How to find if a user has access to view "all_directories" ??

A developer has complained that he cannot access view all_directories which he was able to access few days ago in production.However in development instance , he is able to query from the view all_directories.
How to compare the two access for the same schem ain two different instance ??

Vicky wrote:
Ask them to provide proof (screen copy-paste or whatever) indicating the failure.Yeah , you were right, they were able to query the table, but not returning any rows. ( they flabbergasted me...). They are telling me that earlier they were able to query and get output, but they are not getting any row now ....just no rows selelctedThat makes more sense - all accessible directories for the user removed by the administrators.

Similar Messages

  • How to determine if a user has access to an item

    Without using the WWSEC_API, i need to find out if a user (not the logged in user) has the right privileges to view an item (url).
    Has anyone identified what tables are involved in determining if a user has access to view an item ?

    Create a vo with the following SQL passing userid as bind value:
    SELECT C.USER_NAME,
    B.RESPONSIBILITY_NAME,
    A.START_DATE,
    A.END_DATE
    FROM APPS.FND_USER_RESP_GROUPS_DIRECT A,
    APPS.FND_RESPONSIBILITY_TL B,
    APPS.FND_USER C
    WHERE C.USER_ID = A.USER_ID
    AND C.USER_NAME= :1
    AND B.RESPONSIBILITY_ID = A.RESPONSIBILITY_ID
    You will have the list of all the responsibilities of a user.
    Kristofer

  • How to find out which user has the permission to execute startsap ?

    Hi All
    How do I find out which user has the permission to execute the startsap and stopsap? Do I control the permission on those script using windows standard authorization? For example: only allow certain user have the read and write permission?
    Thank you.!
    Vincent Lo

    Well to me this is really weird question..
    <b>noone un-authorized should have access to OS on your system</b>
    If this is valid you do not need to solve problems who can and who cannot start/stop SAP, because if you want to prevent some users from shutting down the SAP you have really hard job to do - there are many ways how to kill the SAP (for example killing relevant process from task manager, killing of database, messing with services etc.) - yes, this is harmful way of stopping SAP, but we are talking about attack, right? I would contact some Windows specialist to help you disable all the ways how to harm the running SAP. But still after that - there are many files that can be modified/deleted so SAP will crash after restart - you need to protect them too, etc.
    In case you take the first assumption as granted (and you really limit access to this server) you do not need to worry who can stop or start SAP - at the other hand it may be handy to be able to start/stop SAP from other users - for this you can run the stop/start script "under different user".
    But to answer the question - to me this is question just of access control (but really never tried that myself):
    <a href="http://technet2.microsoft.com/WindowsServer/en/library/c6413717-511e-42bd-bd81-82431afe4b2a1033.mspx">Permit or restrict access to a snap-in for a domain</a> (or see other related links down there on this page)
    Please award points for useful answers.
    Thanks

  • How to find out if someone has accessed my iclouds

    how can i find out if some one other than (me)  the owner and only authorized person has accessed my icouds account with out my authority.  is there maybe a link that notes the time and date and maybe which device, hadd accessed the account?  if theres not one then apples needs to seriously get on top of this cause i see that its not just me thats having this isue i think that a link as such wouls solve and ease so much stress and nervouseness from people,
    thanks

    I know what a screenshot is
    So why mention it in connection with accessing your phone remotely then?
    I've been using mac computers for over 30yrs.
    So? You're asking about remotely accessing your phone, aren't you?
    I know what I saw, it looked like a 'terminal view' of remote access activity
    Well, you obviously don't know what you saw, otherwise you'd be able to find it again.. but considering iOS does not contain such a view of activity, and never has, it's hardly surprising you can't find it.
    The only place where anything is logged in iOS is in Settings > General > About > Diagnostics & Usage  > Diagnostics & Usage Data - but those are not remote access logs.
    By the way, your comments are very rude and condescending.
    LOL. Hardly - I've given you facts of the situation. Nobody can access your phone remotely, and no list of remote activity exists in iOS. If you can't accept facts then you've come to the wrong place.
    But believe what you want. Doesn't bother me. I've given up trying to help you.

  • How to check if a user has access to a responsibility

    Hi,
    I have a user_id in the controller. How do I know if this user has a particular responsibility added to him or not. I guess there a specific proflle call which gives this information. Can you give me that information.
    Thanks,
    HC

    Create a vo with the following SQL passing userid as bind value:
    SELECT C.USER_NAME,
    B.RESPONSIBILITY_NAME,
    A.START_DATE,
    A.END_DATE
    FROM APPS.FND_USER_RESP_GROUPS_DIRECT A,
    APPS.FND_RESPONSIBILITY_TL B,
    APPS.FND_USER C
    WHERE C.USER_ID = A.USER_ID
    AND C.USER_NAME= :1
    AND B.RESPONSIBILITY_ID = A.RESPONSIBILITY_ID
    You will have the list of all the responsibilities of a user.
    Kristofer

  • How to find out which user has locked a particular record of a table

    Hi
    Is it possible to know - which user has locked a particular record (I know the primary key of the record) of a table
    Regards

    select     OS_USER_NAME os_user,
         PROCESS os_pid,
         ORACLE_USERNAME oracle_user,
         l.SID oracle_id,
         decode(TYPE,
              'MR', 'Media Recovery',
              'RT', 'Redo Thread',
              'UN', 'User Name',
              'TX', 'Transaction',
              'TM', 'DML',
              'UL', 'PL/SQL User Lock',
              'DX', 'Distributed Xaction',
              'CF', 'Control File',
              'IS', 'Instance State',
              'FS', 'File Set',
              'IR', 'Instance Recovery',
              'ST', 'Disk Space Transaction',
              'TS', 'Temp Segment',
              'IV', 'Library Cache Invalidation',
              'LS', 'Log Start or Switch',
              'RW', 'Row Wait',
              'SQ', 'Sequence Number',
              'TE', 'Extend Table',
              'TT', 'Temp Table', type) lock_type,
         decode(LMODE,
              0, 'None',
              1, 'Null',
              2, 'Row-S (SS)',
              3, 'Row-X (SX)',
              4, 'Share',
              5, 'S/Row-X (SSX)',
              6, 'Exclusive', lmode) lock_held,
         decode(REQUEST,
              0, 'None',
              1, 'Null',
              2, 'Row-S (SS)',
              3, 'Row-X (SX)',
              4, 'Share',
              5, 'S/Row-X (SSX)',
              6, 'Exclusive', request) lock_requested,
         decode(BLOCK,
              0, 'Not Blocking',
              1, 'Blocking',
              2, 'Global', block) status,
         OWNER,
         OBJECT_NAME
    from     v$locked_object lo,
         dba_objects do,
         v$lock l
    where      lo.OBJECT_ID = do.OBJECT_ID
    AND l.SID = lo.SESSION_ID
    hope this helps
    Zekeriya

  • How to find Org unit User has selected

    Hi All,
    We are setting up printing on our CRM 5.0 system (Web interaction centre) and was wondering if anyone knows of a way to find out what Org unit the users is logged on as ??
    We are using Actions to print specific smartforms off for the users and need the prints to go to an assigned printer.. We are hoping to use a printer that is assigned to the 'Default Printer' attribute in the org structure (PPOMA_BBP)
    As you will be aware users can be in many positions (under the org units) in the org structure and when we log onto the Web IC we get the option of which one we would like to use... Is there a function that can read this Org unit so we can use it in the printer determination BADI to decide what printer the prints will go to ???
    Many Thanks
    Gaz

    As soon as you make the profile selection,IC sets the profile and org unit in the session.
    You can read them using
    Data: lv_prof     type ref to if_ic_profile,
                    pname       type        string,
                    orgunit     type        crmt_ic_org_unit.
    lv_prof = cl_ic_profile_service=>get_instance( ).
    pname = lv_prof->get_profile( ).
    org_unit = cl_crm_ic_services=>get_org_unit(  ).
    Thanks,
    Thirumala.

  • How to find if the user has selected one or many files using a file chooser

    I have a file chooser but want it to return either a file or file array depending on whether more than one file is selected but there doesn't seem to be any way to find out if that is the case or not. I want it to look something like:
                if(fileChooser.getSelectedFile().isDirectory()==true)
                    selectedFile=fileChooser.getCurrentDirectory();
                else if(fileChooser.multipleFilesSelected())
                    fileChooser.getSelectedFiles();//we have more than one file selected
                else   
                    fileChooser.getSelectedFile();    //if we have one file selected
                }am I going about dealing with this in the right way?

    OK, I scoured the API again and found I could avoid the problem altogether by using
    http://java.sun.com/j2se/1.4.2/docs/api/javax/swing/JFileChooser.html#isMultiSelectionEnabled()
    and
    http://java.sun.com/j2se/1.4.2/docs/api/javax/swing/JFileChooser.html#setFileSelectionMode(int)

  • How to find out the user who has created  a new field in the custom table.

    How to find out the user details who has created  a new field in the custom table.
    Thanks,
    Joan

    Hi Jesudasan ,
    You can know the user details with version management.Please find the
    below procedure to know.
    Go to table->Utilities tab->version->Version management->Compare the previous one .
    Hope this solves the issue,Let me know if you have any issues.
    Thanks,
    Rajani

  • How can I check if an user has access to an url within my web app?

    Hi,
    I have a web application where I allow the users to set their startup page by presenting them a list of startup pages. However, some startup pages can accessed only by certain users, so I want to present the user only those pages the user has access to.
    How can I do this with weblogic?
    One way is to read the web.xml file and determine the roles that have access to the page, then check whether the user has any of those roles.
    Is there a better way eventually using some weblogic api?
    Thanks

    Just for the record, I decided to parse the web.xml file and to simulate whatever the container does.

  • How do I test to see if a user has access on a site?

    I am completely new to PowerShell, but I have a requirement to build a PowerShell script that will run against a site, a set of sites or a web application. How do I add a check within my script to test if a user has rights on the site they are running it
    on or not? Am clueless on how to test if the user has rights to a site....I basically am trying to test, then let them know that they do not have access on a site or not. 
    How can I get this done? Please help.

    I now have this code which I think should do the trick, but I am getting an exception when i step through it. The $serverContext variable is always null. Does anyone know why I am getting this?
    write-host "Please enter the url of the site collection"
    $url = read-host
    write-host "Please enter the username of the user"
    $userName = read-host
    $site = New-Object Microsoft.SharePoint.SPSite($url)
    $serverContext = [Microsoft.Office.Server.ServerContext]::GetContext($site)
    $userProfileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($serverContext)
    $userProfile = $userProfileManager.GetUserProfile($userName)
    $userLogin = $userProfile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value.ToString()
    $webs = $site.AllWebs
    foreach ($web in $webs)
    $permissionInfo = $web.GetUserEffectivePermissionInfo($userLogin)
    $roles = $permissionInfo.RoleAssignments
    write-host "Now checking the permissions of the user " $userLogin " " "in the site " $web.Url
    for ($i = 0; $i -lt $roles.Count; $i++)
    $bRoles = $roles[$i].RoleDefinitionBindings
    foreach ($roleDefinition in $bRoles)
    if ($roles[$i].Member.ToString().Contains('\'))
    write-host "The User " $userLogin " has direct permissions " $roleDefinition.Name
    else
    write-host "The User " $userLogin " has permissions " $roleDefinition.Name " given via " $roles[$i].Member.ToString()
    Thanks for the help.
     

  • How do I get a list of the reports that a user has access to?

    <p>I need to be able to determine which reports a specified user has access to.  This is for an application where users will be able to search and view reports that have been archived through a separate process.  </p><p>I&#39;ve searched through the developer library, but I can&#39;t find this specific information.  Can I use the ObjectPrinicpals class to get this info?</p><p>Thanks!</p><p>-Dell<br /></p>

    Hi Robert!
    Yes, the presentation went well. It was a lot of fun to do and I had a great time at the conference.
    Your suggestion works great if I'm walking down through the reports looking to see who has access to them.Â
    However, I need to do this starting from the User object. When I use the ObjectPrincipals of the User, I get a list of the users who have the rights to modify the user. I did a lot of work on this last week and it boils down to I'm going to have to actually log in as the user (I can use trusted authentication to do this without having the user's password) and then run a query to select all of the reports in the system - this should give me just the reports that the user has access to. Not the most efficient way to get the data from my perspective, but it should work.
    This would be a great feature to have added to future versions of the SDK. I need it for a couple of purposes:
    1. To gather information to set up the security in my archive viewer application.
    2. For auditing purposes - we currently have only Professional licenses so I don't have access to the internal auditing functionality. Plus, I'm not sure that that includes the kind of info I'm looking for so I'm building an app that extracts information to XML which is then used by a couple of reports so that I can provide the audit info as needed.
    -Dell
    Â - A computer only does what you told it to, not what you thought you told it to!</p>

  • BO SDK Query to find all folders that a user has access to

    Hi Experts
    Please help me on BO SDK Query to "find all folders that a user has access in a single query".
    I am tried trial & error using PARENTS & CHILDREN. nothing worked
    Please advice
    Thanks!
    Prasath

    Hi Aasavari
    I am checking BO Web services samples and .NET samples. Please advice me the correct files to check the user/folder rights.
    Thank you so much
    Prasath
    http://wiki.sdn.sap.com/wiki/display/BOBJ/NETWebServicesSDKSamples

  • How find whether the User has inherited or excluded or directly assigned .

    Hi Every one,
    I am building a report where in which I require for a given position and catalog who are the users and these users are Directly assigned or  Excluded or Inherited.
    If Inherited from which position it has been inherited.
    Now that I got the list of user for a Catalog id , and I can get the attributes for each users through FM BBP_READ_ATTRIBUTES
    But this FM fetches the attributes Inherited excluded or directly feild too, but it is not correct.
    I want to know whether is there any way where we can find the given user has inherited this catalog and from this , so same as this user has direct assignement to this catalog or this user has been exclude for this catalog.
    Regards,
    Raj

    Hi,
    The table ET_ATTR of the function module  BBP_READ_ATTRIBUTES will provide information about the Inherited, Default or Excluded status.
    The following are the appropiate Indicators.
    INH_STATUS - Inherited
    DFT_FLAG - Default
    EXCLUDED - Excluded
    Regards
    Kathirvel

  • How to check if the user has only the display authority of a message

    hi,
    How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
    Best regards,

    hi blake
    though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
    Basically Authorization Management 
    Use
    You can use the following authorization objects to control the authorizations for maintaining business partner data:
    •        Authorization objects for the Business Partner:
    •     &#61601;        B_BUPA_GRP
    •     &#61601;        B_BUPA_ATT
    •     &#61601;        B_BUPA_FDG
    •     &#61601;        B_BUPA_RLT•       
    Authorization objects for relationships:
    •     &#61601;        B_BUPR_BZT
    •     &#61601;        B_BUPR_FDG
    In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
    You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
    In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
    For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
    IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
    Prerequisites
    You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
    Moving over
    AS ABAP Authorization Concept 
    The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
    To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
    Authorization Checks 
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
    •        Starting SAP transactions (authorization object S_TCODE)
    •        Starting reports (authorization object S_PROGRAM)
    •        Calling RFC function modules (authorization object S_RFC)
    •        Table maintenance with generic tools (S_TABU_DIS)
    Checking at Program Level with AUTHORITY-CHECK
    Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
    AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
    Starting SAP Transactions
    When a user starts a transaction, the system performs the following checks:
    •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
    •        The system then checks whether the user has authorization to start the transaction.
    The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
    •     &#61601;        The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
    •     &#61601;        If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
    If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
    •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
    The check is not performed in the following cases:
    You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
    This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
    •     &#61601;        You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
    •     &#61601;        So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
    All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
    Starting Report Classes
    You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
    We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
    You must consider the following:
    •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
    •     •         There are certain system reports that you cannot assign to any authorization class. These include:
    •     •         RSRZLLG0
    •     •         STARTMEN (as of SAP R/3 4.0)
    •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
    •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
    Calling RFC Function Modules
    When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
    Checking Assignment of Authorization Groups to Tables
    You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
    You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
    please See also:
    •        SAP Notes 7642, 20534, 23342, 33154, and 67766
    guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
    but if u sit with ur BASIS guy then u can learn lot of things in PFCG
    i guess u r a basis guy,then its not a problem
    best regards
    ashish

Maybe you are looking for