How to Restrict a user to a access a particular table

Similar Messages

• How to revoke a user from having access to a table

  Hi,
  what is the syntax to revoke a user from having access to a certain table ??
  I want to revoke SELECT, UPDATE, INSERT, and DELETE ?
  thanks,

  Hi,
  Try this:
  revoke select, update, delete, insert on your_table from some_user;You can find more info at the docs:
  http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/statements_9020.htm

• How to restrict / limit users NOT to view a particular type of costs !

  Hi,
  EBS - R12.1
  One of the requirements from our client is that, they want to cost employee salaries onto Projects (as overheads).
  Now, how to limit/restrict visibility (view) of these costs to all users (except PM).
  I mean, can we restrict a particular type of costs to everyone except PM.
  Please let me know.
  Thank you,
  Vish

  Hi
  Here is the explanation from Oracle Help:
  Project and Labor Cost Security in Oracle Projects
  Oracle Projects provides three levels of project-based security to protect data ownership and sensitivity in relation to a given project or project template. For each level of security, Oracle Projects enforces default business rules depending on an employee's relationship to a project, as illustrated below:
  Action Key Member Cross- Project Other Users
  Query project information YES YES YES
  Update project information and perform functions on a project YES YES
  View labor costs of detail expenditure items (@) YES YES
  (@) Only if the user's project role type is configured to view labor costs.
  You can override the default logic or add additional security criteria via the Project Security Client Extension. For a detailed description of the project security extension, see: Project Security Extension.
  Key members are responsible for the management and administration of the project to which they are assigned. Each key member is assigned a project role type, which describes the type of role that the employee has on the project. Project role types include Project Manager and Project Administrator. You define whether each role type can view labor costs online and in reports.
  Cross-project users can view expenditure details and update information for any project, even if they are not assigned as a key member to the project. Cross-project users log in to Oracle Projects under a cross-project responsibility. You define an Oracle Projects responsibility as a cross-project responsibility by setting the PA: Cross-Project Responsibility profile option value to Yes.
  View Labor Cost Allowed
  This level of security determines whether or not you can view labor costs (both raw and burdened). The default business rule in Oracle Projects is that you may view labor costs if you are:
  ### A key member for the project and your project role type allows you to view labor costs
  ### A cross-project user
  If you are not permitted to view labor costs, the amount is not shown in the form field; that is, the field will be blank.
  Dina

• How to restrict the user id to a specific company code?

  Hi,
  I want to restrict a user id to access a specific company code only for both customizing and application data creation. This means that the user id can do customizing and create application data for that company code only and not for any other company codes.
  how can i do this?

  Hello Raja,
  You requirement of restricting users for application data can solved by adding the company code in the organization level button and the user will be restricted to mainatin application (transaction) data for the org element for which he is authorized for, if the transaction has objects which check company code.
  Customizing data authorization can be very tricky, as most of the customizing transactions are for maintaining customizing tables will not necessarily have an authorization check for org elements. In this case you may to manually insert a object called S_TABU_LIN alongwith S_TABU_DIS it will perform the job of restricting authorizations.
  In cases where the end user is accessing tables directly with SE16 S_TABU_DIS is the object that is check and maintained in PFCG.But,Such a restriction cannot be made with S_TABU_DIS alone. Fortunately SAP provides us with another authorization object S_TABU_LIN (Authorization for Organizational Unit), which can be used in conjunction with S_TABU_DIS to enforce such a restriction.
  This authorization object works only with Maintenance Views and Customizing tables. Also note that an Organization Criterion is a prerequisite for implementing the same
  A detailed step by step procedure to be followed is given below:
  1. The first step in implementation of line authorization is defining an Organization Criterion. For this we need to access the u201CSAP Reference IMGu201D customization page from SPRO transaction.
  2. From the IMG display screen select SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select the execute ( ) button for the u201CDefine Organization Criteriau201D.
  3. The resulting table display show all available Org Criteria values existing in the system. For our purposes we will create a new Org Criteria to suit our needs. Select the tab u201CNew Entriesu201D as shown below.
  4. Give an appropriate name starting with Y or Z for the new value. Note that a name starting with another letter will not be accepted by the SAP system. Click on u2018Saveu2019 button to save the newly created Org Criteria. This opens a new window asking for a Workbench Transport Request. This would be required so as to transport the new Line authorization restrictions further to the test and production systems.
  5. Now select the new Org Criterion u201CY_TESTu201D and double-click the u201CAttributesu201D tab as below to define the various Org Attributes.
  6. Provide the new Attribute name and Description for the same. Also fill the Authorization field value from the provided dropdown (1st Org Criterion Attribute u2026. 8th Org Criterion Attribute). The search help field is an optional field which can be filled if a search criterion exists or has been created earlier for the specific purpose. This field enables the u201CF4u201D when filling entries in the authorization object
  7. We already have a search help (C_T001) available, which provides as an F4 help the list of all available Company Codes in the system.
  Note that we can create up to 8 Org Attributes as per our requirements (by selecting u201CNew Entriesu201D tab), each corresponding to a column in the target table.
  8. Selecting the attributes link again will show us a list of all defined attributes and the authorization Field it will appear in. Now that we have defined the Attribute Field that we require, we need to associate each attribute to the corresponding Table Field in the target table.
  Select one of the attributes as below and double-click on the u201CTable Fieldsu201D button to define the field associations.
  9. Select the u201CNew Entriesu201D tab to create a new table field association.
  10. The View/table field must be filled with the target table which we need to control.
  11. The u201CField Nameu201D will require the field name of the target table which be linked with the specific Org Attribute. Performing an F4 on this field will display the list of all possible fields available in the View/table provided earlier. Here we will select the field name BUKRS (Company Code). Save the entries in the same workbench request created earlier.
  12. The next step would be to activate this new Org Criterion so that SAP now checks the authorization for S_TABU_LIN for every user
  13. In the u2018IMG displayu2019 go to SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select execute ( ) button for the u201CActivate Organization Criteriau201D.
  14. From the resulting customization screen tick the check-box for the Org Criterion that we have created. On saving the settings the system then asks for a Customizing Transport Request for further transport into test and development systems.
  15. Any user without this authorization will not be allowed in to the SM30 display/change screen for this table.
  16. In the role for which the S_TABU_DIS provides maintenance access for the table , we will now also need to maintain the object S_TABU_LIN.
  17. On selecting change button besides any authorization field you will need to select the Organization criterion which needs to be maintained here. Note that only one Org Criterion can be maintained in one instance of S_TABU_LIN object.

• How to give an user permission to access centain Transformations?

  I would like to know how to give an user permission to access centain Transformations in one InfoArea only. I already limited the selection in one InfoArea now. I want users can only Display Transformations for all the InfoObjects under this InfoArea. Does anyone know the detail steps? Thanks!

  HI,
  are you working under Analysis Auth (BI7) or Reporting Auth (BW 3.X)?
  If you work with the new concept you can restrict your authorization by using theinfoobjet: 0TCAIFAREA.
  before you Add 0TCAIFAREA as an external hierarchy characteristic to 0INFOPROV also when you restrict your auth by infoprovider you can choose the infoarea hierarchy
  hope it help
  Regard's

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

• How to restrict the user in MIRO for not modifying  price

  Hi All 
  My requirement is How to restrict the users in MIRO screen for not modifying Material Prices  of only the for specific  ROH types .
  For example :
  Valuation class             RM description
    3021                             RM - A
    3022                             RM - B
    3024                             RM - C
  when ever we procure  the above Raw materials A,B and C and
  the Quantity of each Raw material @ 10 units  and value @ 1 INR  for each unit
  RM - A procured qty 10 @1 total price is INR  10
  RM - B procured qty 10 @1 total  price is INR 10
  RM - C procured qty 10 @1 total  price is INR 10
  total price of PO is INR 30
  when we received invoice material prices are  assume it INR 1 is excess for each material.Now the invoice price for each RM has become INR 11.
  in MIRO we want restrict the user to change the price from INR 10 to 11.
  suggest the best possible ways to restrict in MIRO screen
  Thanks & Regards
  Mala

  Dear:   
                    Take help of ABABPER fo implement exit using INVOICE_UPDATE or MRMH0003 Logistics Invoice Verification: Revaluation/RAP exit. If this does not help then seek help of MM functional who will help you to find exit for the required task.
  rEGARDS

• How to restrict the user from making any changes in Sales order- item level

  Hi to all
  How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
  Regards
  Anish Parikh
  Edited by: anish parikh on Jan 24, 2008 5:16 AM

  Hi Anish,
  This can be achieved through the roles and authorization.
  This can be done through the basis team. they can create user profiles and roles.
  For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
  Like that ur requirement can be done.
  Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
  Hope i answers.
  Reward points if useful.
  Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM

• How to restrict the user to enter only numeric values in a input field

  How to restrict the user to enter only numeric values in a input field.
  For example,
  i have an input field in that i would like to enter
  only numeric values. no special characters,alphabets .
  reply ASAP

  Hi Venuthurupalli,
  As valery has said once you select the value to be of type integer,once you perform an action it will be validated and error message that non numeric characters are there will be shown. If you want to set additional constraints like max value, min value etc you can use simple types for it.
  On the project structure on left hand side under local dictionary ->datatypes->simple types create a simple type of type integer
  The attribute which you are binding to value property ;make its type as simple type which you made
  Hope this helps you
  Regards
  Rohit

• How to restrict the user for re-submitting the same form

  Hi All,
  I would like to know, How to restrict a user for re-submitting the same page.
  I have a jsp page with submit button... and should not allow the user to save the same data again ..
  Anil

  Try the followings. If user disable cookies, this will not work. You need to modify to detect such situation!
  String processed = "mycooke";
  Cookie[] cookies = request.getCookies();
  Cookie c = null;
  if (cookies!=null) {
     for (int i=0; i < cookies.length; i++) {
         if (cookies.getName.equals(processed)) {
  c = cookies[i];
  break;
  if (c!=null) {
  // already processed.
  // send error message and exit.
  // set cookie;
  c = new Cookie(processed , "yourdata");
  c.setMaxAge(-1);
  response.addCookie(c);
  // process as it is the first;

• How do you give user permissions to access a terminal server?

  How do you give user permissions to access a terminal server?

  Refer : http://technet.microsoft.com/en-us/library/cc781509(v=ws.10).aspx
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• How to restrict the st loc list applicable to particular plant mm01

  Hi,
  While creating material master user after selecting a particular plant user sees all the storage locations available in the system.How to restrict the storage location list applicable to particular plant while material creation
  Best Regards,
  BM

  Hi,
  As Mahesh said , you need to put validation there, please contact your development team for this.
  Though you are able to see all storgae location you are not able to create the material master, it throws as error if you select incorrect storage location which is not maintained for that particulare plant.
  It gives an error message
  Entry Plant SL  does not exist in T001L (check entry)
  So user will not be able to create material master for improper plant SL combination.
  Thanks,
  Ravi

• How to find out the query is accessing the DB tables or not

  Hi Gurus ,
  How to find out the query is accessing the DB tables or not.
  Where exactly we will find this information in SAP BW.
  I know that this information we can find in ST03. But where exactly we will find the query information along with DB information?

  Lakshmi
  Activate BI Technical Content for Query analysis and run query against that.
  Hope this helps
  Thanks
  sat

• How to restrict the user from accessing other screens before submittingdata

  Hi All,
    I have some screens developed in Webdynpro ABAP and all these have been linked to Portal as pages. In Portal If i click on the link in detailed navigation i can see the corresponding screen on the right side. Now in one screen i have to input some data and submit the data, Now my problem is if i enter some data and before submitting the data if i click on any other link in the detailed navigation, that corresponding screen is opening and all the data of the previous screen is lost.
  Can any one suggest me, how can i restrict the user from accessing other screens before submitting the data of that screen from portal perspective.

  Hi Prasanna,
  The pages can be restricted from the user access by using the ACL permission or you can restrict the page by making invisible in navigation area which you do not want to show to the user . Open the page properties and select navigation category in the drop down and select the Invisible in navigation area property to yes.By default this property is No.Change the property for all pcd pages which want to hide from user access.
  Hope this helps you...
  Regards,
  Rudradev Devulapalli
  Reward the points if helpful....

• How to restrict a User to access only 2-3 views in MM01/MM02 ???

  Hi,
  Can anyone tell me how can I restrict a User to access only 2-3 views in MM01/MM02 and also the User should not be allowed to change the View selection by clicking on the Select Views button ?.
  Regards,
  Lucky

  Hi Prashant,
  Can this only be done through changes in Authorization Objects ? Is not there any setting which can be done in SPRO for this ?
  Hi Sheshagiri,
  I could not exactly understand how the access to MM Views can be restricted to User through TCode OMT3B i.e. in SSeq. 01 and Screen 07 ? Subscreen 2154 is for Mat. Groups ? Please explain your answer in detail.
  Regards,
  Lucky