Finding whether the user has administrative rights

Is there any way by which we can find whether the user has administrative rights or not using java?

The very notion of "administrative rights" is
platform-dependent. It's not standard or well-defined
what "administrative rights" means across all OSes.
You'll have to use JNI or Runtime.execI searched net a lot but couldnt find any tutorial or artical regarding how to achieve this in C or C++.
Any link will be helpful.

Similar Messages

  • How find whether the User has inherited or excluded or directly assigned .

    Hi Every one,
    I am building a report where in which I require for a given position and catalog who are the users and these users are Directly assigned or  Excluded or Inherited.
    If Inherited from which position it has been inherited.
    Now that I got the list of user for a Catalog id , and I can get the attributes for each users through FM BBP_READ_ATTRIBUTES
    But this FM fetches the attributes Inherited excluded or directly feild too, but it is not correct.
    I want to know whether is there any way where we can find the given user has inherited this catalog and from this , so same as this user has direct assignement to this catalog or this user has been exclude for this catalog.
    Regards,
    Raj

    Hi,
    The table ET_ATTR of the function module  BBP_READ_ATTRIBUTES will provide information about the Inherited, Default or Excluded status.
    The following are the appropiate Indicators.
    INH_STATUS - Inherited
    DFT_FLAG - Default
    EXCLUDED - Excluded
    Regards
    Kathirvel

  • Hi guys,Explain how to find whether the user request is dialog or bc ...

    how to find whether the user request is dialog or bc or some other wp and where we can see that ?

    Hello Damodar,
    You can find out that in SM50.
    However one piece of advice. I have noticed that you are raising lots of questions about very basic questions. Either you new to SAP or dont know anything about SAP Basis and want to get in this area. Or else you are preparing for some interview. In either of these cases expecting solutions given at SDN are not going to be of much help. Better read yorself in SAP Help as most people do. SDN should not be overly used for such purposes. Basic questions are welcome but you want to learn SAP through SDN !!!
    Regards.
    Ruchit.

  • To find whether current user has SAP_ALL profile or not.

    Hi all,
    Can anyone tell me that whether is there any method by which I can pass the user id and can know whether that user has the SAP_ALL profile or not.
    The above is done by using the transaction SU01,but I need the ABAP code that is being used in this transaction.
    Regards,
    Varun.
    Message was edited by:
            Varun Bhandari

    Hi,
    Check table USR02 for the same.
    Regards,
    Ram

  • What is to be used to know whether the user has made any changes in alv

    hi all,
           i want to know what is to be used for checking whether a user has done any changes in an editable alv.
    i have used sy-datar but it has nothing in it.
    so kindly help SAP gurus.
    with regards,
    Sindhuja

    Hi Sindhu ,
    If you want to capture the changed data ( rows) use the event : handle_data_changed .
    When the user changes the data , this event will be triggered and the table will have only the changed data.
    Regards,
    Chitra

  • How to check whether the user has a certificate or not?

    Hi everyone.
    We're currently finishing a web project and the last step is to check whether users accessing the application have a valid certificate or not.
    Users with a valid certificate can access all the data. Users without any certificate installed on their browsers may still proceed, but they won't be able to see all data. Please note that the lack of a certificate doesn't mean an error - it's just another use case.
    Is there any way to check whether users have a certificate installed on their browsers?
    Thanks in advance.
    Edit: sorry, I forgot to post some tech details. We're using Struts 1.2 on a Tomcat 5 app server.
    Message was edited by:
    advaca

    I am not sure how Tomcat handles this, but you need to use two-way (mutual authentication) request but not enforce SSL between Tomcat and the client browser. This will make the browser prompt the user for the cert they want to send. Then you'll need to tackle the other part of your problem, getting the correct content displayed depending on whether the user sent a cert or not. I'm even less help there than I was on the first part of your question.
    So, yeah - good luck with that
    Lee

  • Check whether the user has clicked yes or no from air installer

    Hi,
        I am instaling the Adobe air from my application. I want to know whether the user clicked on yes button or no button in the air installer.
    Regards,
    Jayagopal.

    Hi,
    Checking user existence from the Site Groups may result in permission issue.  As every user might not have permission to the site groups.  I have tested this scenario.
    In my opinion, best to use the User groups collection to check whether user belongs to specific group or not.
    Here is the sample code.
    SPUser currentUser = SPContext.Current.Web.CurrentUser;
    SPGroupCollection currentUserGroups = currentUser.Groups;
    foreach(SPGroup currentUserGroup in currentUserGroups)
    if(currentUserGroup.Name == "xyz")
    // Do your operations
    Please don't forget to mark it answered, if your problem resolved or helpful.

  • How to find if the user has selected one or many files using a file chooser

    I have a file chooser but want it to return either a file or file array depending on whether more than one file is selected but there doesn't seem to be any way to find out if that is the case or not. I want it to look something like:
                if(fileChooser.getSelectedFile().isDirectory()==true)
                    selectedFile=fileChooser.getCurrentDirectory();
                else if(fileChooser.multipleFilesSelected())
                    fileChooser.getSelectedFiles();//we have more than one file selected
                else   
                    fileChooser.getSelectedFile();    //if we have one file selected
                }am I going about dealing with this in the right way?

    OK, I scoured the API again and found I could avoid the problem altogether by using
    http://java.sun.com/j2se/1.4.2/docs/api/javax/swing/JFileChooser.html#isMultiSelectionEnabled()
    and
    http://java.sun.com/j2se/1.4.2/docs/api/javax/swing/JFileChooser.html#setFileSelectionMode(int)

  • How to check if the user has only the display authority of a message

    hi,
    How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
    Best regards,

    hi blake
    though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
    Basically Authorization Management 
    Use
    You can use the following authorization objects to control the authorizations for maintaining business partner data:
    •        Authorization objects for the Business Partner:
    •             B_BUPA_GRP
    •             B_BUPA_ATT
    •             B_BUPA_FDG
    •             B_BUPA_RLT•       
    Authorization objects for relationships:
    •             B_BUPR_BZT
    •             B_BUPR_FDG
    In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
    You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
    In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
    For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
    IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
    Prerequisites
    You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
    Moving over
    AS ABAP Authorization Concept 
    The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
    To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
    Authorization Checks 
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
    •        Starting SAP transactions (authorization object S_TCODE)
    •        Starting reports (authorization object S_PROGRAM)
    •        Calling RFC function modules (authorization object S_RFC)
    •        Table maintenance with generic tools (S_TABU_DIS)
    Checking at Program Level with AUTHORITY-CHECK
    Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
    AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
    Starting SAP Transactions
    When a user starts a transaction, the system performs the following checks:
    •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
    •        The system then checks whether the user has authorization to start the transaction.
    The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
    •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
    •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
    If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
    •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
    The check is not performed in the following cases:
    You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
    This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
    •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
    •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
    All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
    Starting Report Classes
    You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
    We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
    You must consider the following:
    •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
    •     •         There are certain system reports that you cannot assign to any authorization class. These include:
    •     •         RSRZLLG0
    •     •         STARTMEN (as of SAP R/3 4.0)
    •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
    •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
    Calling RFC Function Modules
    When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
    Checking Assignment of Authorization Groups to Tables
    You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
    You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
    please See also:
    •        SAP Notes 7642, 20534, 23342, 33154, and 67766
    guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
    but if u sit with ur BASIS guy then u can learn lot of things in PFCG
    i guess u r a basis guy,then its not a problem
    best regards
    ashish

  • How to verify that the user has changed table row data before db update

    Hi all,
    Iam using Oracle ADF with EJBs.
    I have a single selection table that displays rows of data returned from a function of my data control.
    The columns of my table are editable so that the user can change the data. The user selects a row, changes the data in one or more columns of the row and saves the data by means of a submit button. The code in the submit button, identifies the row of the corresponding iterator that the user clicked on and updates the data in the database (using the 'mergeEntity' function of the EntityManager)
    Before saving the data, I want to put some logic to check whether the user has actually changed some data to avoid unnecessary updates in the database . But for this I need a technique to detect that the user has indeed changed some data in the table row.
    One technique I have been using so far was to isolate the iterator row of the table and then query the corresponding row in the database table and compare their values.
    Except from dummy, this technique is not efficient if the table contains many rows.
    Moreover, in my case I have observed that on successive updates on the same row , the query on the database returns the new values (user changed values) and not the actual values contained in the database table. This means that when the user updates an iterator row the cached data affect also the results of the SELECT statement from the actual database table!!! Isn't this strange ?
    Can somebody propose me a neat method to detect when the user has changed the the data of an iterator row ?

    Hey Alan,
    The below solution seems overly complicated to me and can not be implemented without a custom screen and/or the use of JavaScript. Also, if your main concern is that a user may accidentally loose all their data because they closed the browser window or the session times out before they hit the save button then this solution does not help you.
    There are a couple of simpler approaches you can take here:
    # If the use of JavaScript is permissible you can hook into the windows 'onUnload' event, and pop-up a message box which gives the user the opportunity to cancel closing the window and save their case if they haven't already.
    # Implement an autosave feature by hooking into one of events provided by web determinations. A simple (but rather naive) way of doing this would be to hook into the OnRenderScreenEvent and call save on the interview session every time the event fires. This guarantees that all the data the user has submitted will aways automatically be saved, thereby removing the need to make sure the user manually saves their data before closing the browser.
    Automatically making Web Determinations close a browser window has to be done using JavaScript. However, doing so means that a) it won't work for people who turn off JavaScript, which is commonly done for accessibility reasons b) you'll likely run afoul of the browser's security mechanism (they generally won't let you close a window that you didn't open and some really don't like you doing that at all).
    Thanks,
    Kristy

  • How to find out which user has the permission to execute startsap ?

    Hi All
    How do I find out which user has the permission to execute the startsap and stopsap? Do I control the permission on those script using windows standard authorization? For example: only allow certain user have the read and write permission?
    Thank you.!
    Vincent Lo

    Well to me this is really weird question..
    <b>noone un-authorized should have access to OS on your system</b>
    If this is valid you do not need to solve problems who can and who cannot start/stop SAP, because if you want to prevent some users from shutting down the SAP you have really hard job to do - there are many ways how to kill the SAP (for example killing relevant process from task manager, killing of database, messing with services etc.) - yes, this is harmful way of stopping SAP, but we are talking about attack, right? I would contact some Windows specialist to help you disable all the ways how to harm the running SAP. But still after that - there are many files that can be modified/deleted so SAP will crash after restart - you need to protect them too, etc.
    In case you take the first assumption as granted (and you really limit access to this server) you do not need to worry who can stop or start SAP - at the other hand it may be handy to be able to start/stop SAP from other users - for this you can run the stop/start script "under different user".
    But to answer the question - to me this is question just of access control (but really never tried that myself):
    <a href="http://technet2.microsoft.com/WindowsServer/en/library/c6413717-511e-42bd-bd81-82431afe4b2a1033.mspx">Permit or restrict access to a snap-in for a domain</a> (or see other related links down there on this page)
    Please award points for useful answers.
    Thanks

  • Same user with administrative rights on all the servers in single domain versus domainadmin as a part of administrator group in all the servers

    same user with administrative rights on all the servers in single domain user as a part of administrator group in all the servers:
    same user is configured as administrator on all the servers in one domain at windows 2003 server. Should this user be made part of domain admin and then this can be set up in the group of administrator for all the servers.
    How this is technically different?
    If same user is set up as an administrator on all the servers in domain, will it have the same access on all the files as a domain admin user?
    dhomya

    If the account is not admin on the domaincontrollers and the account is not member of domain admins or any other privileged AD group, the account has only user privileges on AD and thus cannot perform actions like creating and managing  accounts,
    groups, OUs,policies, sites, ...in other words cannot potentially ruin Active Directory.
    I think that is a pretty big difference.
    In fact, it is bad practice to perform you daily server management with an AD privileged account.
    In regards of file access. The domain administrator will be just an admin, and thus has the privilies assigned to the local admin group, just as any other admin. But if it are different accounts they might be member of different groups assigning different
    privileges. Always be carefull when assuming resulting privileges will be the same.
    MCP/MCSA/MCTS/MCITP

  • How to find out the user who has created  a new field in the custom table.

    How to find out the user details who has created  a new field in the custom table.
    Thanks,
    Joan

    Hi Jesudasan ,
    You can know the user details with version management.Please find the
    below procedure to know.
    Go to table->Utilities tab->version->Version management->Compare the previous one .
    Hope this solves the issue,Let me know if you have any issues.
    Thanks,
    Rajani

  • How to find the date when the users has been created in Hyperion Essbase

    Please let me know, if there is any option or way to find the date when the users has been created in Hyperion.
    Essbase - 9.3.1.0.0
    Sun Solaris SPARC (32-bit) - 5.8
    If not in Hyperion, could you please let me know if it gets stored in the repository. If yes, please let me know the table name in Oracle.

    I don't know of a way of getting this information from Shared Services via the standard web UI. However you can see when a native user was created in openLDAP. If your users are all native then you can use an ldap browser to view the CreateTimestamp.
    Port: 58089
    User DN:CN=911,ou=People,dc=css,dc=hyperion,dc=com
    Password: Your shared services admin user password
    You should see each new native user under the ou=People and each CN will have a create timestamp.
    I can't help if all you users are external or your using the old Essbase native security.
    Gee

  • How to find out the user list that created by someone?

    Hi all:
    Now I want to develop a program that can find out the user list created by someone.
    such as :
    John create 3 user in SAP ,they are u1,u2,u3.
    Susan create 2 user in SAP , they are s1,s2.
    I input the the parameter such as John , the program can give me the list :u1,u2,u3.
    Could you tell me which table should I use in this program?
    Thanks .
    Elisa.

    Hi Ling,
    As per my understanding, you are looking for listing down the number of Users created by a particular users of the System. Like a System Administrator has created some 30 users. If this is correct, then you can use the table
    USR02 - Logon Data (Kernel-Side Use). This table has 2 fields which are of importance - BNAME - User Name in User Master Record & ANAME - Creator of the User Master Record. You can query the ANAME with the username of the system and you will get the resultant users.
    But I would reccomend to search the Table for a standard class, function module or RFC or BAPI so that you can reuse the same and need not to develop from the scratch.
    Hope this will help.
    Thanks,
    Samantak.

Maybe you are looking for