Authorization based on a table

Similar Messages

• RFC-enabled authorization checks for specific tables?

  I am developing an Excel application which calls several BAPIs and RFC-enabled FMs, most notably RFC_READ_TABLE.  While I will provide security at the FM level by checking S_RFC for these FMs, I need to find a way of restricting access for users to specific tables based on certain table fields?  Is there any SAP-delivered FM/BAPI that will let me do this?
  My understanding is that although RFC_READ_TABLE does check S_TABU_DIS, it only checks tables based on their belonging to a particular table class—It is not checking authorization for an individual table. What this means is that users will need to have access to the table class or classes to which the table or tables belong, for any tables that are being read by RFC_READ_TABLE.
  Please correct me if I am wrong in my understanding, or if there is a standard solution for a situation like this.

  Hi john,
  1. What this means is that users will need to have access to the table class or classes to which the table or tables belong, for any tables that are being read by RFC_READ_TABLE.
  U are perfectly right.
  2. The users will have to be given rights
     NOT TABLE WISE,
     But authorisation group wise.
  3. Note : S_TABU_DIS
     The main purpose of this authorisation object
     is for standard tools like sm30 only.
     Its also used in the FM RFC_READ_TABLE .
  regards,
  amit m.

• Implementing authorization based on database roles

  Hi,
  I am trying to implement authorization in my sample jdeveloper application.
  I have the list of users stored in LDAP and my database table contains the roles for those users.
  Now how can I get the roles from the database table and implement authorization based on the roles?
  I am using jdev 11 and weblogic 10.3
  Thanks

  Hi,
  Checkout [this post|http://forums.oracle.com/forums/thread.jspa?threadID=928304]
  Sireesha

• Want to update data in a view based on multiple tables

  Hi
  I am facing a problem i want to update data in tables using a view. As that view is based on multiple tables so i am unable to update data. i came to know we can update table from view only if view is based on single table. so if anyone knows any alternative please let me know.
  Thanx
  Devinder

  Devinder,
  The table can be updated through a view based on multiple tables, if and only if the table is a "key preserved" table. Rather than explaining myself, i avoided the burden of typing by finding the material in Oracle Docs and pasting it for you :-)
  If you want a join view to be updatable, all of the following conditions must be
  true:
  1. The DML statement must affect only one table underlying the join.
  2. For an INSERT statement, the view must not be created WITH CHECK
  OPTION, and all columns into which values are inserted must come from a
  key-preserved table. A key-preserved table in one for which every primary
  key or unique key value in the base table is also unique in the join view.
  3. For an UPDATE statement, all columns updated must be extracted from a
  key-preserved table. If the view was created WITH CHECK OPTION, join
  columns and columns taken from tables that are referenced more than once
  in the view must be shielded from UPDATE.
  4. For a DELETE statement, the join can have one and only one key-preserved
  table. That table can appear more than once in the join, unless the view was
  created WITH CHECK OPTION.
  HTH
  Naveen

• Analysis Authorization based on Hier node with multiple display hierarchies

  Hi guys - I've got a problem where s.o. might have an idea of how to switch on the light at the end of the tunnel, I am currently standing in:
  Requirement:
  Cost Center Authorization should be given through RSECADMIN, reporting should be possible for any hierarchy that exists for the authorization relevant info object.
  Preferred solution:
  The Cost Center Analysis Authorization should be given through RSECADMIN - Hierarchy node assignment.
  u2022     A dedicated Authorization Cost Center Hierarchy will be maintained in ECC6 as an alternative cost center hierarchy and extracted into BW.
  u2022     The RSECADMIN Hierarchy node assignment should be based on a particular node (Type 2).
  u2022     The display level will be specified as required (here: Level 7)
  u2022     The Authorization granted should be independent of hierarchy name and version (validity 3).
  Reporting Scenario and technical impact:
  As mentioned above, when designing and running a query the user should be able to freely select other (i.e. than the authorization) display hierarchies for the authorization relevant reporting object 'Cost Center' as well. The technical names of the semantically relevant hierarchy nodes could therefore vary. E.g. cost centers 1, 2 and 3, being assigned under hierarchy node u2018Au2019 of the RSECADMIN relevant authorization hierarchy, could be subsumed by hierarchy node u2018Bu2019 in another display hierarchy, which the user may want to display in accordance to his reporting needs. Ideally, the alternative display hierarchy should therefore display node u2018Bu2019.
  My findings so far (based on prototyping) turn out that this is not possible as long u2018Bu2019 (and its hierarchy) is not authorized in RSECADMIN. Can these findings be confirmed? And if not, would anyone have an idea of how to facilitate the reporting scenario?
  Would there be any other way to grant access, possibly based on RSECADMIN single values, and also enable the user to flexibly display hierarchies with only those hierarchy nodes whose single cost center values the user has been given access to?
  Thanks everyone for your input...
  Claus
  Edited by: Claus64 on Jul 13, 2009 4:10 AM

  HI CLause,
  On Jul 14 2009, you wrote in SDN and said:
  FYI: Found a solution...
  The hierarchy analysis authorization will be based on a navigational attribute of cost center.
  With analysis authorizations it is possible to declare the Auth object (e.g. 0COSTCENTER__RACCAUT0) as authorization relevant and leave the superior object 0COSTCENTER auth irrelevant.
  The auth will be given for 0COSTCENTER__RACCAUT0. This object will be placed as a filter of the query, being restricted by an Authorization variable for hierarchy nodes.
  Due to the concept of Analysis Authorizations, this variable will automatically pick up the nodes granted as part of RSECADMIN Hierarchy based Authorization.
  As mentioned above, 0COSTCENTER as the regular reporting characteristic remains auth irrelevant and can therefore take any hierarchy thatu2019s available. Reporting on single values will be possible, too. Only those nodes show up that hold the authorized cost centers in accordance to the authorization.
  If the auth relevant 0COSTCENTER__RACCAUT0 is not used in the query definition by either not taking it in as a filter or skipping the Auth variable, the query will launch the message that the authorization is missing. No data show up at all.
  Claus
  See this thread:
  Analysis Authorization based on Hier node with multiple display hierarchies
  I am also in the same situation as you and need to understadn your solution. I understand that you created a Nav Attr on 0COSTCENTER and made this auth relevant whilst ensuring that 0COSTCENTER is NOT auth relevant. This is all fine. The issue was you have multiple hierachies for 0COSTCENTER, how did the new Nav Attr help you solve your issue. When loading 0COSTCENTER what values did you load ino the new Nav Attribute and how did that link to the hierachies? Also, in RSECADMIN you created hiearchy nodes based on the Nav Attribute but I am confused as to what values you have in the Nav Attr.
  I appreciate if you can share your solution from the past in more details.
  many thanks

• Report S_ALR_87013105 : no authorization for the report/ table 7KU6_001

  Hi Gurus,
  While executing the program S_ALR_87013105 (Detailed Reports 
  For Sales Order : Plan/Actual Comparison ) system showing the selection log.
  "Have no authorization for the report/table  7KU6_001 and 7KU6_002".
  But for the user the authorization check through SU53 was successful.
  Pl can any one suggest on this issue.
  Thanks in advance,
  Vijay

  Hi,
  Contact your basis consultant to provide the missing authorisation. This is one of the authorisation object.
  Regards,
  Sankar

• How to add a new row in Tabular Form based on a table

  Hi
  I have tabular form based on a table.
  I want the table to have an empty row when there is no data
  in the table so that I can enter data directly.
  But right now whenever the page is launched, its showing a no data found message and I have to press the 'Add Row' button to enter data.
  Can anyone help me out on this?
  Thanks

  Hi Leo
  Your suggestion works fine in the APEX 2.1
  But in 3.0.1 it gives this error :
  Error in add row internal routine: ORA-01476: divisor is equal to zero
  Error Unable to add rows.
  I am not sure why this happens.

• Exception Handling for a Form Based on a Table

  I created a form based on a table. If a user tries to enter a
  record with key data that matches an existing record, Oracle
  Portal creates a page and displays:
  Error:
  An unexpected error occurred: ORA-00001: unique constraint
  (TIMETRACK.SYS_C007185) violated (WWV-16016)
  How can I capture this exception so that I can display a
  friendlier error message (via a JavaScript alert or other
  means) instead of this page?
  Fran

  James, I tried your suggestion as follows:
  doInsert;--- This is the default handler
  Exception
  when DUP_VAL_ON_INDEX then
  p_session.set_value(
  p_block_name => "_block",
  p_attribute_name => '_STATUS',
  p_value => ' Time has already been entered for this project on
  this date. Click the Back button to return to the MIM Time
  Entry page. ');
  Raise;
  end;
  It did nothing. All I got was the default message.
  I then changed '_STATUS' to 'A_STATUS'. The resulting error
  message was: "Error: (WWV-00000)"
  ON A RELATED NOTE...
  I discovered while testing this form on IE 5 on a Mac, that
  additional error messages are generated. With IE 5 on WindowsNT
  only a message regarding the unique constraint is produced. On
  the Mac there is an additional message "No conversion performed
  for type INTEGER, value is NsNu (WWC-49102)"
  Anyone have any thoughts as to why the output of system
  generated errors should differ between a PC and a Mac?
  Fran

• Open Form Based On A Table in same window

  Hi All,
  First to make things clearer I'll explain what I CAN do:
  Create a page which queries a session variable at the start and then
  depending on its value outputs different HTML, but always in the same
  format and more importantly the same window, to keep the look and feel etc...
  I have a link in a page which when clicked opens a form using wwa_app_module.link
  so it auto queries the form. This works fine.
  What I CAN NOT do is:
  The form was created using the "form based on a table wizard" and always opens
  in a new window.
  Can I make the form open in the same window that contains my wwa_app_module.link?
  Is this possible in a newer version that I have (I got Release 1)
  Any Suggestions?
  Cheers,
  Barry

  Firstly thanks Rahul Dubey for responding.
  What I mean by " contains my wwa_app_module.link? " :
  I have a form which contains a link similar to the one below:
  http://xxx.co.uk:8015/pls/pod130/PORTAL30.wwa_app_module.link?p_arg_names=_moduleid&p_arg_values=1389245486&p_arg_names=EMPNO&
  p_arg_values=7654&p_arg_names=_empno_cond&p_arg_values=%3D%3E
  When I click on this link it opens the form and runs a query automatically.
  The problem is I want to click on the link and have the form appear in the
  same window, not a new one.
  Cheers,
  Barry

• Child table child column count based on pareent table

  Hi ,
  I have requirement to generate a report .
  based on parent table I want find out child table and child key count.
  In the below query i will give parenet table name it will give child table details and child key details
  "SELECT b.table_name as table_name , d.column_name, b.R_CONSTRAINT_NAME
  FROM user_constraints a, user_constraints b, user_ind_columns c, user_cons_columns d
  WHERE a.constraint_type = 'P' AND
  a.CONSTRAINT_NAME = b.R_CONSTRAINT_NAME AND
  b.CONSTRAINT_TYPE = 'R' AND
  a.table_name = c.table_name AND
  a.constraint_name = c.index_name AND
  b.CONSTRAINT_NAME = d.constraint_name AND
  a.table_name = 'TABLENAME' "
  eg ; here I will give dept table name I want emp table details
  Example output
  Childtable. Childkey Count
  EMP 10 5
  EMP 20 10
  EMP 30 5
  .....etc.
  Please any body has solution for my requirement please help me .
  Thanks
  Edited by: tmadugula on Oct 26, 2012 6:25 AM
  Edited by: tmadugula on Oct 26, 2012 6:28 AM
  Edited by: tmadugula on 26 Oct, 2012 11:08 AM
  Edited by: tmadugula on 26 Oct, 2012 11:21 AM
  Edited by: tmadugula on 26 Oct, 2012 11:30 AM

  Is what you are really asking is how many FK point to a specific table? If so, then you do not need the join to user_ind_columns or to user_cons_columns. You just join user_constraints to itself on a.r_constraint_name = b.constraint_name and b.table_name = target_table
  A FK has to point to the PK or UK of the referenced table so the number of columns pointed to will equal the number of columns in the constraint so I see no need to try to count the individual column references as it will equal the number of FK to the PK or UK constraint.
  HTH -- Mark D Powell --

• How change the graph dynamically based on pivot table.

  Hi,
  My Report having pivot table and bar chart. Organization Name column set as pivot table prompts in pivot table.So Organization Name is appear as dropdown list.If i choose the diffrent Organization Names the pivot table data is according to the Organization Name but no changes in chart.How change the Graph dynamically based on pivot table.
  Please help on this.

  ok.I created pivot table with 4 columns and created chart using pivot table chart options but all 4 columns are displaying chart.But I need only 2 column in chart ..unable to edit the only chart in pivot table.Please help on this.Thank you..

• Can't create MDFORM based on detail table with upload field

  Has anyone suceeded in creating a Master Detail Form based on a detail form which has an upload field (blob column)?
  I created a table (workingorders) and I want to attach documents to these orders so I created a table (attachments) which holds the attached documents and created a FK between workingorders and attachments. When I create a MD-form based on these tables I get the error:
  Exception from wwv_generate_component.build_procedure (WWV-01821)
  Error creating module: ORA-01403: no data found (WWV-16042)
  When I use a detail table without the BLOB column I don't get this error and everything works just fine.
  any ideas?
  Edward

  Yes, there was a problem when there was a blob field only in the detail table. This has been addressed in patch 3.0.9.8.4 (to be released shortly).
  Till then you will have to put corresponding dummy blob columns in the master table to create the form.

• How to restrict authorization based on profit center in ke80 report

  hi friends
  we have a situation where we need to maintain the authorization based on profit center in ke80 report. The authorzation object K_PCA is not working. whenever we assign a particular profit center and then generate the profile, we still get the message no autjorization and when we check su53 it shows it needs '' asterisk. but we cant assign the asterisk as we have 5 subsidaries and there are using 5 different set of profit centers so assigning asterisk () would be comprimising on our security.
  does anybody came across this situation and if yes how did they resolve this?
  I need your suggestions on how to maintain this restriction.
  Regards,
  Imran

  Hi Friends
  The problem has beend solved. It turns out that this is a report writer issue. We raised the issue with SAP and they informed that 'For Report Painter/Writer every item is checked if you have the authori-zation or not. Only the items with authorization fullfilled will be displayed afterwards'.
  Based on SAP answer we created different reports for each profit center/company code.
  I would like to thank you all for your time and inputs.
  Regards,

• Add column to user defined type based on existing table

  Hello guys,
  I am trying to compile my function which returns a user defined type based on existing table. Throughout the initializing process though my query returns one additional column - SCORE(1). Here is my package:
  create or replace
  PACKAGE STAFF_AGENCY_PKG AS
  TYPE TYPE_SEEKER_TABLE IS TABLE OF TOSS.SEEKER%ROWTYPE;
  FUNCTION GET_SEEKERS(IN_KEYWORD IN VARCHAR2)
  RETURN TYPE_SEEKER_TABLE PIPELINED;
  END STAFF_AGENCY_PKG;
  create or replace
  PACKAGE BODY STAFF_AGENCY_PKG
  AS
  FUNCTION GET_SEEKERS(IN_KEYWORD IN VARCHAR2)
  RETURN TYPE_SEEKER_TABLE PIPELINED
  IS
  R_TBL TYPE_SEEKER_TABLE; -- to be returned
  BEGIN
  FOR R IN(
  SELECT Seeker.SEEKER_ID,
  Seeker.FIRSTNAME,
  Seeker.LASTNAME,
  Seeker.NATIONALITY,
  Seeker.ISELIGIBLE,
  Seeker.BIRTHDATE,
  Seeker.ISRECIEVEEMAILS,
  Seeker.HIGHESTDEGREE,
  Seeker.ETHNICITY,
  Seeker.GENDER,
  Seeker.ISDISABILITY,
  Seeker.DISABILITY,
  Seeker.CV,
  Seeker.PASSWORD,
  Seeker.PREFFERED_CITY,
  SEEKER.EMAIL,
  SEEKER.JOB_PREFERENCES_ID,
  SCORE(1)
  FROM SEEKER Seeker
  WHERE CONTAINS(CV, '<query>
  <textquery lang="ENGLISH" grammar="context">' ||
  GET_RELATED_CATEGORIES(IN_KEYWORD) ||
  '</textquery>
  <score datatype="INTEGER"/>
  </query>', 1) > 0
  LOOP
  PIPE ROW(R); --Error(38,10): PLS-00382: expression is of wrong type
  END LOOP;
  RETURN;
  END GET_SEEKERS;
  END STAFF_AGENCY_PKG;
  How do I need to amend my user type in order to suffice?
  Oracle Release 11.2.0.1.0
  Many thanks in advance!

  >
  How do I need to amend my user type in order to suffice?
  >
  You will need to create two new TYPEs. One that has all of the columns of the TOSS.SEEKER table and the new SCORE column and then a TYPE that is a table of the first type.
  See the Example 12-22 Using a Pipelined Table Function For a Transformation in the PL/SQl language reference
  http://docs.oracle.com/cd/B28359_01/appdev.111/b28370/tuning.htm#i53120
  Here is the first part
  -- Define the ref cursor types and function
  CREATE OR REPLACE PACKAGE refcur_pkg IS
    TYPE refcur_t IS REF CURSOR RETURN employees%ROWTYPE;
    TYPE outrec_typ IS RECORD (
      var_num    NUMBER(6),
      var_char1  VARCHAR2(30),
      var_char2  VARCHAR2(30));
    TYPE outrecset IS TABLE OF outrec_typ;
  FUNCTION f_trans(p refcur_t)
        RETURN outrecset PIPELINED;
  END refcur_pkg;
  CREATE OR REPLACE PACKAGE BODY refcur_pkg IS
    FUNCTION f_trans(p refcur_t)
     RETURN outrecset PIPELINED IS
      out_rec outrec_typ;
      in_rec  p%ROWTYPE;
    BEGINModify
    TYPE outrec_typ IS RECORD (
      var_num    NUMBER(6),
      var_char1  VARCHAR2(30),
      var_char2  VARCHAR2(30));
    TYPE outrecset IS TABLE OF outrec_typ;to include all of the columns you need. Unfortunately you will have to manually list all of the columns of the TOSS.SEEKER table. If you expect to need this same structure in other places you should create them as SQL types instead of PL/SQL types.
  This example should be enough to show you how to change your code to do something similar.

• Can Shuttles be based non-base  table ViewObjects with transient attributes

  Hello,
  Users have to select records from a data collection and a Shuttle looks most appropriate/nice for this purpose. We can introduce technical intersection tables in order to generate the Shuttles with JHeadstart 10g R3 if necessary, but there is no “functional” need to update any data in the database and therefore it would be practical if the ‘right’ side from a Shuttle can be based non-base table ViewObjects with transient attributes only. So, our interested is to know which records have been selected, i.e. moved to the right side from the Shuttle.
  Hope that my question is clear enough.
  Greetings,
  Michael

  Michael,
  This cannot be generated out-of-the-box.
  It is easiest to add the shuttle post-generation to your page, and then create a custom template to generate your custom shuttle into the page. I suggest you take a look at an example of a generated shuttle in a page, and the JHeadstart IntersectionShuttleBean class. You will see that the value property of <af:selectManyShuttle> points to the selectedKeys method in the JHeadstart Shuttle bean. In your case, you can create your own managed bean and bind the value property to your own method which will provide you access to the selected rows. The value property of the selectItem within the af:selectManyShuttle determines the property that is used to identify the selected row (which is the row key in case of Jhs-generated shuttles).
  Steven Davelaar,
  JHeadstart Team.