Authorisation Groups and SQL Queries

Similar Messages

• Authorisation group and document type

  Dear Experts
  I want our users who are using transaction F.14 to be able to process document type ZF only. I have created a role and in the authorisation object F_BKPF_BLA
  i can see field authorisation group and activity. What value i should put in the authorizatuion group object which will allow me to restrict users to work in document type ZF only
  <removed_by_moderator>
  Edited by: Julius Bussche on Apr 30, 2008 4:53 PM

  Hi All,
  Didnt know whether to start a new post or continue this one.  Basically I have the same problem but I seem to be missing something fundamental (and I think it must be obvious!).
  Dev Team:-
  1) New transaction code created ZF10 by which amongst other things should only process the newly created document type ZF.
  Myself (Security Team):-
  1) All of our document types are defined in OBA7. 
  2) The specific document type is ZF that we want to restrict access to.
  3) In V_TBRG I have defined the custom authorisation group ZDTF against object F_BKPF_BLA.
  4) In SU24 I have defined against the custom transaction code ZF10 the authorisation object F_BKPF_BLA to be inserted with Activity values 01, 02, 03; and Authorisation Group ZDTF.
  5) Create new role and add ZF10 which then populates the auth object and values above.
  What I cant see / understand is how the document type is then restricted to ZF in the role as it isnt defined anywhere that the authorisation group ZDTF only allows access to document type ZF.
  Any help on this will be greatly appreciated.  PS Should I have created a new thread for this ?
  Cheers
  Steve

• PLSQL Blocks and SQL Queries in APEX

  Hello,
  Is it possible at all to view undelrying Oracle PLSQL and SQL queries in a run time APEX 3.2 application?
  More elaboratively, can a smart APEX Site user or visitor find a way to see underlying SQL queries and PLSQL code objects?
  Thanks,
  R

  Hi,
  If you just want to see what sql is executed by a session you can use sql trace. This can be switched on for a whole system but is usually more usable when switched on for individual users. The problem with a system like APEX is that database sessions are not directly associated with APEX users and APEX sessions can share database sessions.
  I haven't tried it, but one method that may work is to put a schema logon trigger on the APEX_PUBLIC_USER which switches on tracing when ever this user logs on to the database. It may take a little detective work to understand the sequence of things but all the SQL executed by this user will be recorded and can be analyzed for performance etc. The command to enable SQL tracing could be embedded in the APEX app, but it may be a little random as to which db session has it enabled.
  Perhaps a better tracing option could be seen as a feature request in a future version of APEX.
  Regards
  Andre

• How exit for a script having set of pl/sql blocks and sql queries

  HI,
  I have set of blocks and sql queries in a script.
  In some cases I want to stop the excution of next statements and blocks.
  As in pl/sql block We can use return , in case of loop we can use exit, so what is to be use in case if sql script which contain set of blocks and sql queries.
  Thanks and Regards in Advance,

  Hi,
  how to exit from the script if confirm_to_continue is set to 'N'.
  i.e in this case I want the preceding statements not to be excuted.
  Please suggest.
  script:
  declare /*BLOCK NO1*/
  begin
  IF &&confirm_to_continue = 'N'
  THEN
  ---exit from from whole script
  RETURN; -- this will only exit from this block
  END IF;
  end;
  host IF EXIST &file_name (del &file_name) ELSE (echo missing)
  declare /*BLOCK NO 2*/
  begin
  end;
  /

• Business Logic - Success of Tag and SQL Queries

  Greetings All,
  I have a Logic flow from an old NQL process. 
  The process Gets some SQL and Tag Data then checks to see if data was returned and notifies via email if data wasn't returned.  So this would translate into the Tag and SQL Queries followed by a Logic Conditional block.
  HERE's the questions:
  In BLS, if the SQL and/or Tag Query fail, the entire process quits (at least when Executed locally) and never gets to the Logic Conditional block to verify the tagQuery.success or SQLQuery.success.
  Is this what it does when run as a scheduled task also???
  Is there any onError then do... type of parameter???
  Any Suggestions would be appreciated...
  Thanks
  Dennis West

  Dennis, it shouldn't "quit".  The Success property should be set to false, and the error caught (typically).  Sounds like a bug.

• Authorisation Group and Reports

  Hi experts,
  I need to maintain a new authorisation group for a new report that I am creating. I know authorisation group can be maintained in the table TPGP and can be assigned from there. But I wanted to know if there is any other way of linking a report to a particular Authorisation group.
  Thanks,
  Kumar

  Hi Max,
  Thanks for the reply. An already created Authorisation group can be assigned in the attributes. But what I wanted to know was to create that authorisation group, Is the only way possible is maintain it in table TPGP or is there any other way?
  Thanks,
  Kumar

• Authorisation group and Material group

  Hi Guys,
                When a user create a PO, The material group assigned to Authorization group, is allowing the user user to create PO, whose role is not assigned to the authorization group.
  I am looking for solution, to restrict user from creating PO, whose role is not assigned to authorization group.
  Is there any user exit available to solve this issue.
  Thanks

  HI,
  In PR and PO transaction, there is no authorization object that check
  the material group.
  Only the following objects are checked in ME21N :
  M_BEST_BSA
  M_BEST_EKG
  M_BEST_EKO
  M_BEST_WRK
  To fulfill your requirement, you could consider the following
  suggestions :
  - in txn ME21n and Me51n , enter the value of the material group under
    personal setting. (in txn ME21n, click on personal setting, select
    default value   > PO item, fill in the corresponding material group
    click on always propose)
  - in the customization of purchasing (spro  > material management   >
    purchasing   > Purchase order   > Define screen layout at document
    level , select field selection akth and akte and aktv, double click
    on basic data, item. for field material group, select display only
    instead of optional!
  With the above setting, the material group will always defaulted for
  users and the screen will be grey off, do not allow user to change it.
  The only setback of this suggestion is you will have to setup personal
  setting for every new user.
  If you want only restricted GroupS to be displayed as defined in a role,
  there is no workaround in the standard design. To achieve this, you
  have to modify the standard coding and add an extra authority check for
  your authorization object (eg; Z_BEST_WGR). The standard program, in
  which the authorization check for the PO position takes place is
  "MM06EF0B_Berechtigungen_Kopf".
  The attached OSS note 20534 will explain in detail, how the
  authorization check works and also provides an example of the necessary
  coding to implement the authorization check for your own authorization
  object:
  EXAMPLE :
    authority-check object 'F_KNA1_BUK'
         id 'BUKRS' field '01'
         id 'ACTVT' field '03'.
    if sy-subrc <> 0.
      message e...   "Nicht berechtigt um ...
    endif.
  BUT please take into account, that ANY changes to the standard coding is
  a modification.
  There´s no user exit available.
  I hope this helps!
  Best Regards,
  Arminda Jack

• JSP and SQL Queries

  Hello,
  If a JSP application needs Database connectivity to display some values, what is the best approch for the same.
  1. Using SQL connections with resultset
  2. Using Java Class and using the same in JSP.
  3. any other??
  what is the industry standard for the same.
  Thnx,,
  Girish

  JSP's are used to display a view (such as a user interface or a report). Database connectivity is business logic and you don't do business logic in JSP's. I would create a servlet to handle business logic and then put the database logic in seperate classes that you can call from the servlet. Then use a JSP with JSTL to display the results of the database query. Putting the business logic in seperate classes makes it reusable.
  Frameworks such as Struts, Spring, JSF, etc. work in similar ways, so I guess you can call it an "industry standard". In software development there is no such thing however, you develop to solve a problem, not to follow standards.
  If you want to do it this way I suggest you lookup these two things:
  1) how to make servlets and JSP's work together
  2) the Model View Controller pattern

• Indexes and SQL queries

  I want to know if the index would be used with this query.
  >
  I have a table with 4 columns -- columns A,B,C, and D.
  I have a unique index on columns A,B,and C.
  If my SQL statement includes only columns A and B in the where clause, would this index be used?
  The user arrived at from
  The user appears to be using Microsoft Internet Explorer 4.0 (compatible; MSIE 4.01; Windows NT)null

  Yes the index is used.
  It's important that your clause contains column A (the firsto of the index)

• Authorisation group

  hai,
  what is actually called authorisation group and how close open postinf period.

  HI Dear ,
  The authorization group is to restricted users, if you want to block the users to post documents it will be helpful to you.
  In OB52 u find two periods i.e, a)From Period 1 b)From period 2 and the last column Auth Grp.
  For example: If u want to restrict other users to post in period 1 then In From Period 1 range u can enter the period 1 to 1 to which u want to restrict the user & In From period 2 u can give the periods 2 to 2 which can be open to all users. Give  any 4 characters in the Auth Grp field and ask your basis team to assign the same to your profile with user.
  This make you to post the entries in both 1 & 2 period and leaving all other users to post only in period 2.
  Please assign points..
  Regards,
  SANDEEP

• SQL Queries in Code V/s Stored Procedures

  Hi Friend,
  Can any one of you guide me with following..
  What is faster ? using SQL Queries in Java code or using Stored Procedures which are called from code?
  I understnd Stroed Procedures are faster and definitely it provides more maintainability.
  If any one can give me any links or resources which outlines pros and cons of using Stored Proc and SQL Queries embedded in Java than it would be a great help..
  If there are any articles which proves either of the above is a preferred way, that would also help..
  Appreciate the effort in advance !!
  Thanks
  Gurudatt

  Well one benefit of Stored Procs is that you "compile" it on the database whereas you might build your query on the fly in java... test coverage is important in order not to have such things as a typo in a column name....
  Still, if you change a table, you have to go through all the procedures in SQL and likely to do so in some of your business object... and trust me, that can be hell!
  It all depends on the use of the app...
  From my experience, Stored procedure are much faster than built-on-the-fly SQL (and quite faster than prepared statements depending on the JDBC driver, the re-use of connections etc...)....
  IMHO, you'd probably be wise to start of with prepared statements, and when the schema seems stable enough (ie unlikely to change), look for the slower queries and convert them to stroed procedures.
  If you don't have to support several databases and are tight on performance, you can even include some logic in your stored procedure (e.g. update several tables, based on various selects...etc...). The language is usually quite powerful, and that can save you the run-time of selecting, converting to object , process and update (i.e. several roud-trip between DB and app)...
  Tshcuss!
  Chris

• Table authorisation group for a group of user ?

  Hi all,
  Is it possible to give read only authorisation for my ztable to enduser. i dont want to give tcode. Is it possible to do anything in Authorisation group .( normally is use &nc& ) can i create authorisation group and do something in that ? if yes can you people tel me how to do it ?
  thanks,
  Siva

  Hi Neelima,
  Is this the source of ur answer
  http://www.saptechies.com/how-to-assigncreate-authorization-group-for-a-table/
  Stop copying pasting answers from different sources, If u know the answer then only reply
  кu03B1ятu03B9к

• EA1 - SQL Formatter issues (JOINs and GROUPs and ORDER BY oh my ;)

  Great job with improving the SQL Formatter, but it still has some bugs that need to be worked out.
  The key words JOIN and it's modifiers INNER, LEFT, RIGHT and FULL OUTER are not recognized as master key words. As such they end up flush against the left margin Also when GROUP BY and/or ORDER BY key words are present in an outer most select statement the other key words are not indented far enough to be right aligned with the end of the word BY and are indented too far to be right aligned with the word GROUP or ORDER. In sub queries, GROUP and ORDER BY are correctly right aligned with their respective SELECT statements.

  We're picking up and collating the Formatter issues. I'll add these.
  Specific bug for these #7013462
  Sue

• ? in SQL Queries and not using prepared statements

  Using EclipseLink 1.1.1
  Prepared Statements are disabled
  In our production server something went wrong and one of our Read Queries started erroring. A DatabaseException was thrown and we log the "getQuery.getSQLString()" statement. We found this query in the logs:
  SELECT t1.ID, t1.NAME, t1.DESCRIPTION, t1.EXTREFID, t1.STYLESHEET, t1.DDSVNVERSION, t1.FIRSTNAME, t1.LASTNAME, t1.EMAILADDR, t1.PHONENUMBER, t1.ADDRESS, t1.ADDRESS2, t1.CITY, t1.STATE, t1.POSTALCODE, t1.COUNTRY, t1.ADMINACCTNAME, t1.HASDOCUMENTS, t1.HASTIMEDNOTIFICATIONS, t1.STATUS, t1.ENTRYDATE, t1.EVALEXPDATE, t1.LASTREMINDDATE, t1.FULLUSERS, t1.LIMUSERS, t1.REQUSERS, t1.ISENTERPRISE, t1.EXPDATE, t1.ISDISABLED, t1.DISABLEDDATE, t1.NEEDLICENSEAGREEMENT, t1.ISWARNINGDISABLED, t1.LOCALE, t1.TIMEZONE, t1.CURRENCY, t1.DOMAIN, t1.DOCUMENTSIZE, t1.EXTRADOCUMENTSTORAGE, t1.ONDEMANDOPTIONS, t1.SSOTYPE, t1.RESELLERID, t1.ACCOUNTREPID, t1.LASTUSAGEREPORTDATE, t1.NEXTUSAGEREPORTDATE, t1.USAGEREPORTATTEMPTS FROM T_SSOOPTIONS t0, T_CUSTOMERS t1 WHERE *((((t0.SSOENABLED = ?) AND (t1.SSOTYPE IN (?, ?))) AND (UPPER(t1.DOMAIN) = ?)) AND (t0.CUSTOMERID = t1.ID))*
  Notice the values weren't entered into the where clause. We had to bounce the application to fix the problem. I've never seen this before. I've added more debugging statements to the code - so if this happens again in the future I'll have more information to report on. In the mean time I'm wondering if anyone else has every seen a problem of this nature.

  Database error due to invalid SQL statement.
  I don't have a stack, we were catching the exception and not printing the stack :(
  Like I mentioned in my first post, I added more debugging code (e.printStackTrace()). I understand this is hard to track down without more information. I was just hoping you guys had seen something like this before and had any insight. Like I mentioned before: this is on our production server. I've never seen this type of error before. That particular server (we run in a cluster mode) had been up for several days and then started generating that error. IT bounced the node and everything went back to normal. We have been using toplink for about 5 years now and have never seen this problem, until August 3rd 2009. The only thing that has changed recently is our migration from toplink 10 to EclipseLink. I was wondering if anyone knows if anything had changed in EclipseLink/toplink 11 with the generation of SQL queries.
  I'll keep looking. There is more debugging code in there now. Since the error was "Database error due to invalid SQL statement" this implies the SQL was generated, exited that part of the code and was sent to the db where it failed. I'm afraid the printStackTrace won't help if this error happens again.

• SQL Query to get All AD Groups and its users in Active Directory

  Hi,
     Is there any query to get all AD groups and its user in an instance of a SQL server?

  Check this blog.
  http://www.mikefal.net/2011/04/18/monday-scripts-%E2%80%93-xp_logininfo/
  It will give you more than what is required. If you dont want the extra information,then you can try this.. I took the query and removed the bits that you might not require.
  declare @winlogins table
  (acct_name sysname,
  acct_type varchar(10),
  act_priv varchar(10),
  login_name sysname,
  perm_path sysname)
  declare @group sysname
  declare recscan cursor for
  select name from sys.server_principals
  where type = 'G' and name not like 'NT%'
  open recscan
  fetch next from recscan into @group
  while @@FETCH_STATUS = 0
  begin
  insert into @winlogins
  exec xp_logininfo @group,'members'
  fetch next from recscan into @group
  end
  close recscan
  deallocate recscan
  select
  u.name,
  u.type_desc,
  wl.login_name,
  wl.acct_type
  from sys.server_principals u
  inner join @winlogins wl on u.name = wl.perm_path
  where u.type = 'G'
  order by u.name,wl.login_name
  Regards, Ashwin Menon My Blog - http:\\sqllearnings.com