Grant read authorisation on all of its tables to another user
Hi,
we would like to read the tables of SAP directly from MaxDB. The user sap<sid> is not a good candidate. So, we create another user dbreader.
Could somebody help me, how to grant read authorisation on all SAP tables to user dbreader?
Thanks a lot in advance.
Best Regards,
Rongfeng
Hello Rongfeng,
do you notice to what a dilemma you bring us with your request?
On the one hand, we're participating in this SDN community to help people, so that they can successfully use the software and enjoy it.
On the other hand you ask for the how-to for something that is a really bad idea and that will bring you into trouble.
By allowing a read-only access to SAP tables you bypass all permission management of SAP. As soon as any auditor sees that, the compliance certificate of your company is gone.
You can even access all clients - how do you prevent from working with the wrong set of data?
Also it does not seem as if you know what you're about to do there. In fact, you don't even know what data you want to see.
It's just the "gimme-all" request, something that might be OK at the kepab booth, but surely not with data access permissions.
Apart from the security aspect: SAP tables don't make sense on database level.
All references and dependencies between them are only kept within the application layer.
All the semantics of the data fields (and with them all consistency check) are only present at the application layer.
Even the state of records is not consistent on the database, as SAP uses it's own updater concept in - you guess it - the application layer.
So, for me the question is:
If I tell you how to do what you asked for, does it do more harm than it's useful?
The regular readers of this forum already know my reply to this kind of request...
DON'T DO IT!
Instead define and specify a API to the data you need to see.
Better use the tools you already paid for ... ABAP, BAPI, RFC, WebServices... there are tons of options to get data out of SAP systems properly. And all of them are safe, secure, well documented and reliable.
Best regards,
Lars
Similar Messages
-
Wich rights must a user have to copy a table to another user?
Wich rights must a user have to copy a table to another user? If I try it while using SQLDeveloper I become a message wich says that the user has not enough rights.
Thanks a lot
TorstenIf you are trying to create a table in a schema other than your own, you must have the CREATE ANY TABLE system privilege.
-
Allowing a user to create/drop tables in another users schema
We have a central shared schema (TEAM). So we can monitor who is doing what users have there own login(USER1, USER2...). Is there a way to allow a user to create/drop objects in another user.
I.e.
SQL> connect USER1
SQL> create team.table1(col1 char(1));
SQL> drop table team.table1:
How can this be set up?
BenHere is what you can do, If you want to keep track of what users are doing.
Open the glogin.sql file and set the spool like this
spool /oracle/audit/SID_&_user.logEverytime user logs in it will be populated and you will be able to see who is doing what.
You can remove the write permission on glogin.sql so that no one can modify it.
You also need to create a script like this, which would rename it every time same user would login.
#!/bin/ksh
time=`date +"%b"_"%d"_"%H"_"%M"`
##you need to pass some more variables and while loop to include all the users## ( This is just for an example)
if [ -f /oracle/audit/SID_SYS.log ]
then
mv /oracle/audit/SYS.log /oracle/audit/SYS.log.$time
fiEdit the glogin.sql file with this script information like this
host /oracle/audit/file.kshHope this helps, if you need more information let me know. -
How to export and Import table of another user from user system using expdp
Hi All,
How to export a table 'scott.emp' from system user.
expdp system/password directory=expdp dumpfile=scott_emp.dmp ???? ?? tables=emp ??????????????????????????
thank you
---------------------------------------------------------- Posting solution here to make needed users not to scroll down ------------------------------------------------------
Finally I got it right!!!
Task :- Export table_1 of schema_a from database db1 and Import it to schema_b of database db2 as user other than schema owner
Solution :-
expdp system/pwd directory=expdp tables=schema_a.table_1 dumpfile=schema_a.table_1.dmp logfile=expdp_schema_a.table_1.log
impdp system/pwd directory=expdp tables=schema_a.table_1 dumpfile=schema_a.table_1.dmp logfile=impdp_schema_a.table_1.log remap_schema=schema_a:schema_b remap_tablespace=table_1_tablespace:schema_b_tablespace
Thank You All
Edited by: Ven on Mar 9, 2011 7:52 AMJust a example
SQL> $expdp system/sys directory=data_pump_dir dumpfile=tests.dmp tables=scott.emp
Export: Release 11.2.0.1.0 - Production on Tue Mar 8 10:39:57 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
Starting "SYSTEM"."SYS_EXPORT_TABLE_01": system/******** directory=data_pump_dir dumpfile=tests.dmp tables=scott.emp
Estimate in progress using BLOCKS method...
Processing object type TABLE_EXPORT/TABLE/TABLE_DATA
Total estimation using BLOCKS method: 64 KB
Processing object type TABLE_EXPORT/TABLE/TABLE
Processing object type TABLE_EXPORT/TABLE/INDEX/INDEX
Processing object type TABLE_EXPORT/TABLE/CONSTRAINT/CONSTRAINT
Processing object type TABLE_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS
Processing object type TABLE_EXPORT/TABLE/CONSTRAINT/REF_CONSTRAINT
Processing object type TABLE_EXPORT/TABLE/STATISTICS/TABLE_STATISTICS
. . exported "SCOTT"."EMP" 8.570 KB 14 rows
Master table "SYSTEM"."SYS_EXPORT_TABLE_01" successfully loaded/unloaded
Dump file set for SYSTEM.SYS_EXPORT_TABLE_01 is:
C:\APP\MAZAR\ADMIN\ACEME\DPDUMP\TESTS.DMP
Job "SYSTEM"."SYS_EXPORT_TABLE_01" successfully completed at 10:40:01
SQL> -
Analyze table as another user (not owner)
Hi!
I need to be able to analyze a table from a different account other than the owner. How can I do that?
Thanks!
Dave VenusWhat version of Oracle? Are you going to use the ANALYZE command or the dbms_stats package?
From SQL manual entry on Analyze:
"The schema object to be analyzed must be local, and it must be in your own schema or you must have the ANALYZE ANY system privilege"
HTH -- Mark D Powell -- -
Email looks as though its sent from another user
HI eveyone
I have recently started to have a problem whereby when sending a email via gmail it looks as though it has come from my wifes gmail account. We are setup as differant users on the macbook pro and both have our own gmail accounts. When I send an email if the person I have sent it to replies it comes through to my wifes email account and when I look at the original email I sent it shows that it was sent from my wifes email account even though it wasn't. This is getting very frustrating. Any ideas??
Many thanks in advance
GazYou're going to get the best support by posting to the Mail forum if this is indeed an issue with Apple mail and not Google Mail.
-
HOW DO I COPY A WINDOWS 7 PROFILE SO I CAN USE ITS SETTINGS FOR ANOTHER USER?
I want to copy an ex employee's profile in Windows 7 (we are on a domain by the way). I want to copy the ex-user's profile and replace the new user's profile
so when the new user logs in, they will see the previous user's settings like calendar.
Is this possible?Excellent information, However, I think the OP said that they wanted to copy a specific users settings. Personally, if the settings only need to be applied once, I would just rename the user profile and change the password and tada the settings are identical.
Seeing that the user hive of the registry contains numerous references to the original folder, your method might create some interesting phenomena. Example:
- Original profile folder: C:\Users\LRenwick
- Renamed profile folder (following your recipe): C:\Users\JDoe
- Data stored in HKEY_CURRENT_USER\Software\Microsoft\GDIPlus: C:\Users\LRenwick\AppData\Local
Renaming the profile folder will not change any of these references in the registry.
Good point, didn't even think of that.
Don't forget to mark the post that solved your issue as "Answered." By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional -
READ privileges for *all the databases*
Is it possible to grant READ privileges for all the databases objects (tables, schema, triggers, procedures, view and etc)
SHANOJ wrote:
Is it possible to grant privileges to all objects in one time?It depends on what you mean by 'in one time'. In one single SQL statement? No. But there's nothing stopping you issuing a billion grants one after the other in your session.
Roles are probably better suited for this task. But are you sure you really want to grant SELECT privileges on all the tables in the database? It's more common to grant SELECT on all the 'MARKAPP' tables to the 'MARKAPP_READ_ONLY' role... -
Hi All,
can anyone tell me that how to grant read permission on all tables of a database except tables that belong to system tablespace.
ThanksHandle: 788442
Status Level: Newbie
Registered: Aug 14, 2010
Total Posts: 58
Total Questions: 17 (12 unresolved)
so many questions & so few answers.
how I can find out the tables name that not are in system tablespace.just modify the previously provided SQL -
Edit tables in other user schema
Hello all,
Is there a way to allow a user to edit tables for another user?? For example, suppose user A has tables X, Y and Z. I need user B to be able to edit those tables in SQL Developer.
I have granted user B everything on A's tables, but once user B log to SQL Developer-> Other Users -> Tables. Right click any table and choose edit, an error message is displayed "The database user has insufficient privileges for the given operation"
I am kindly asking for help regarding this issue.
Regards,
EmadI do believe so. I have tried to grant select any dictionary to the user and he still can not edit the tables in the other schema.
I do hope Oracle solve this if it is a bug. -
Error creating view with tables of other user
I am creating of view containing two tables of another user. I
am a dba-user.
The statement looks like this:
CREATE VIEW TEST
(SELECT ...
FROM DWH.TABLE_A A, DWH.TABLE_B B
WHERE A.ID = B.ID)
I get an error-message (ORA-00942: Table or view not found).
When I create the view as user DWH, everything went OK. I don't
think it has something to do with privileges since I am the dba-
user.
How can I create a view using other users tables?Hi
To create view on table of another user you need to have select
privilege grant directly to you - not to role granted to you. In
your case you can select tables because you have granted dba
role and it has select any table prvivilege, but you havent
directly granted this rights without role.
Regards -
Create user with read access for all tables SAP SID .*
Hello all,
could you please help me ? I would like to grant select privilege on all tables SAP<SID>.* for newly created user.
I have created standard database user (not exclusive).
I`m able to grant select for individual tables, but I would like to grant select for this user on all SAP<SID>
schema in simplier way
But as far as I know, the schema`s owner name must be different then schema name.
Any idea please ?
Thank you.
Pavolcreate user <user_name> identified by <password> <options>;
grant read on all tables:-
CREATE OR REPLACE PROCEDURE GRANT_SELECT AS
CURSOR ut_cur IS
SELECT table_name
FROM user_tables;
RetVal NUMBER;
sCursor INT;
sqlstr VARCHAR2(250);
BEGIN
FOR ut_rec IN user_tabs_cur;
LOOP
sqlstr := 'GRANT SELECT ON '|| ut_rec.table_name
|| ' TO <user_name>';
sCursor := dbms_sql.open_cursor;
dbms_sql.parse(sCursor,sqlstr, dbms_sql.native);
RetVal := dbms_sql.execute(sCursor);
dbms_sql.close_cursor(sCursor);
END LOOP;
END grant_select;
Edited by: varun4dba on Jan 18, 2011 4:13 PM -
Need to grant DML privileges to all tables in few schemas
Hi,
I need to grant DML privileges to all tables in few schemas to a role. How can I achieve that?
I thought it's below syntax but it doesn't work. Please advice.
grant ALL ON ALL TABLES IN SCHEMA <Schema_name> TO <role_name>;Thanks,
GangadharGR wrote:
Hi,
I need to grant DML privileges to all tables in few schemas to a role. How can I achieve that?
I thought it's below syntax but it doesn't work. Please advice.
grant ALL ON ALL TABLES IN SCHEMA <Schema_name> TO <role_name>;
There is no single command to grant privileges at that level. There are either ANY privileges or privileges on an object.
You can write a bit of code to generate and execute what you want, but you would have to rerun it if any new tables were created. -
How to grant select permission to all the tables in the user
Hi All,
I have 5 tables in one user, now i want to give only select privilege to another user on those tables. Please help me to solve this issue.
Thanks in Advance.
Thanks and Regards,
chiranthSee following discussion: Re: Select Grant on another schema
-
Grant access to create/alter/drop/ to tables, view, index
Using (Transact-sql) SQL query analyser 8.00.2039
Objective: To delete/drop the schema on every run of database setup (i mean drop the schema and build it on every run).
I have done the following to accomplish the same ...
Logged in as sa ... i did the following
use master
exec sp_addlogin 'sas'
exec sp_adduser 'sas'
create database ss
use ss
exec sp_grantdbaccess 'sas', 'ss'
i am having issues with the grant command in the above version.
i want to grant create table, create index, create view, alter table, drop view, drop index, drop table to the user sas
When i ran the command
grant create table, create index, create view, alter table, drop view, drop index, drop table to sas
i got
Server: Msg 165, Level 16, State 6, Line 1
Privilege CREATE INDEX may not be granted or revoked.
Server: Msg 165, Level 16, State 1, Line 1
Privilege ALTER TABLE may not be granted or revoked.
Server: Msg 156, Level 15, State 1, Line 1
Incorrect syntax near the keyword 'delete'.
If the grant worked, i thought of creating the schema like
create schema epp authorization sas
Then for removing the schema (as there is no drop schema command for the version mentioned above)
i would have done this,
use master
exec sp_revokedbaccess 'sas'
alter database ss set single_user with rollback immediate
drop database ss
exec sp_droplogin 'sas'
I referred the online book but not of much help on this.
Is this is the correct way to drop/delete a schema on every run of database setup
pls. offer your suggestionsTerminology.
When you write “schema” I will guess that you mean ‘database ‘rather than a security schema within a database.
User.
A user is an object that belongs to a database. In your create code you added the user sas to the master database. If you want to add that user to the ss database you have to create the ss database first, then USE database ss; before you sp_adduser. If you are using SQL Server 2005 use CREATE User not sp_adduser.
To DROP a database you DROP the database. All the objects in the database including its users are dropped with it. The Logins belong to the server and they can be dropped before or after you drop the database though if you drop a Login and don’t drop a database that has that Login as a User you orphan the User.
Maybe you are looking for
-
Well, i lost my iPod at school i dont know if it was stolen, it fell out of my pocket or what but either way it is gone. I have the find my ipod app, and contacted the local police, but i just want it back. I have turned the WIFI off because it runs
-
Why the itune pumps a message "iTune could not back up the iPod XXX because a session could not be started with the iPod" when trying to backing up the device? could anyone help me?
-
"abort system error in program CL RSR and form GET_PROVID-02-(see long text
Hi All, When i try to excuting bex query in analyser and whaen i have to exucuting cube contents, i got this error message : "abort system error in program CL RSR and form GET_PROVID-02-(see long text)" System error in program CL_RSR and form GET_PRO
-
Character format to currency format conversion?
Hai, I have a field (char16) with value in the form 9800.50. How do I convert it into standard SAP currency type ( of the format 9.800,50 ) Is there any function module available ? I have tried the FM "CHAR_FLTP_CONVERSION". But it can't convert deci
-
Help on finding a reference to a table
Hi , my oracle verion : oracle 10G if i fire a query something like : select * from user_source where text like '%CLASSIFICATION%' it will return me rows and help me narrow my search onto a mere 100 rows to find a reference for a table called 'WC_CLA