How to restrict database user.

Similar Messages

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

• How to restrict the user in MIRO for not modifying  price

  Hi All 
  My requirement is How to restrict the users in MIRO screen for not modifying Material Prices  of only the for specific  ROH types .
  For example :
  Valuation class             RM description
    3021                             RM - A
    3022                             RM - B
    3024                             RM - C
  when ever we procure  the above Raw materials A,B and C and
  the Quantity of each Raw material @ 10 units  and value @ 1 INR  for each unit
  RM - A procured qty 10 @1 total price is INR  10
  RM - B procured qty 10 @1 total  price is INR 10
  RM - C procured qty 10 @1 total  price is INR 10
  total price of PO is INR 30
  when we received invoice material prices are  assume it INR 1 is excess for each material.Now the invoice price for each RM has become INR 11.
  in MIRO we want restrict the user to change the price from INR 10 to 11.
  suggest the best possible ways to restrict in MIRO screen
  Thanks & Regards
  Mala

  Dear:   
                    Take help of ABABPER fo implement exit using INVOICE_UPDATE or MRMH0003 Logistics Invoice Verification: Revaluation/RAP exit. If this does not help then seek help of MM functional who will help you to find exit for the required task.
  rEGARDS

• How to restrict the user from making any changes in Sales order- item level

  Hi to all
  How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
  Regards
  Anish Parikh
  Edited by: anish parikh on Jan 24, 2008 5:16 AM

  Hi Anish,
  This can be achieved through the roles and authorization.
  This can be done through the basis team. they can create user profiles and roles.
  For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
  Like that ur requirement can be done.
  Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
  Hope i answers.
  Reward points if useful.
  Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM

• How to restrict the user to enter only numeric values in a input field

  How to restrict the user to enter only numeric values in a input field.
  For example,
  i have an input field in that i would like to enter
  only numeric values. no special characters,alphabets .
  reply ASAP

  Hi Venuthurupalli,
  As valery has said once you select the value to be of type integer,once you perform an action it will be validated and error message that non numeric characters are there will be shown. If you want to set additional constraints like max value, min value etc you can use simple types for it.
  On the project structure on left hand side under local dictionary ->datatypes->simple types create a simple type of type integer
  The attribute which you are binding to value property ;make its type as simple type which you made
  Hope this helps you
  Regards
  Rohit

• How to preserve database user details before cloning

  Hi Experts,
  How to preserve database user details before cloning,
  I am cloning the test database with the prod database, so my concern is how to preserve the users details which they have in TEST database( like roles, privilges, profiles , passwords, etc.....). Because that all gone after cloning from PROD.
  Thanks
  Sam

  use the following script to take the backup of roles,pwd & other  details of DEV . after cloning  execute the scripts back in DEV to restore the old values....
  set head off
  set lines 200
  set pages 9999
  col owner for a20
  col db_link for a30
  col username for a15
  col host for a40
  col created for a12
  spool db_details.lst
  select * from global_name;
  select * from dba_db_links;
  select name from v$controlfile;
  select member from v$logfile;
  select file_name from dba_data_files;
  select file_name from dba_temp_files;
  spool off
  spool create_db_links.lst
  select 'create DATABASE LINK '||owner#||'.'||NAME|| ' connect to '|| userid || ' identified by '|| password || ' using '||''''|| host ||''''||'; ' FROM sys.link$ order by owner#;
  select username,user_id from dba_users where user_id in (select distinct owner# from link$);
  spool off
  spool alter_user.lst
  select ' alter user '||username||' identified by values ' || chr(39)||password||chr(39) || ';' from dba_users;
  spool off
  Set verify off
  Set space 0
  set feedback off;
  set echo off;
  set pages 1000;
  set lines 150;
  spool create_synonym.sql
  Select 'CREATE SYNONYM '||owner||'.'||synonym_name||' FOR '||table_owner||'.'||table_name||'@'||db_link||';' from dba_synonyms where db_link is not null and table_owner is not null;
  Select 'CREATE SYNONYM '||owner||'.'||synonym_name||' FOR '||table_name||'@'||db_link||';' from dba_synonyms where db_link is not null and table_owner is null;
  spool off;
  Spool profile.sql
  select ' alter user '||username||' profile '||PROFILE||';' from dba_users;
  spool off

• How to restrict the user for re-submitting the same form

  Hi All,
  I would like to know, How to restrict a user for re-submitting the same page.
  I have a jsp page with submit button... and should not allow the user to save the same data again ..
  Anil

  Try the followings. If user disable cookies, this will not work. You need to modify to detect such situation!
  String processed = "mycooke";
  Cookie[] cookies = request.getCookies();
  Cookie c = null;
  if (cookies!=null) {
     for (int i=0; i < cookies.length; i++) {
         if (cookies.getName.equals(processed)) {
  c = cookies[i];
  break;
  if (c!=null) {
  // already processed.
  // send error message and exit.
  // set cookie;
  c = new Cookie(processed , "yourdata");
  c.setMaxAge(-1);
  response.addCookie(c);
  // process as it is the first;

• How to Restrict a user to a access a particular table

  HI ,
  how to restrict an user to a one particular table and he should have only dispaly authorization for that , can anyone suggest me how to do this.

  Hi,
  Is it a standard table ? S_TABU_DIS (Client Dependant) and S_TABU_CLI (Cross client) are the the authorization objects that controls table maintenance. With Authorization group and activity 03, you can give user access only to Display.
  You can look at table TDDAT to find the authorization group of the table. If it is a custom table for which original t-code is SM30 ( You can look at SU24 to verify that) and it does not have authorization group assigned to it, then you can ask your developer to assign authorization group to the table using t-code SE54. then again make use of S_tabu_dis with activity 03 and Auth group as designed to restrict access.
  Also something to look for is Note 1481950 - New authorization check for generic table access using new auth object S_TABU_NAM. Remember Bernhard talking about it.
  Edited by: Nishant Sourabh on Oct 1, 2010 8:13 PM

• How to Restrict the users in oracle applications

  Hi,
  I want to Restrict the users in oracle applications without using database
  can any one please expalin me how to resttrict the users using middletier
  Thanks
  Gita

  HI srini ,
  my application version 12.0.4 and database is 10.2.0.4
  and i want to restrict the No of users
  exp i have have 500 users and i want restrict to 100 only
  how can i do that please explain
  Thanks,
  Sudheer

• How to restrict a user to login twice

  hei evryone!
  Here's my prob... I need to restrict a user to login more than once meaning, if a certain user account is currently login , that account cannot be used concurrently using another window or machine... If another user attempts to login, using that same account an error message will be displayed saying "this user account is already logged in".. i tried to do this in javascript but the code that i've got only works for IE and its kinda hard to capture the event for closing window.. plus using onunload is not advisable with my situation since my webpage can be redirected to other codes meaning the cause of unloading the page could either be closing the browser or redirecting the window to another page such as window.location="anothercode.jsp";... I was wondering if there's a way to do this in jsp...
  Any suggestions, ideas, or sample codes would be deeply appreciated. Thanks in advance!
  btw, i need to generate a code that is cross browser.. What i really need to accomplish is to be able to determine when the browser is closed either by clicking the X button on the window, alt f4 or my own close button and not when the page is unloaded.
  Here's a sample code : This only works in IE =(
  ---------- default.jsp-------------------------
  <html>
  <head>
  <script language="Javascript">
       onunload=function(e) {      
       winX = navigator.appName=="Microsoft Internet Explorer" ? window.event.clientX : e.screenX;
       winY =navigator.appName=="Microsoft Internet Explorer" ? window.event.clientY :e.screenY;
  if (winX<0 && winY<0)
            // redirect to logout.jsp n do some stuff
  </script>
  </head>
  <body>
  Logout
  List
  View Schedules
  </body>
  </html>
  the default screen would be the code above: "default.jsp" wherein there are many ways that the page
  can be unloaded such as :
  - clicking the logout link
  - click the View Schedules
  - click the x button the left side of the window
  - alt f4
  - if the window is minimized , right click then select close option
  Now, what i needed to do is to determined when the browser is closed so i reset the login flag of the account and can be used later on.

  hei everyone!
  im tryin to resolve this prob by adding a session id field on the users table. Everytime a user logs in i will update the session id field so that if anyone attempts to use the same account i will redirect the later into the login page with a warning msg. I'll do this by comparing the session id that u got from the dbase and the session id from request.getSessionId() of the browser. However, my prolem now is how to cleanup my database.. i need the cleanup coz i have a user tracking screen wherein i cud show who's account are login n who's not. I have created an applet and embed it in all of jsp files so that i cud catch the event for closing window whether by using the x button of the window or a power intrerruption. However, i need to find a way where i cud determine whether the event was really a close window or just a redirection from another page. I mean , you could leave the page either by viewing another screen or by actually closing the window.. For instance, my main page has main menu which are (1) View Users and (2) View Schedule .By default, im in the "View Users" screen . These two menus have their corresponding jsp n both jsp files have an embeded applet. So if the user click the "View Schedules " screen or if the user chooses to click the logout button or window's x button to exit the browser, then the applet will call the stop method. This what i meant by how will i determine if the user really exits on my application or not.. Coz if the user clicks from one screen to another then, user actually does not leave my application the user only exit on my application if the user logs out or close the window..
  Please help me out on this matter... Thanks in advance!

• How to restrict a user typing a custom value in the dDocAccount field.

  I have dDocAccount field drop down pre-populated with 2 values - Dept1, Dept2. However, user can able to type any other values (say Dept3) in the account text box and checkin a doc from WCC UI. How to restrict user from entering custom values?
  As an alternate solution - for time being i have the above account field is set as hidden using rule. I am trying to derive the account value from another one field's value (say Departments field with values Dept1, Dept2). I tried below code and found working:
  Department is a custom field created as option list with values Dept1, Dept2
  Under the Rules, for the field dDocAccount, is derived field checked and added below code
  <$dprDerivedValue=#active.xDepartment, getValue("#local","dOption")$>

  Hi,
  If Department is a custom metadata then you should access it like xDepartment(as any other custom metadata), not dDepartment.
  I know it is also possible to change the HTML that is generated for the dDocAccount field, to add javascript validation and so on, maybe this approach plus some additional JS and HTML twists and you should get it working(via component development).
  Hope it helps,
  Vlad

• How to restrict some users from viewing a screen of standard transaction

  Hi All,
  I need to restrict certain user ids from viewing the 'Payment Transactions' screen for the below mentioned transactions.
  FK01, FK02, FK03, MK01, MK02, MK03, XK01, XK02, XK03
  The Basis consultant has tried to configure it. However its not working. So need to find other solution.
  For all transactions other than FK01, MK01, XK01 (create vendor), the BAdi GOS_SRV_SELECT is called before the payment transaction screen appears. But for transactions FK01, MK01and XK0, no such BAdi is there.
  Also I'm not able to figure out how to restrict that particular screen using Badi GOS_SRV_SELECT. What will be the service name for this?
  Please help !!!
  Thanks in advance,
  Radhika

  hi,
  u can do this using user exits.
  identify the appropriate exit for ur transaction and thn put condition like
  if username = ...
  loop at screen.
  hide..
  endloop.
  i was just trying to give u some hint .make it to ur best.
  reward if hlpful.

• How to restrict the user input textfield to an Integer?

  Hello there;
  Here is my problem, and i need your help.
  I have a mssql 2005 server as my back end database;
  I have designed a web application from which i can load a specific table in my database.
  One of my table column is of integer type and i want to restrict the user to only entered an integer in the textfield.
  I have try the integer converter from the "converters" section of the pallete. The result is that its actually restrict the user input to be an integer, but i can't load the database, obtaining a java.lang.Int error message.
  Next i have tried using int theid=int.parseInt........ but i am receiving a syntax error of the type cannot find symbol parseInt.
  I can't just work this out!
  Could anybody help please.

  As has been stated in previous replies you can check that the value in the TextField is parseable as an Integer by using Integer.parseInt(fieldVariable.getText()). However, you can also restrict what characters can be entered into the text field, like so:
  Assume your field variable is textField1 then the KeyTyped event for the text field:
  private void textField1KeyTyped(java.awt.event.KeyEvent evt) {
       if (evt.getKeyChar() < '0' || evt.getKeyChar() > '9') {
            evt.consume();
  }will only allow the numeric characters (i.e., 0-9) to be typed into the field. Keep in mind that in this case the backspace, delete, home, arrow, etc, keys will not delete characters, move the cursor, etc, so if you want those you have to test for them as well.

• How to restrict the user id to a specific company code?

  Hi,
  I want to restrict a user id to access a specific company code only for both customizing and application data creation. This means that the user id can do customizing and create application data for that company code only and not for any other company codes.
  how can i do this?

  Hello Raja,
  You requirement of restricting users for application data can solved by adding the company code in the organization level button and the user will be restricted to mainatin application (transaction) data for the org element for which he is authorized for, if the transaction has objects which check company code.
  Customizing data authorization can be very tricky, as most of the customizing transactions are for maintaining customizing tables will not necessarily have an authorization check for org elements. In this case you may to manually insert a object called S_TABU_LIN alongwith S_TABU_DIS it will perform the job of restricting authorizations.
  In cases where the end user is accessing tables directly with SE16 S_TABU_DIS is the object that is check and maintained in PFCG.But,Such a restriction cannot be made with S_TABU_DIS alone. Fortunately SAP provides us with another authorization object S_TABU_LIN (Authorization for Organizational Unit), which can be used in conjunction with S_TABU_DIS to enforce such a restriction.
  This authorization object works only with Maintenance Views and Customizing tables. Also note that an Organization Criterion is a prerequisite for implementing the same
  A detailed step by step procedure to be followed is given below:
  1. The first step in implementation of line authorization is defining an Organization Criterion. For this we need to access the u201CSAP Reference IMGu201D customization page from SPRO transaction.
  2. From the IMG display screen select SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select the execute ( ) button for the u201CDefine Organization Criteriau201D.
  3. The resulting table display show all available Org Criteria values existing in the system. For our purposes we will create a new Org Criteria to suit our needs. Select the tab u201CNew Entriesu201D as shown below.
  4. Give an appropriate name starting with Y or Z for the new value. Note that a name starting with another letter will not be accepted by the SAP system. Click on u2018Saveu2019 button to save the newly created Org Criteria. This opens a new window asking for a Workbench Transport Request. This would be required so as to transport the new Line authorization restrictions further to the test and production systems.
  5. Now select the new Org Criterion u201CY_TESTu201D and double-click the u201CAttributesu201D tab as below to define the various Org Attributes.
  6. Provide the new Attribute name and Description for the same. Also fill the Authorization field value from the provided dropdown (1st Org Criterion Attribute u2026. 8th Org Criterion Attribute). The search help field is an optional field which can be filled if a search criterion exists or has been created earlier for the specific purpose. This field enables the u201CF4u201D when filling entries in the authorization object
  7. We already have a search help (C_T001) available, which provides as an F4 help the list of all available Company Codes in the system.
  Note that we can create up to 8 Org Attributes as per our requirements (by selecting u201CNew Entriesu201D tab), each corresponding to a column in the target table.
  8. Selecting the attributes link again will show us a list of all defined attributes and the authorization Field it will appear in. Now that we have defined the Attribute Field that we require, we need to associate each attribute to the corresponding Table Field in the target table.
  Select one of the attributes as below and double-click on the u201CTable Fieldsu201D button to define the field associations.
  9. Select the u201CNew Entriesu201D tab to create a new table field association.
  10. The View/table field must be filled with the target table which we need to control.
  11. The u201CField Nameu201D will require the field name of the target table which be linked with the specific Org Attribute. Performing an F4 on this field will display the list of all possible fields available in the View/table provided earlier. Here we will select the field name BUKRS (Company Code). Save the entries in the same workbench request created earlier.
  12. The next step would be to activate this new Org Criterion so that SAP now checks the authorization for S_TABU_LIN for every user
  13. In the u2018IMG displayu2019 go to SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select execute ( ) button for the u201CActivate Organization Criteriau201D.
  14. From the resulting customization screen tick the check-box for the Org Criterion that we have created. On saving the settings the system then asks for a Customizing Transport Request for further transport into test and development systems.
  15. Any user without this authorization will not be allowed in to the SM30 display/change screen for this table.
  16. In the role for which the S_TABU_DIS provides maintenance access for the table , we will now also need to maintain the object S_TABU_LIN.
  17. On selecting change button besides any authorization field you will need to select the Organization criterion which needs to be maintained here. Note that only one Org Criterion can be maintained in one instance of S_TABU_LIN object.

• How to synchronize database user

  Hi All
  I have a Database user A
  I want to create a Database user B
  User B is only select role
  User A is update, select, delete, etc...
  How to create user B which tables of user A and tables user B is the same.
  Any changes of user A, user B is changed too.
  Please help me!
  Thanks alot
  Thiensu2810

  If user B owns tables, then it will have select, insert, update, delete on those tables.
  Maybe user B should just have synonyms of user A tables, and select priveleges on user A tables ?