Change access in SE16

Hi
I have a certain role assigned to a user in the D system which gives change access to a table (SE16). However the same role when moved to P system has some issues. The change access has disappeared. When I go to SE16 to make some changes to the table I see that the user can only display.
Any ideas on this will be greatly appreciated.
ravi

as the 'old' basis guy, may i suggest to refrain from authorizing SE16(N) at all (at least not so widely spread). this may turn out to be a real performance-killer as users always try to Excel-Download the biggest tables available (BSEG, ESSL, MSEG ... you name them)
use SM30 for customizing tables if in need, better still: create a maintenance-view with its own transaction attached for the tables that need viewing (or maintenance).
for database-tables authorize SQVI if in need or SQ01 and make sure you teach your users well. both tx. have the (assuredly small) advantage that there's coding generated that will take to existing indices (if available). one cannot say that of SE16.
for all others goes what Auke says. do not attempt to change data on db-tables manually, except your are VERY sure of what you are doing. i haven't seen a lot of that though.

Similar Messages

  • Roles with Change Access to Table Maintenance

    Hello,
    We have many roles that have S_TABU_DIS-Table Maintenance, 02-Change access, *-Auth. Group. Many of these roles have very few transactions and are not Basis\Development related. My questions are what transactions do I need to make sure these roles don't have to so they can't change data in Tables? I know SM30 and SE16, any others? Also second question, should I be worried if these roles do not have the access to start these transactions but do have the access given in the S_TABU_DIS object?
    Thank You,
    Alex

    1. Asides from SM30 and SE16 you already mentioned, 'SE16N' and 'N' come to mind. Maybe there are others.
    2. Yes. You should be worried. Users could get authorizations for any of the aforementioned transactions from another role and get authorization to change all the tables from this role. Bad Stuff.
    I suggest that you figure out why exactly these roles includes S_TABU_DIS object with change authorizations for all table groups. Once you have that figured out - you can take appropriate actions. In my mind, it would be very hard to justify having S_TABU_DIS with 02/* in any role.

  • How to restrict the change access in CRM for OLTP orders

    Hi Guru's,
    Please let me know  how to restrict the change access in CRM for the orders that are created in ECC. The ECC orders will only for display in CRM but not for change,
    We have  the orders that are  created in ECC, it will flows to CRM and should restrict the access to get in to the change mode in CRM but as of now CRM  system is allowing change mode for ECC orders and ending up with errors.
    Is there any additional middleware parameter that needs to be added to SMOFPARSFA table to get this functionality! Please advice! Thank your for your help.
    Regards
    Suneel

    Hi.
    You can use the PFCG role to control if the user is able to create, change, delete or only display a business transaction type.
    Regards.

  • Is there api function to change access mode and set a passcode to recording in meeting?

    Is there api function to change access mode and set a passcode to recording in meeting?
    When I'm trying to use "action=acl-field-update&acl-id=SCO_ID_RECORDING&field-id=meeting-passcode&value=MY_PASSC ODE" it just clean the password and do not set it or change.
    And "action=permissions-update&acl-id=SCO_ID_RECORDING&principal-id=public-access&permission- id=view-hidden" do not work too.

    There is not a specific API for doing this. This was discussed in the other Connect forum here, Adobe Connect User Community.
    For you call I would make the second part differently. Instead of 'field-id=meeting-passcode&value=MY_PASSCODE' I would call 'meeting-passcode=MY_PASSCODE' and see if that worked better.

  • Limit change access to all useres exept the one that created the document

    Hi,
    I wonder if it's possible to limit the change access only to the user that has created the document when it's in a specific status.
    This is what the customer wants:
    When a document is set to status K the document should be locked and no other users should be able to create a new version.
    There should be a admin group that can create new versions and change the document. - This is solved
    Best regards Kristoffer

    Hi Krip,
    generally I would recommend you to maintain one status of type 'O' for a document type in your system. This kind of status will allow a second user to display an already checked out original. If user A checks out the original and there is such a status maintained for this document type the system will change the status automatically to this status of type 'O'. Then a second user is able to display the last checked in version of this original in CV03N too. Without such status type the second user is not able to display the checked out file. This was implemented to avoid that two users may be able to change the same original at the same time. I hope this information could be useful for you.
    Best regards,
    Christoph

  • How to change access point name

    Need to know how to change access point name for straight talk on iPhone 4

    There are several other threads here about doing this, or you can look up the "sim swap" method, documented here: http://www.jgmedia.biz/how-to-get-data-and-mms-working-on-straight-talk-iphone-4 -and-iphone-4s-on-ios-6-updated-sim-swap-method/. This does require temporary access to a T-Mobile or Simple Mobile SIM/Micro-SIM card.

  • Allowing only 'display' & no 'change' access within J2EE

    Hi Experts
    We're on EP 6.0 -SP11 WAS 6.40. We've only installed the Java stack & we use the ABAP as the UME data source. All the id's in the ABAP system appear at the J2EE level, For our J2EE administartion for using tools like the Visual Administrator we use the J2EE Administrator id J2EE_ADM_EPP(id created in ABAP before we started the WAS installation), this id allows change as well as display access in the J2EE, for the standalone log viewer also we use this id to connect from our client PC's.
    1. I want to know if there is a way by which we can connect to the J2EE using an id which is only allowed 'display' access & no 'change' access. This is to allow passing some J2EE administration functionality to some persons whom we don't to make any changes.
    2. For using the stand-alone log viewer can we connect using any J2EE id, which is not given the 'administrator' role within J2EE engine.
    Thanks & Rgds,
    Abhishek

    data: cursorfield(20).
    if sy-tcode = 'MM02'.
      get cursor field cursorfield.
      if cursorfield = 'MARA-BISMT'.
        authority-check object 'ZMDOLDMAT' id 'BISMT' field input
                                           id 'ACTVT' field input.
        if sy-subrc = 0.
          exit.
        else.
          message e009(zmd) with
           'You dont have authorization to change' 'OLD MATERIAL NUMBER'.
        endif.
      endif.
    else.
      exit.
    endif.
    I am using the above code.. its working fine for my purpose but when they dont want to change the value of BISMT then its blanking out the value on the screen..
    Any idea why its happening ??
    thank you,
    Suresh

  • Change access request email

    Hello, 
    By default the change access request email is set to [email protected]
    We want to change that to our own email, for obvious reasons. So we use this piece of powershell:
    $webapp = Get-SPWebApplication "http://sharepointtest"
    $currentEmail = "[email protected]";
    $newEmail = "[email protected]";
    foreach($site in $webapp.Sites)
    foreach($web in $site.AllWebs)
    $url = $web.url
    Write-host $url
    if (!$web.HasUniquePerm)
    Write-Host "Access Request Settings is inherted from parent."
    elseif($web.RequestAccessEnabled)
    Write-Host "Access Request Settings is enabled."
    write-host $web.RequestAccessEmail
    if ($web.RequestAccessEmail -eq $currentEmail)
    Write-Host "Email needs to be updated."
    $web.RequestAccessEmail = $newEmail
    $web.Update()
    Write-Host "Email changed successfully!"
    else
    Write-Host "Access Request Settings not enabled."
    However in order for this to work... under our web application, SharePoint - 80 under user permissions we have to have "Manage Permissions" (under site permissions) checked. However in our environment we DO NOT want that checked! Without this step
    power shell errors with access denied.
    Unless there is an easier way of doing this what I would like to do is automate the checking of that box to go before my script and the unchecking of that box after the above script runs. However I do not possess the knowledge to do that. 
    Requesting help, if someone knows the code? OR an alternative easier way of changing the default email. 

    Hello Yes I did get it working. 
    However a small issue occurs. Once you run this and have someone access site, they should get the page that has them type in why they want access to the site. 
    The first time someone goes to the link to do this, there is a 403 Forbidden error, once you submitted the details describing why you need access. IF you refresh you will then see the access request page again BUT it will show what you previously typed.
    HOWEVER, that doesn't get sent out in an email, you must insert another block of text into the access request field then click submit, which then sends out an email.
    Hope that makes sense, and if anyone knows why it does that?
    Here is the code:
    Add-PSSnapin -name "Microsoft.SharePoint.PowerShell"
    $webApp = Get-SPWebApplication -Identity http://sharepointtest/
    #if enable: $true;
    #if disable: $false;
    $allowManagePermissions = $true
    $newPermissions=$null
    if ($allowManagePermissions)
    $newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)
    else
    $newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -band [System.Int64](-bnot ([System.Int64][Microsoft.SharePoint.SPBasePermissions]::EmptyMask -bor [System.Int64][Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)))
    $webApp.RightsMask = $newPermissions
    $webApp.Update()
    Start-Sleep -s 05
    $webapp = Get-SPWebApplication "http://sharepointtest"
    $currentEmail = "[email protected]";
    $newEmail = "The email you want to change to";
    foreach($site in $webapp.Sites)
    foreach($web in $site.AllWebs)
    $url = $web.url
    Write-host $url
    if (!$web.HasUniquePerm)
    Write-Host "Access Request Settings is inherted from parent."
    elseif($web.RequestAccessEnabled)
    Write-Host "Access Request Settings is enabled."
    write-host $web.RequestAccessEmail
    if ($web.RequestAccessEmail -eq $currentEmail)
    Write-Host "Email needs to be updated."
    $web.RequestAccessEmail = $newEmail
    $web.Update()
    Write-Host "Email changed successfully!"
    else
    Write-Host "Access Request Settings not enabled."
    Start-Sleep -s 05
    $webApp = Get-SPWebApplication -Identity http://sharepointtest/
    #if enable: $true;
    #if disable: $false;
    $allowManagePermissions = $false
    $newPermissions=$null
    if ($allowManagePermissions)
    $newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)
    else
    $newPermissions=[Microsoft.SharePoint.SPBasePermissions]($webApp.RightsMask -band [System.Int64](-bnot ([System.Int64][Microsoft.SharePoint.SPBasePermissions]::EmptyMask -bor [System.Int64][Microsoft.SharePoint.SPBasePermissions]::ManagePermissions)))
    $webApp.RightsMask = $newPermissions
    $webApp.Update()

  • Is there a way  we can control Display access in SE16 at the row level?

    Table MARC has material master data at plant level,i want a user to be able to view only plant A via SE16.SAP has  objects to control access in MM03 but how can we control view access in SE16 without totally eliminating the table access.
    If not are there any alternatives?Like develop ZSE16 or create a new DB view etc?Appreciate your reply

    This link has some info where OB52 is restricted by company code - the principles may apply to your application though you will need to create a transaction for it
    http://www.sap-img.com/zf011.htm
    it also won't be any use if the user has SE16 or similar - though you don't give these if you want to restrict at any level lower than groups of table
    hope that helps
    cheers
    alex

  • How to change access path for 'where' clause by using HINTS?

    I searched a loooot of posts and haven't found a solution for my case. I don't even know whether it is possible or not. Is it possible to change the sequence of Oracle "Predicate Information"?
    Here is my SQL and Oracle's execution plan.
      SELECT Max(logId) AS logId FROM online_users_t
      WHERE online_users_date >= to_date('2011-09-19 10:00:00') - 3.2 AND online_users_date <= to_date('2011-09-19 10:00:00') AND online_users_result in (1, -1)
      GROUP BY online_users_user
    | Id  | Operation                    | Name               | Rows  | Bytes | Cost (%CPU)| Time     |
    |   0 | SELECT STATEMENT             |                    | 24800 |   629K|  1336   (1)| 00:00:17 |
    |   1 |  HASH GROUP BY               |                    | 24800 |   629K|  1336   (1)| 00:00:17 |
    |*  2 |   TABLE ACCESS BY INDEX ROWID| ONLINE_USERS_T     | 38833 |   985K|  1334   (1)| 00:00:17 |
    |*  3 |    INDEX RANGE SCAN          | ONLINE_USERS_T_IDX |   116K|       |   313   (1)| 00:00:04 |
    Predicate Information (identified by operation id):
       2 - filter("ONLINE_USERS_RESULT"=(-1) OR "ONLINE_USERS_RESULT"=1)
       3 - access("ONLINE_USERS_DATE">=TO_DATE(' 2011-09-16 05:12:00', 'syyyy-mm-dd
                  hh24:mi:ss') AND "ONLINE_USERS_DATE"<=TO_DATE(' 2011-09-19 10:00:00', 'syyyy-mm-dd
                  hh24:mi:ss'))I have 2 conditions in my 'where' clause, one is date range and the other is 'online_users_result in (1, -1)'. It seems that Oracle filter the table by using 'online_users_result in (1, -1)' first, then access it through date range.
    What I want to do is firstly filtering the table by using date range followed by other things. How can I do it?
    Any clue or help would be highly appreciated.
    Thanks in advance.

    It seems that Oracle filter the table by using 'online_users_result in (1, -1)' first, then access it through date range. No it's not.
    What I want to do is firstly filtering the table by using date range followed by other things. How can I do it?That's precisely what it's doing now.
    It is using the T_IDX index to quickly find all rows that satisfy the range predicate on the date column.
    And then filter those rows to only retrieve the ones that satisfy the other predicate (... in (1,-1)).

  • How to change Access Mode of HANA Stored procedure

    Hi,
    When you are creating a stored procedure as design time object, one of the option is access mode (either read only or read/write).
    I understand read only is default setting in HANA DB, and unless you explicitly change the setting you cannot read/write using stored procedure.
    My question is, is there way to change this setting, so I have option to choose either read or read/write when I create a stored proc?
    Thank you.
    Hyun

    Hi Hyun,
    Please have a look on this thread:
    Create local temporary table in procedure
    You have to enable sqlscript_mode to UNSECURE as mentioned by lars.
    Then depending on whether you are specifiying "READS SQL DATA" it will act as a READ procedure else as a WRITE procedure.
    Regards,
    Krishna Tangudu

  • Inner Classes Changing Access Rights Of Parent  Members

    I read that if you access a parent class's private memebers or methods from within an inner class, those members of methods will automatically and silently be converted to having package access. This seems dangerous and I'd like to know how I could design around it.
    Here is my current dilemma. I have an EventHandler class whose handleEvent() method changes with the object's state. I've implemented this using the Strategy Pattern, where the Strategy objects are inner classes of EventHandler. The problem is that these Strategy objects need access to certain private members and methods of their parent. There is no reason, however, to give package access to these members and methods. What can I do? Or does this suggest that I need a design change? Other than this issue, though, I'm quite happy with the design.
    Thanks for any thoughts,
    John

    When inner classes access private fields or methods, the compiler generates new package-private methods
    with names like "access$000":
    import java.lang.reflect.*;
    public class X {
        private void x() {}
        class Y {
            public void y() {
                x();
        public static void main(String[] args) {
            Method[] methods = X.class.getDeclaredMethods();
            for(int i=0; i<methods.length; ++i)
                System.out.println(methods.getName());
    So it's not correct that the access to fields or methods is changed, just that additional methods are added.
    Unless you're in the habit of writing method names that contain '$', I think it's unlikely that you'll directly call
    these new methods, and if you do, it should be easy to spot!

  • Issue with changing Access Service in ACS 5.2

    Hi,
    I am working on lab setup where I installed ACS 5.2 I created new access service and used it in existing service selection rule (Rule-2) earlier but it didn't work. Later I created new service selection rule and applied new service access rule. However even after this change it keeps applying predefined default access access service. Please refer attached picture for better understanding.
    As shown, I want Aks-Rule to work and apply service 'Lab-Policy' however it keeps referring Rule-2 and applies 'Default Device Admin' access service even after I disable it. 
    I have to restart ACS service from CLI console to make it work. Is this a bug or am I missing anything. Please advise guys.
    Regards,
    Akshay

    Since the policy AKS is top in sequence under service selection rule so it should hit for sure. As you wrote that even after disabling the default device admin, then also request is hitting the same and restarting the ACS services resolved the issue. The symptoms of your issue are exactly same as stated in this defect.
    CSCuo93378    Certain browsers cause ACS database corruption
    Due to this issue we have seen cases where request hits the disable and default policies without any reason. Actually accessing ACS via chrome mess around with all the operators in conditions.
    The only workaround is to access all the rules and conditions in supported browser. Ensure all the operators are correct, save the changes and restart the ACS services.
    The issue seems to be fixed in ACS 5.5 patch 5
    Regards,
    Jatin

  • Tcl script to change access vlan based on MAC address

    Hello all.  I'm looking for some input on how best to handle this situation. I have a large nework with a lot of remote offices where we have limited control over users moving around patch cables. We're using vlan-based QoS in these office to mark voice, video, data. etc. The problem I'm having is that our users are moving video conferencing equipment to different interfaces on our swithes, which puts the VTC unit in a different vlan, fouling our QoS policy.  They then call and complain about poor video quality.
    I'm trying to come up with a way to automate putting the interface in the video vlan if a VTC unit is connected. All of our video conferencing units are from the same vendor, so they have same OUI in the MAC address. The script I've been working on looks for a line protocol up event, then checks to see what access vlan is configured on the interface. If the interface is already in the video vlan, the script exits.  if the interface is not in the video vlan, the script looks at the MAC address table for the interface and if the OUI matches a VTC unit, the script changes interface configuration. My question is, is there a better event to trigger script execution? Maybe a MAC notification trap, or something else? Line protocol transitions when the access vlan is changed, so the current script runs twice: once when the interface first comes up with a new connection, and again when the vlan is changed. 
    Script is attached.  Any help or advice is appreciated!

    Does your video equipment use CDP?  If so, then you can use the neighbor-discovery event detector to only react when you see a media endpoint being connected to a port.  Yes, MAC address notifications (the mat ED) can also work if you know the MACs of your media endpoints.

  • Material master change access for a particular field

    Dear Experts,
    Can any one suggest me the posibility of doing the folliwing change.
    Client needs to give the access to a user for MM02 transaction for updating only one field.
    In Material master -- Plant data/Storage 1 view, there is a field called storage bin.  (if we mention storagle location then only this field will be populated), user has to allowed to change this field only, he should not allowed to change the ramining fields in that view.
    Please suggest me the posibilities for the above issue.
    Thanks in advance,
    Regards,
    Krish.

    Hi,
        contact your basis consultant.
    in t-code PFCG, he will create the role and restrict the object.
    this activity will be performed by basis consultant only.
    Regards
    Rajesh

Maybe you are looking for