Hiding of queries for perticular roles in POWL in SRM7.0
Hi Experts,
We have a requirement to hide the certain queries in POWL for perticular roles. I have maintained the entries for the roles through transaction POWL_QUERYR but we are not able to see the desired results.
Also tried by running the report POWL_D01 but this report will delete the queries based on the users. Our requirement is to show or hide certain queries to all the users with a perticular role.
Kindly advice.
Thanks and Regards
Vishal
Hi Lavanya,
Thanks for the reply.
We are following the below approach for hiding the tabs "Team Shopping Carts", Invoice/Credit Memo" and Confirmation Team Shopping Carts".
- Defined a new application id Z_SAPSRM_E_CHECK_STATUS.
- Maintained the entry in POWL_TYPER with the application Z_SAPSRM_E_CHECK_STATUS and type for confirmation and shopping cart along with the role
- Maintained the entry in POWL_QUERY with the application Z_SAPSRM_E_CHECK_STATUS, role and activated the activate check box
- Assigned the application id to the role authorizations "authorizations for Personal Object Work List (POWL) iViews"
When I run the report POWL_D02, I can see that for the application Z_SAPSRM_E_CHECK_STATUS the queries shopping carts abd confirmations are active.
But when I run the report POWL_D01 with the above application id I get the result that no queries found.
Please let me know if the approach that we are following above is correct. or do we need to maintain some more things to accomplish this.
We are defining are our own application id's because we need to hide queries for many transactions, so in our defined application id we will include the queries that needs to be displayed and will assign those application id in the roles after carrying out the above steps.
Thanks and Regards
Vishal
Similar Messages
-
Hiding or disabling the check boxes in Tableview for perticular row
Hi
I created table view using ITAREATOR, as per my requirement i need to disable or hide the check box (which come by default) for perticular row.
Can any body send me the code
thanks in advance
B.UmashankarIs there a hide-or-disable-checkboxes-in-a-tableView-row contest going on somewhere?
Please check Leoiz Pas' "How to disable tableView default checkbox" and Marcel Gäbe's "TableView hide checkbox" postings earlier this week (even though there might not have been a final solution yet)! -
Hi Gurus,
i need to assign queries to a role so that users having this role will be able to get the queries in their menu when they log into the system. How can I do it?
ParthaSteps 1)PFCG -->create ROLE
2)SU01 -->assign ROLE to user
3)RSECADMIN -->create authorization object,assign activities of 0TCT*
Note - RSECADMIN uses 0TCT* objects
basis ADMIN should have S_RSEC object to be assigned in order for him to use 0TCT* objects
Roles - Query
PFCG - create Role
Authorization tab -change authorization data
S_GUI = *
S_TCODE = RRMX
S_USER_AGR
ACTVT = 2,3 and ACT_GROUP = *
S_USER_TCD = RRMX
Profiles to be given to developer
SAP_ALL
SAP_NEW
0BI_ALL is the new object which gives all authorizations to users.
More info-
Re: How to add a Role?
Hope it Helps
Chetan
@CP.. -
Queries added to role in PFCG don't show up under role folder in BEX
Hello Guruu2019s
Currently I am experiencing a very strange problem regarding the visibility of queries in the role menu of BEX. Please find below some investigation already done:
Just to avoid any authorization questions/assumptions, I have a user with SAP_NEW and SAP_ALL. He also has 2 roles (R1 and R2, no other roles) in which reports are entered using: PFCG -> +OTHER -> SAP BW Query URL.
In his SAP user menu all reports from both roles show up and are executable.
When this user open BEX Analyzer and goes to u2018Openu2019 -> u2018Open Queryu2019 and then go to u2018Rolesu2019 only R1 and its contents is visible.
The roles however are identical and contain only the following authorization objects (apart from menu entries):
S_USER_TCD: RRMX
S_TCODE: RRMX
The only difference between them is that the R1 has been created some time ago while the R2 is new.
I expect that people will tell me that S_USR_AGR is required but this isnu2019t the case since he is able to see one of the two mentioned roles (R1) and its contents in SAP BI due to SAP_ALL and SAP_NEW.
When I copy R1 to R3 and add it to the user he is also able to see this R3 in the Bex analyzer. However, when I remove all reports from R3 and add some myself in PFCG these new entries do not show up in Bex analyzer, even though I re-added the report(s) I removed earlier in the exact same way.
The same for the original R1, when I add new entries they arenu2019t visible although the u2018oldu2019 ones are.
When I check the only table I know that holds SAP menu entries all links show up, this also explains why in his SAP user menu he sees all links. Does anyone know how (which tables) the BEX Analyzer gets the appropriate roles and role entries when a user wants to open a query?
What can be the issue here; to me it feels like something has changed in the system that prevents BEX to read all roles properly?Hi Casper,
there is a known issue at the moment whereby workbooks/queries and roles are no longer
visable due to the following.....
The settings in SSM_CUST defines a compress mechanism for the user menu
known as "Redundancy avoidance" and described in notes 357877 and 357693
Redundancy avoidance deletes easy access menu entries for doubled
transaction codes whenever SSM_CUST contains
1. an entry CONDENSE_MENU with PATH = 'YES' and
2. either an entry DELETE_DOUBLE_TCODE with PATH = 'YES' or no entry
DELETE_DOUBLE_TCODES, at all.
If you don't want doubled transaction codes to be deleted, then simply
add an entry DELETE_DOUBLE_TCODES with PATH = 'NO' into table SSM_CUST.
Please enter
DELETE_DOUBLE_TCODES with PATH = 'NO' into table SSM_CUST
and retest this issue...
I hope this helps
best regards
Orla. -
Queries for current Qtr and prior quarter
If I select one date in dashboard prompt in one column I want to display current quarter revenue and prior Qtr revenue.
Could anyone give me the queries for the current Qtr and prior Qtr?
So I will going to use presentation variable from the dashboard promptsobiee-date-expressions-reference
Date Calculation OBIEE Expression Explanation :
First Day of the Previous Year
TIMESTAMPADD( SQL_TSI_YEAR , -1, TIMESTAMPADD( SQL_TSI_DAY , EXTRACT( DAY_OF_YEAR FROM CURRENT_DATE) * -(1) + 1, CURRENT_DATE)) From right to left the first TIMESTAMPADD returns the first day of the current year. The second TIMESTAMPADD removes a year from the returned date for the First Day of the Previous Year.
First Day of the Current Year
TIMESTAMPADD( SQL_TSI_DAY , EXTRACT( DAY_OF_YEAR FROM CURRENT_DATE) * -(1) + 1, CURRENT_DATE) This calculation returns the first day of the year by deducting one less than the total number of days in the year.
First Day of the Next Year
TIMESTAMPADD( SQL_TSI_YEAR , 1, TIMESTAMPADD( SQL_TSI_DAY , EXTRACT( DAY_OF_YEAR FROM CURRENT_DATE) * -(1) + 1, CURRENT_DATE)) From right to left the first TIMESTAMPADD returns the first day of the current year. The second TIMESTAMPADD adds a year to the date returned which will give the first day of the next year.
First Day of the Previous Month
TIMESTAMPADD(SQL_TSI_MONTH, -1, TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( CURRENT_DATE) * -(1) + 1, CURRENT_DATE)) From right to left the first TIMESTAMPADD returns the first day of the Current Month. The second TIMESTAMPADD then subtracts one month from the first day of the Current Month arriving to the First Day of the previous month.
First Day of the Current Month
TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( CURRENT_DATE) * -(1) + 1, CURRENT_DATE) This expression gets the current day of the month and subtracts one less than the current day to arrive at the first day of the month.
First Day of the Next Month
TIMESTAMPADD(SQL_TSI_MONTH, 1, TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( CURRENT_DATE) * -(1) + 1, CURRENT_DATE)) From right to left the first TIMESTAMPADD returns the first day of the Current Month. The second TIMESTAMPADD then adds one month from the first day of the Current Month arriving to the First Day of the next month.
First Day of Current Quarter
TIMESTAMPADD( SQL_TSI_DAY , DAY_OF_QUARTER( CURRENT_DATE) * -(1) + 1, CURRENT_DATE) This was included to show the calculations discussed above can be used with other functions. This is the same expression as the one that returns the first day of the current month except this one uses the DAY_OF_QUARTER property to return the first day of the current quarter.
Last Day of the Previous Month
TIMESTAMPADD( SQL_TSI_DAY , -(1), TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( CURRENT_DATE) * -(1) + 1, CURRENT_DATE)) From right to left the first TIMESTAMPADD returns the first day of the Current Month. The second TIMESTAMPADD subtracts a month to arrive at the first day of the previous month.
Last Day of Current Month
TIMESTAMPADD( SQL_TSI_DAY , -(1), TIMESTAMPADD( SQL_TSI_MONTH , 1, TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( CURRENT_DATE) * -(1) + 1, CURRENT_DATE))) From right to left the first TIMESTAMPADD finds the first day of the current Month. The second TIMESTAMPADD adds one month to the date to arrive at the first day of the next month. The final TIMESTAMPADD subtracts one day from the returned date to arrive at the last day of the Current Month.
Last Day of the Next Month
TIMESTAMPADD( SQL_TSI_DAY , -(1), TIMESTAMPADD( SQL_TSI_MONTH , 2, TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( CURRENT_DATE) * -(1) + 1, CURRENT_DATE))) From right to left the first TIMESTAMPADD finds the first day of the current Month. The second TIMESTAMPADD adds two months to the date to arrive at the first day of month after next. The final TIMESTAMPADD subtracts one day from the returned date to arrive at the last day of the Next Month.
Last Day of Previous Year
TIMESTAMPADD( SQL_TSI_DAY , -1, TIMESTAMPADD( SQL_TSI_DAY , EXTRACT( DAY_OF_YEAR FROM CURRENT_DATE) * -(1) + 1,
CURRENT_DATE)) From right to left the first TIMESTAMPADD returns the first day of the current year. The second TIMESTAMPADD subtracts one day to arrive at December 31st of the previous year.
Last Day of Current Year
TIMESTAMPADD(SQL_TSI_YEAR, 1, TIMESTAMPADD( SQL_TSI_DAY , -1, TIMESTAMPADD( SQL_TSI_DAY , EXTRACT( DAY_OF_YEAR FROM CURRENT_DATE) * -(1) + 1, CURRENT_DATE))) From right to left the first TIMESTAMPADD returns the first day of the current year. The second TIMESTAMPADD deducts one day to arrive at December 31 of the previous year. The third TIMESTAMPADD adds a single year to the date to arrive at December 31 of the Current Year.
Last Day of the Next Year
TIMESTAMPADD(SQL_TSI_YEAR, 2, TIMESTAMPADD( SQL_TSI_DAY , -1, TIMESTAMPADD( SQL_TSI_DAY , EXTRACT( DAY_OF_YEAR FROM CURRENT_DATE) * -(1) + 1, CURRENT_DATE))) From right to left the first TIMESTAMPADD returns the first day of the current year. The second TIMESTAMPADD deducts one day to arrive at December 31 of the previous year. The third TIMESTAMPADD adds 2 years to the date to arrive at December 31 of the Next Year.
Last Day of Current Quarter
TIMESTAMPADD( SQL_TSI_DAY , -(1), TIMESTAMPADD( SQL_TSI_QUARTER , 1, TIMESTAMPADD( SQL_TSI_DAY , DAY_OF_QUARTER( CURRENT_DATE) * -(1) + 1, CURRENT_DATE))) Demonstrated using Quarters. From right to left the first TIMESTAMPADD returns the first day of the Current Quarter. The second TIMESTAMPADD returns the first day of the next quarter. The final TIMESTAMPADD subtracts a single day from the date to arrive at the last day of the Current Quarter.
Number of days between First Day of Year and Last Day of Current Month TIMESTAMPDIFF(SQL_TSI_DAY, CAST('2010/01/01 00:00:00' AS DATE), TIMESTAMPADD( SQL_TSI_DAY , -(1), TIMESTAMPADD( SQL_TSI_MONTH , 1, TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( CURRENT_DATE) * -(1) + 1, CURRENT_DATE)))) For simplicity I hard coded the January 1, 2010 date and CAST it to a date. I could have used the First Day of the Current Year calculation but didn’t want to over clutter the example. The second part of the TIMESTAMPDIFF uses Last Day of the Current Month calculation to force the TIMESTAMPDIFF to calculate the number of days between the first day of the year and the last day of the current month.
=============
FYI, let say some example,
Last day of previous Quarter:
"GPC_DataMart"."GPC_DataMart"."dbo"."LQ_Position"."Business_Date"=TIMESTAMPADD( SQL_TSI_DAY , -(1), TIMESTAMPADD( SQL_TSI_DAY , DAY_OF_QUARTER( "GPC_DataMart"."GPC_DataMart"."dbo"."MT_BUSINESS_DATE"."Business_Date") * -(1) + 1, "GPC_DataMart"."GPC_DataMart"."dbo"."MT_BUSINESS_DATE"."Business_Date"))
Last month last day:
"GPC_DataMart"."GPC_DataMart"."dbo"."LM_Position"."Business_Date"=
TIMESTAMPADD( SQL_TSI_DAY , -(1), TIMESTAMPADD( SQL_TSI_DAY , DAYOFMONTH( "GPC_DataMart"."GPC_DataMart"."dbo"."MT_BUSINESS_DATE"."Business_Date") * -(1) + 1, "GPC_DataMart"."GPC_DataMart"."dbo"."MT_BUSINESS_DATE"."Business_Date"))
Last year Last day
"GPC_DataMart"."GPC_DataMart"."dbo"."LY_Position"."Business_Date"=
TIMESTAMPADD( SQL_TSI_DAY , -1, TIMESTAMPADD( SQL_TSI_DAY , EXTRACT( DAY_OF_YEAR FROM "GPC_DataMart"."GPC_DataMart"."dbo"."MT_BUSINESS_DATE"."Business_Date") * -(1) + 1, "GPC_DataMart"."GPC_DataMart"."dbo"."MT_BUSINESS_DATE"."Business_Date"))
Thanks and Regards,
Deva
http://obieeelegant.blogspot.com/2011/06/obiee-date-expressions-reference.html -
How to calculate number of rows for perticular characterstic in SAP BI Bex
Hi experts,
Please let me know how to calculate ' number of rows ' for perticular characterstic in Bex query.
Thanks & Regards,
Babu..Hello,
You can try this
Create a CKF and assign the vale 1 to it. Open the query and select Character where you want to display ' number of rows ', go to properties windows, select 'display', in the results row drop down box, select 'always display'.
Thanks.
With regards,
Anand Kumar -
Hi Friends,
I Have a view named - item_sales with 4 column
Item code
Item name
Transaction_YYYYMM (Date stored in YYYYMM format )
QTY_RECEIVED
QTY_SOLD
Sample data is
ITEM_CODE ITEM NAME TRANSACTION_YYYMM QTY_RECD QTY_SOLD
AX TSHIRT 201307 3000 2000
AX TSHIRT 201308 2000 500
AX TSHIRT 201309 1000 3000
CX XLSHIRT 201307 3000 2000
CX XLSHIRT 201308 3000 2500
CX XLSHIRT 201309 3000 2500
EVERY MONTH END I WILL RUN THIS QUERY TO FIND OUT THE BELOW DETAILS
1. TO FIND ITEM_NAME WISE - QTY_RECEIVED AND QTY_SOLD ( FOR CURRENT MONTH - EXAMPLE SEP )
2. TO FIND ITEM_NAME WISE - QTY_RECEIVED AND QTY_SOLD (FOR CURRENT YEAR EXAMPLE FROM JAN TO SEP )
OUTPUT FOR SEPTEMBER MONTH LOOK LIKE THIS
SEP-MONTH JAN TO SEP
ITEM_CODE ITEM_NAME QTY_RECEIVED QTY_SOLD QTY_RECEIVED QTY_SOLD
AX TSHIRT 1000 3000 6000 5500
CX XLSHIRT 3000 2000 9000 7000
Pls advise me how to write queries for this
RdkJust FYI, you *can* edit your own posts, you know
Rdk wrote:
Transaction_YYYYMM (Date stored in YYYYMM format )
First "problem". Don't store dates as string. Store them as dates. It will save you so much headache don't the road you won't believe it.
True, this is a view, so maybe not as critical - assuming the underlying *DATA* is actually a date.
1. TO FIND ITEM_NAME WISE - QTY_RECEIVED AND QTY_SOLD ( FOR CURRENT MONTH - EXAMPLE SEP )
2. TO FIND ITEM_NAME WISE - QTY_RECEIVED AND QTY_SOLD (FOR CURRENT YEAR EXAMPLE FROM JAN TO SEP )
So yeah, based on these requirements, I'd recommend you make that column a DATE, not a string. Dates are easier to parse for date-related logic - such as month by month as you need here.
Using that, here's one way to do it:
with w_data as (
select 'AX' item_code, 'TSHIRT ' item_name, to_date('20130701','yyyymmdd') trans_dt, 3000 qty_recd, 2000 qty_sold from dual union all
select 'AX' , 'TSHIRT ' , to_date('20130801','yyyymmdd') , 2000 , 500 from dual union all
select 'AX' , 'TSHIRT ' , to_date('20130901','yyyymmdd') , 1000 , 3000 from dual union all
select 'CX' , 'XLSHIRT' , to_date('20130701','yyyymmdd') , 3000 , 2000 from dual union all
select 'CX' , 'XLSHIRT' , to_date('20130801','yyyymmdd') , 3000 , 2500 from dual union all
select 'CX' , 'XLSHIRT' , to_date('20130901','yyyymmdd') , 3000 , 2500 from dual
w_base as (
select item_code, item_name, trans_dt, qty_recd, qty_sold,
sum(qty_recd) over (partition by item_code, trunc(trans_dt, 'MM')) mm_recd,
sum(qty_sold) over (partition by item_code, trunc(trans_dt, 'MM')) mm_sold,
sum(qty_recd) over (partition by item_code, trunc(trans_dt, 'YY')) yy_recd,
sum(qty_sold) over (partition by item_code, trunc(trans_dt, 'YY')) yy_sold,
row_number() over (partition by item_code order by trans_dt desc) rnum
from w_data d
Select item_code, item_name, mm_recd, mm_sold, yy_recd, yy_sold
from w_base
where rnum = 1
IT ITEM_NA MM_RECD MM_SOLD YY_RECD YY_SOLD
AX TSHIRT 1000 3000 6000 5500
CX XLSHIRT 3000 2500 9000 7000 -
How to remove Queries in menu roles?
Hi,
I am removing unneccessary quries added in menu roles!
How to remove those queries from the roles?
RajHi,
Open your role in PFCG with edit mode -> you can see list of reports assigned here, right click on delete which is not required. -
Error when creating the queries with BI Roles.
Hello,
Business Requirement :
We need to see the BI query reports to show up in User Menu.
Action Taken :
I tried to add the BI queries to BI Role on Menu tab with BW report ID/name by clicking other button. But still not showing up in User Menu.
Anything else I should check? Please advise.Hi Pranav,
The way in which Sap has customized BEx is it won't show the roles which doesn't have Queries.
The roles tab of Bex shows only show the roles which user is assigned, among the assigned roles only the roles which has queries will be displayed.
Hope this helps,
Thanks,
Rakesh.T -
Transaction code for vendor account statement for perticular duration
Transaction code for Accounts payable
statement for perticular date
duration...... (from date and to date)Hi,
You can use the following reports, there are quite a few other reports but the ones below can be used easily to tweak to your requirement using the many selection and display options available:
1. S_ALR_87012103 - List of Vendor Line Items
2. FBL1N
Cheers. -
Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]
SCCM 2012 has been successfully installed on the server:
SRVSCCM.
The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
The cluster service is running on the account: sqlclusteruser
The account has the appropriate SPN are registered:
setspn -L domain\sqlclusteruser
Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
MSSQLSvc/CLS-SQL4
MSSQLSvc/CLS-SQL4.domain.local
MSSQLSvc/CLS-SQL4:11434
MSSQLSvc/CLS-SQL4.domain.local:11434
After some time on the cluster hosts every day started appearing new folders with files inside:
srvboot.exe
srvboot.ini
srvboot.log
srvboot.log contains the following information:
SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
Copyright (C) 2011 Microsoft Corp.
Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
Failed to retrieve SQL Server service account.
Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
Disconnecting from Site Server.
SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
Without successfull bootstrap the siteserver backup is not able to run successfully.
Try grant everyone the read permisson on
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
This worked for me.
After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER" -
Link is not working for one role. how to check please guide.
Hi Expert,
I have a simple question but as don;t aware of some of the techincal area not able to understand where to check.
I have a link under document flow in offer( opportunity) where for one role sales support user the link is not happening. I have checked for other role its working fine.I understand that for this role the link will not work as per the role maintianed.
But where this link got maintained and how i will be able to check which link is tagged to which profile.
rolewise mappeing with link.
Please guide.
Prem.Hello Prem,
Please check the navigation bar profile from your business role.
Then go to the navigation bar profile settings, you can find the details settings there.
If it is a link under some work center, you need to start from the work center.
If it is a direct link, then start from the derect link group.
Hope this could be helpful.
Best regards,
'Maggie -
Account Creation - Badi for Default values for BP Role and Sales Area
Hi all,
my requirement regards the possibility to create a new prospect (a link should be available in the navigation bar or create section).
Logically, a bp role as "Prospect" and particoular sales area should be created automatically.
I created an implementation for the BADI definition "BADI_CRM_BP_UIU_DEFAULTS". But don't know how to create the default values for BP role and Sales area:
In my code
assign cr_me->('VIEW') to <lv_view_name>.
if sy-subrc ne 0.
exit.
endif.
lv_viewname = <lv_view_name>.
case lv_viewname.
when 'AccountDetails.htm'.
I obtain the viewname "AccountDetails" , the related context "Header". After I don't know how to proceed to obtain the related entities through the relationship BuilRolesRel and BuilSalesArrangementRel.
Am I following the right way? Is there another solution to prepare the output for default values?
Any kind of suggestion will be appreciated.
Regards, Robertogo to spro>cross-application components>sap busines partner>business partner> basic settings>field groupings>Configure Field Attributes per BP Role
Double click the business role which you want to customaze (e.g. 'A') and change the proper settings.
Regards. -
Problem creating Network ACL for a ROLE in Oracle 11gR2
According to Oracle Documentation when you create a new Network ACL you can add privileges to a user or role. I need to create a new ACL for the UTL_SMTP package for a specific role, but when I granted it the users who have that role are still getting the "ORA-24247: network access denied by access control list (ACL)" error when they try to send an email. If I grant the ACL privilege to the same users directly it works fine. Is there any step I'm missing? This is the test I have made on my Solaris 10 - Oracle 11gR2 (11.2.0.3) Standard Edition server:
SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 21 09:31:52 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
SQL> CONNECT system/******@testdb
Connected.
SQL> SET LINES 1000
SQL> SELECT * FROM v$version;
BANNER
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE 11.2.0.3.0 Production
TNS for Solaris: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
SQL> COLUMN host FORMAT A20
SQL> COLUMN lower_port FORMAT 99999
SQL> COLUMN upper_port FORMAT 99999
SQL> COLUMN acl FORMAT A40
SQL> COLUMN acl FORMAT A40
SQL> COLUMN principal FORMAT A15
SQL> COLUMN privilege FORMAT A10
SQL> COLUMN is_grant FORMAT A8
SQL> COLUMN status FORMAT A10
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
no rows selected
SQL> CREATE USER testacl IDENTIFIED BY testacl;
User created.
SQL> GRANT CONNECT TO testacl;
Grant succeeded.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL connect true
After creating this ACL I test it like this:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
HOST LOWER_PORT UPPER_PORT PRIVILEGE STATUS
localhost 25 25 connect GRANTED
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
PL/SQL procedure successfully completed.
SQL>
This works fine and I receive the email correctly. Now if I try to do the same thing for a role:
SQL> CONNECT system/******@testdb
Connected.
SQL> BEGIN
2 dbms_network_acl_admin.drop_acl('test_smtp.xml');
3 commit;
4 END;
5 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> CREATE ROLE testacl_role;
Role created.
SQL> GRANT testacl_role TO testacl;
Grant succeeded.
SQL> ALTER USER testacl DEFAULT ROLE ALL;
User altered.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL_ROLE',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL_ROLE connect true
SQL>
And now I test it again with the same user:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL>
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
no rows selected
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
DECLARE
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 267
ORA-06512: at "SYS.UTL_SMTP", line 161
ORA-06512: at "SYS.UTL_SMTP", line 197
ORA-06512: at line 4
SQL>
I'm aware that role privileges doesn't apply inside procedures, functions or packages by default, but this is an anonymous block so it should use the active roles for the user. I also tried adding a "dbms_session.set_role('TESTACL_ROLE');" at the beggining of the anonymous PL/SQL block but I got the same access error.
Thanks in advance for any help you can give to me on this question, it would be very hard to grant the ACL to all the individual users as they are more than 1000, and we create more regularly.Thanks for your quick reply... I don't have a problem creating the basic ACL with the privileges granted for a user. The problem appears when I try to create an ACL with privileges for a ROLE. You can see here http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_networkacl_adm.htm#BABIGEGG than the official Oracle documentation states that you can assign the ACL principal to be a user or role:
Parameter
Description
acl
Name of the ACL. Relative path will be relative to "/sys/acls".
description
Description attribute in the ACL
principal
Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
My issue is that when I try to create the ACL for a role it doesn't work.
Have you ever created an ACL for a role? if so please send me an example or let me know which step I might be missing. Cheers. -
How to track the transport request number for the Role/Composit Role
Hi,
How to track the transport request number for the Role/Composit Role.
Thanks,
RaviUse transaction SE03 Transport Organizer Tools
Execute "Search for Objects in Requests/Tasks" with objects of types:
R3TR ACGR Role
R3TR ACGT Role - User assignment
Regards
Maybe you are looking for
-
How can we delete the icloud accounts from main website.Iam trying to log in to my account and it says that MAXIMUM NUMBER OF FREE ACCOUNTS ARE ACTIVATED?What can i do guys plz tell me?
-
Can we define a constant within a subroutine
Can we define a constant within a subroutine
-
Very high volumes of data transfer on ethernet.
Since upgrading to Leopard the volume of network data transfer has gone through the roof! Enough to force me to go over my broadband limit and have to pay penalty charges. Just sitting here this morning for 4 hours the system clocked up 100MB out (Tx
-
Security Update 2012-001 Version 1.1 broke Autodesk Mental Ray?
I ran Security Update 2012-001 Version 1.1 last night. Now, I can't render using the Mental Ray option in Maya 2011 (Hotfix 3 x64). I had just rendered before I ran the update.
-
I have been using itunes 6 with Windows xp for months with no problems. Suddenly any track i try to play comes up 'original file cannot be found'. My entire library seems to be disconnected from the original files. The track files folder is still on