How to restrict one user making DDL changes in another schema

Similar Messages

• How to restrict the users not to change receiving batch no. in 305 mov.type

  Dear MM Guru,
  We are using mov.type 303 & 305 for transferring the materials from one plant to another plant. t.code is MB1B (Non split valued item)
  While receive the goods through 305 mov.type the user having the chance to change the receiving batch number. To control this changes, is there a way where we can restrict the users not to do the changes in receiving batch no. or can we do the GR with reference to the material document 303 mov.type.     
  Regards,
  Sivanandan

  Hi,
  Generally there is a possibility to change the batch no. If you want to restrict it means go for enhancement. Use BADI to acheive this.In  MB_MIGO_BADI you can set not to change the batch no. Hope it works. Thanking you.

• How to restrict the user from making any changes in Sales order- item level

  Hi to all
  How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
  Regards
  Anish Parikh
  Edited by: anish parikh on Jan 24, 2008 5:16 AM

  Hi Anish,
  This can be achieved through the roles and authorization.
  This can be done through the basis team. they can create user profiles and roles.
  For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
  Like that ur requirement can be done.
  Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
  Hope i answers.
  Reward points if useful.
  Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM

• How to restrict the user in MIRO for not modifying  price

  Hi All 
  My requirement is How to restrict the users in MIRO screen for not modifying Material Prices  of only the for specific  ROH types .
  For example :
  Valuation class             RM description
    3021                             RM - A
    3022                             RM - B
    3024                             RM - C
  when ever we procure  the above Raw materials A,B and C and
  the Quantity of each Raw material @ 10 units  and value @ 1 INR  for each unit
  RM - A procured qty 10 @1 total price is INR  10
  RM - B procured qty 10 @1 total  price is INR 10
  RM - C procured qty 10 @1 total  price is INR 10
  total price of PO is INR 30
  when we received invoice material prices are  assume it INR 1 is excess for each material.Now the invoice price for each RM has become INR 11.
  in MIRO we want restrict the user to change the price from INR 10 to 11.
  suggest the best possible ways to restrict in MIRO screen
  Thanks & Regards
  Mala

  Dear:   
                    Take help of ABABPER fo implement exit using INVOICE_UPDATE or MRMH0003 Logistics Invoice Verification: Revaluation/RAP exit. If this does not help then seek help of MM functional who will help you to find exit for the required task.
  rEGARDS

• How to Restrict a user to a access a particular table

  HI ,
  how to restrict an user to a one particular table and he should have only dispaly authorization for that , can anyone suggest me how to do this.

  Hi,
  Is it a standard table ? S_TABU_DIS (Client Dependant) and S_TABU_CLI (Cross client) are the the authorization objects that controls table maintenance. With Authorization group and activity 03, you can give user access only to Display.
  You can look at table TDDAT to find the authorization group of the table. If it is a custom table for which original t-code is SM30 ( You can look at SU24 to verify that) and it does not have authorization group assigned to it, then you can ask your developer to assign authorization group to the table using t-code SE54. then again make use of S_tabu_dis with activity 03 and Auth group as designed to restrict access.
  Also something to look for is Note 1481950 - New authorization check for generic table access using new auth object S_TABU_NAM. Remember Bernhard talking about it.
  Edited by: Nishant Sourabh on Oct 1, 2010 8:13 PM

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

• How to restrict the user to enter only numeric values in a input field

  How to restrict the user to enter only numeric values in a input field.
  For example,
  i have an input field in that i would like to enter
  only numeric values. no special characters,alphabets .
  reply ASAP

  Hi Venuthurupalli,
  As valery has said once you select the value to be of type integer,once you perform an action it will be validated and error message that non numeric characters are there will be shown. If you want to set additional constraints like max value, min value etc you can use simple types for it.
  On the project structure on left hand side under local dictionary ->datatypes->simple types create a simple type of type integer
  The attribute which you are binding to value property ;make its type as simple type which you made
  Hope this helps you
  Regards
  Rohit

• How to restrict the user for re-submitting the same form

  Hi All,
  I would like to know, How to restrict a user for re-submitting the same page.
  I have a jsp page with submit button... and should not allow the user to save the same data again ..
  Anil

  Try the followings. If user disable cookies, this will not work. You need to modify to detect such situation!
  String processed = "mycooke";
  Cookie[] cookies = request.getCookies();
  Cookie c = null;
  if (cookies!=null) {
     for (int i=0; i < cookies.length; i++) {
         if (cookies.getName.equals(processed)) {
  c = cookies[i];
  break;
  if (c!=null) {
  // already processed.
  // send error message and exit.
  // set cookie;
  c = new Cookie(processed , "yourdata");
  c.setMaxAge(-1);
  response.addCookie(c);
  // process as it is the first;

• HT1338 I'm trying to upgrade to the OS X lion, and it says I need to have a Intel Core 2 duo. I currently have a 2 GHz Intel Core Duo. How do I go about making the change? Any help would be appreciated, Thanks Kevin

  I'm trying to upgrade to the OS X lion, and it says I need to have a Intel Core 2 duo. I currently have a 2 GHz Intel Core duo. How do I go about making the change? Any help would be appreciated. Thanks, Kevin

  I was afraid of that.... Thanks for helping!

• How to restrict the user to change the project structure but not the documents?

  Hi,
  I have created one project assigning different users in Solution manger. I want to risitrict some of the users to change the project structure but simultaneously allwoing the project documents to be created, edited or deleted using solar01 under Project documentation tab. For that I have followed the steps provided in the follwoing link.
  http://wiki.scn.sap.com/wiki/display/SM/Howto+Restrict+Changes+to+Project+Nodes+to+Assigned+Team+Members
  I am able to restrict the users to change the project structure, but I am not able to allow access to the project documents. It gives me the message "You are not authorised to change the project". This fulfills my one of the requirements. But, Is there any way  to restrict the user to change the project structure but not the documents?. Any help will be apperitiated.
  Thanks,
  Rutvik Uapdhyay. 

  Hi Rutvik,
  Basically there are 2 different authorization role ...you should look for and customize as per requirement in Z* namespace.
  role  - SAP_SOLAR01_ALL
  this take care of objects in Solar01 like tab access etc
  role -SAP_SOL_KW_ALL
  this takes care of entire documentation within solman
  hope this helps
  Regards
  Prakhar

• How to Restrict the users from changing the Default variant of report.

  Hello everybody,
  The requirement is to restrict the users to save and overwrite  the default layout variant (Layout for higher managenet)set for the report, but at the same time they should be able to change and save the other layouts for which they are having access.
  I have written the logic in the program which is working fine for all the scenario when we execute the report. But the logic doesnt work if the user is selecting the layout on the output screen of the report.
  for e.g if the user runs the report using the layout varaint for which he is having the authorization then he gets the all 4 options so he then he can select the layout for which he is not authorized and he can overwrite.
  i have debugged and check as i have found that after the report output is shown all the layout paramater is controllled by the statndard SAP objects.
  Can anyone help me out in this issue.
  Thankyou in advance.
  *to get the default layout variant.
    w_save = 'A'.
    if p_vari is initial.
      clear disvariant.
      disvariant-report = sy-repid.
      w_variant = disvariant.
      call function 'REUSE_ALV_VARIANT_DEFAULT_GET'
        exporting
          i_save     = w_save
        changing
          cs_variant = w_variant
        exceptions
          not_found  = 2.
      if sy-subrc = 0.
        p_vari = w_variant-variant.
      endif.
    endif.
  *logic to check user authorization to change the layout setting.
    if p_vari = c_layout.
      if not sy-uname is initial.
        select single * from agr_users
                where agr_name = c_role
                and   uname    = sy-uname.
        if sy-subrc = 0.
          w_save = 'A'.
        else.
          w_save = ' '.
        endif.
      endif.
    endif.
  Regards,
  Satish.

  Hi Maine,
  Thanks for your reply.
  As you mentioned for your own program, you can control the parameter "I_SAVE", when calling "REUSE_ALV_GRID_DISPLAY".
  so already i have use the same logic and control the parameter through I_SAVE and here i am calling method ALV_GRID->SET_TABLE_FOR_FIRST_DISPLAY instead of "REUSE_ALV_GRID_DISPLAY".
  and it works fine when we execute the report but the logic doesnt work when the user tries to change and save the layout variant on the output screen of the report.
  Regards,
  Satish

• How to restrict a user to change his/her account information?

  Hi,
  I want to restrict some users so they can't change their account
  information (password, name, homepage, etc.).
  Any clue?
  TIA

  This is an interesting issue because we want to allow our end users to enter account information such as contact info, address, email, etc. However, we do not want to allow them to change their default group and home page setting or mass confusion will happen. There has to be a way to do this!!
  -Dave Bergman-

• User making direct changes to PRD system

  My enviroment is ERP 6 ABAP /Oracle 10G/Solaris 10
  Some of my superusers are fond of making direct changes to PRD (as opposed to DEV & then transport via the landscape) though changes in  PRD system  have been restricted through  client change options SCC4 & system change option SE06
  I suspect the said users have ROLE with powerful authorizations that they ought not to have.
  Kindy advice what I should look for the users roles or how I can go about to harden PRD system aganist direct changes
  Thanks
  Edited by: Andale J on Sep 29, 2010 12:10 PM

  Hi BAIGSA
  Creation of roles is down to the security policy already in place unless you are lucky enough to be in at the beginning and can define how all roles are to be built in future.
  Mostly, you arrive at a client's site and have to adapt to their authorisation concept.
  You may find that function (module based) roles are inplace or that job roles (either multiple singles assigned directly or via composites or a one role does all) has been set up.
  Remediation of module based roles can be a really pain if they were built with too many transactions included - user group/job roles are far easier to remediate but this depends on the policies in place - inactive objects etc)
  I haven't enough information to understand what the changes are that have been made in prod to help - you need to review those changes and formulate a strategy which the business agrees to to resolve.
  Kind regards
  David
  Edited by: David Berry on Oct 3, 2010 8:30 PM

• How to restrict the user from accessing other screens before submittingdata

  Hi All,
    I have some screens developed in Webdynpro ABAP and all these have been linked to Portal as pages. In Portal If i click on the link in detailed navigation i can see the corresponding screen on the right side. Now in one screen i have to input some data and submit the data, Now my problem is if i enter some data and before submitting the data if i click on any other link in the detailed navigation, that corresponding screen is opening and all the data of the previous screen is lost.
  Can any one suggest me, how can i restrict the user from accessing other screens before submitting the data of that screen from portal perspective.

  Hi Prasanna,
  The pages can be restricted from the user access by using the ACL permission or you can restrict the page by making invisible in navigation area which you do not want to show to the user . Open the page properties and select navigation category in the drop down and select the Invisible in navigation area property to yes.By default this property is No.Change the property for all pcd pages which want to hide from user access.
  Hope this helps you...
  Regards,
  Rudradev Devulapalli
  Reward the points if helpful....

• How to restrict a user typing a custom value in the dDocAccount field.

  I have dDocAccount field drop down pre-populated with 2 values - Dept1, Dept2. However, user can able to type any other values (say Dept3) in the account text box and checkin a doc from WCC UI. How to restrict user from entering custom values?
  As an alternate solution - for time being i have the above account field is set as hidden using rule. I am trying to derive the account value from another one field's value (say Departments field with values Dept1, Dept2). I tried below code and found working:
  Department is a custom field created as option list with values Dept1, Dept2
  Under the Rules, for the field dDocAccount, is derived field checked and added below code
  <$dprDerivedValue=#active.xDepartment, getValue("#local","dOption")$>

  Hi,
  If Department is a custom metadata then you should access it like xDepartment(as any other custom metadata), not dDepartment.
  I know it is also possible to change the HTML that is generated for the dDocAccount field, to add javascript validation and so on, maybe this approach plus some additional JS and HTML twists and you should get it working(via component development).
  Hope it helps,
  Vlad