
  D Person4 3
  E Person10 3
  A Person6 10
  B Person7 10
  C Person8 10
  A Person4 13
  B Person9 13
  It has to be a SQL query, unfortunately no PL/SQL
  I was able to create this query, but its lacking. Department_id will be a variable, a person can choose one department or several departments, so the query varies in size.
  select chr(64+rownum), name, department_id
  from ( select name, department_id
  from employees
  where department_id = 3
  order by id_but, naam
  union
  select chr(64+rownum), name, department_id
  from ( select name, department_id
  from employees
  where department_id = 10
  order by id_but, naam
  union
  select chr(64+rownum), name, department_id
  from ( select name, department_id
  from employees
  where department_id = 13
  order by id_but, naam
  order by id_but, naam
  The employees table has the following columns:
  id, name, department_id
  Can anyone help me make this query better? parhaps with the With clause?

  Use analytic function ROW_NUMBER:
  with t as (
             select 'A' name,3 department from dual union all
             select 'B',3 from dual union all
             select 'C',3 from dual union all
             select 'D',3 from dual union all
             select 'E',3 from dual union all
             select 'A',10 from dual union all
             select 'B',10 from dual union all
             select 'C',10 from dual union all
             select 'A',13 from dual union all
             select 'B',13 from dual
  select  name,
          'Person' || row_number() over(partition by department order by name) person,
          department
    from  t
    order by 3,
             3
  NAME                           PERSON                                         DEPARTMENT
  A                              Person1                                                 3
  B                              Person2                                                 3
  C                              Person3                                                 3
  D                              Person4                                                 3
  E                              Person5                                                 3
  A                              Person1                                                10
  B                              Person2                                                10
  C                              Person3                                                10
  A                              Person1                                                13
  B                              Person2                                                13
  10 rows selected.
  SQL> SY.

• LSO: How to restrict employee from accessing LSO Web based course.

  Hi Gurus,
  We have a requirement where we need to restrict few section of employees from accessing the LSO web nased courses. I know this can be done from Structural Authorization concept.
  Can anyone tell me how to implement this structural authorization of section of employees. or any link mentioning step-by-step process will be great help.
  Thanks,
  Swet

  Hello Satya,
  The status comes from entries in Table T77BW. I don't recommend that you change the status as I don't know what issue may occur.
  Relevant coding in RHPQ_INDIVIDUAL_PLAN_READ.
  IF history_tab-endda < sy-datum.            "begin note 588403
    pplans_tab-state_id = att_state_id.
    pplans_tab-statetxt = att_statetxt.
  ELSE.
    SELECT SINGLE * FROM t77bw INTO wa_t77bw
             WHERE context = 'EVENT_BOOK'.
    IF wa_t77bw-new_state IS INITIAL.
      pplans_tab-state_id = '02'.
    ELSE.
      pplans_tab-state_id = wa_t77bw-new_state.
    ENDIF.
  Regards,
  Manny

• How to restrict employees from accessing managers data using custom security profile

  Hi,
  I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
  Responsibility :US Super HRMS Manager
  ASSIGNMENT.PERSON_ID
  IN
  (SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
  PER_ALL_ASSIGNMENTS_F PF,
  PAY_PEOPLE_GROUPS PG,
  PER_PERSON_TYPE_USAGES_F PPU,
  FND_USER FNU
  WHERE PAF.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
  AND PAF.EFFECTIVE_END_DATE
  AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
  AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
  AND PPU.PERSON_ID=PAF.PERSON_ID
  AND PPU.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
  AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
  AND PAF.PERSON_TYPE_ID =2
  AND PPU.PERSON_TYPE_ID
  IN(2,62)
  and PAF.person_id = FND_PROFILE.value('user_id')
  AND PG.SEGMENT2=8)
  and using "restrict the people visible to each other using this profile".
  I have assigned the security profile to HR user responsibility
  But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
  When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
  Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
  I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
  Please suggest.
  Thanks & Regards,
  Anusha.

  Hi All ,
  i solved the problem by using event 01 of header view and using the table "Extract" .
  Regards,
  Neha

• How to restrict the all access ? Single user mode....

  I am doing export/import of schema objects from Windows to Oracle. How to make sure when I do the export in the migration database no one else is modifying the data. Is there any single user mode so that I can be sure of only one connection while exporting?
  Oracle 10g R2 on Windows Server.
  Thank you,
  Smith

  Perhaps you are not familiar with the concept of multi-version read consistency.
  No one can see that which is not committed and reads can never be blocked.
  If you want a system where no one can see things kill their sessions and do a STARTUP RESTRICT.

• How to restrict users to access the files directly from /irj/go/km/docs/doc

  Dear Experts,
  I have made a folder in KM where I have saved some files, and also I have made a application from where user can access those files.
  But the users are able to access the files by directly typing the path of the file in internet explorer, I have to restrict it that the user should not be able to access the files directly.
  Please give your helpful suggestions.
  Warm Regards
  Upendra Agrawal
  Edited by: Upendra Agrawal on May 15, 2009 4:49 PM

  Hello,
  You can have a link/button react to a mouse clic by reading the KM document and putting it on the htpp flux with the correct header (this is the same kind of code that is used when you generate the pdf). As the file access is in you server-code, user will not have access to the URL...
  an exemple for the WD Java (coming from this [PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0cc41cb-9576-2b10-99a6-ab90ef28c73b]), with slight modifications :
  public void exportToPDF( ) {
     //@@begin exportToPDF()
     ByteArrayOutputStream outputStream = null;
     outputStream = new ByteArrayOutputStream();
     // read the file with KM API and copy it to the outputStream
     showPopUp(WDWebResourceType.PDF, outputStream, "PDF Out Put");
     outputStream.close();
  //@@end
  regards
  Guillaume

• How to restrict External Drive access in other user accounts

  I just purchased an external HD and moved my iTunes and iPhoto libraries to it. No problem there.
  My Mac mini has four user accounts and I'd like to set the permissions on the external HD so that only I can write to it from my account. I'm attempting to do this through 'Get Info' on the external drive, then setting Sharing & Permissions to 'Read and Write' for myself and 'Read only' for the other three accounts. But it seems that when I set one of these it gets set for all four accounts.
  Am I doing something wrong trying to set the permissions this way, or, is there a better way to do it?
  Thanks,
  Andy

  I didn't realize you could set the privileges for other user accounts in the 'Get Info' box from my account. I added the names of the other three accounts and set them to 'Read Only' but I am still able to delete files from the drive when I'm logged into those accounts.
  What I'm trying to do is set it up so that either (1) they can't accidentally delete files from the external disk or (2) they can't even see the disk at all from those accounts. I would have thought that 'Read Only' would not allow them to delete files, but with the privilege set to 'Read Only' I'm still able to delete files from the disk.
  Maybe I'm missing a step? Or maybe there's another way to do it?
  Thanks,
  Andy

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Restrict DBA from accessing User's Tables

  How to restrict DBA from accessing objects created by a user?
  Regards
  Sumit

  mbobak wrote:
  Hi Ed,
  Actually, if I understand it correctly (and I may not, as I've never installed or used Database Vault and the presentation I saw was a long time ago), my understanding of the security model is that the "DBA" that has system level privileges, is separate from the "security administrator" role, which is the person who decides which user can see what application data. In Database Vault parlance, the DBA has access to the system, system views, etc, but not the application data. The application data lives in a different "realm". There can be multiple "realms", and you must be assign specific rights in the different realms to access different data. The DBA doesn't get access to any realms.
  If you do not assign those two roles to different people, then you might as well not configure Database Vault at all.
  At least, that's my understanding.
  -MarkMark,
  That was pretty much my understanding as well. But even when I worked for a credit card processing company, they didn't have that separation of duties - even though the auditors kept asking for ways to keep the DBA's out of the database.
  And even with strictly defined separation of duties, wouldn't it still come down to someone who having to have the keys to it all? How about the guy who has the password for "root"?