Keep users from deleting own attachments

Our requirement from management is to allow no one to delete an attachment.  We have found a way to keep anyone from deleting another users attachment, however, even though we have not granted them any authorization, they still are able to delete their own.  We have checked note 49127 and looked at t-code SGOS, but don't see anything that appears to prohibit attachment deletes.  We have removed S_OC_ROLE from all roles, but when we did an authorization trace the authorizations were: S_OC_ROLE=ADMINISTRATOR  and S_GOS_ATT= BOROBJTYPE=BSEG;ACTVT=06 (Delete) however, in the the only role the user has S_OC_ROLE does not exist and S_GOS_ATT = BOROBJTYPE= BSEG;ACTVT=02 (Change).  Where is the authorization coming from?

in the the only role the user has S_OC_ROLE does not exist and S_GOS_ATT = BOROBJTYPE= BSEG;ACTVT=02 (Change). Where is the authorization coming from
Check the below points
1. In trace return code is 0?
2. If yes to 1st question then user must have this authorization through a role.
3. As you said that user has only 1 role then check if the user is having any manually added profile in profile tab
4. If yes, then compare user buffer then simulate test again
If all the above option fail then service.sap.com might be the place where you need to go
Reg,
Arpan

Similar Messages

  • Prevent user from deleting rows from all tables in his own schema

    Hi,
    How can I prevent user from deleting rows in all tables in his own schema.
    I want the user to not able to delete rows from any existing or new tables that might be added in the future.
    The user does not have the "DELETE ANY TABLE" system privilege.
    Please advise.
    Thanks.

    Nowadays, I'd also avoid triggers (if possible).
    Sometimes, when I daydream, I'm rewriting a few applications that I've contributed to as a newbie, and I'm very ashamed of it nowadays.
    From what I've experienced, in retrospective, the emphasis on teaching 'Oracle stuff' has been lying far too much on PL/SQL row-by-row oriented processing instead of letting Oracle 'crunch' sets at once.
    Most of my debugging hours ended up in discovering one or more database triggers 'doing stuff automagically'.
    Another nice blogpost: http://rwijk.blogspot.com/2007/09/database-triggers-are-evil.html
    Regarding OP's question:
    I would just rethink/reconsider this requirement completely.
    Correctly implementing privileges and roles seems the best way to go, yes.
    Triggers? Nah...
    pre-post-edit, noticed thread got updated just before posting
    Don't know what you mean with 'namedropping', but I think it's legitimate to point other readers to interesting Oracle related opinions/articles that do have a technical background and lots of interesting examples.
    post dreaded OTN outage edit (from here)
    Again: I would just rethink/reconsider this requirement completely.
    Both trigger/vpd are being used to hide a design flaw here.

  • Restricting the user from deleting a personel number

    Hi All,
    Can anyone help me in restricting the user from deleting a personel number.
    Thanks & regards,
    Venkat

    Hi Venkat,
    The utility menu will ultimately calls to PU00 so it doesnt matter , system wont allow him to delet.
    You can try it out in quality if you want.
    Award points if useful
    Regards,
    Bhupesh Wankar

  • How to secure the users from deleting the work items

    Hi all,
    I have a question like this.........whether we could secure the users from deleting the work items by someone in the Project and also assigning a specific user to allow them to delete the idoc. 
    Please help me on this as this is critical.........
    Thanks in advance
    Chakri

    One of t he possible way is, ask the basis team to create users as Service Users and you can determine whether the login user is whether a service or dialog user  by using the a bapi BAPI_USER_GET_DETAIL under the exporting parameter logondata with field USRTYP where if the logged in user is Service user then this field will be populated as S if the user is a dialog user then it will be populated as A.
    Now in more efficient way of fixing this is get the list of users for whom you donot want to give the authorization of deleting workitems and assign the appropriate role for all the listed users...
    for roles and authorizations i hope the basis team is the right team to consult....

  • How to prevent certain Users from deleting a resource while in the project?

    We are currently using P6.2 client; We are setting up a new resource dictionary and have been searching to find a way to prevent certain users from deleting resources while in the project. Is there a way to do that? I have created Global profiles and Project profiles under the Admin security profile and have tried clicking off of rights to delete a resource but when I log into as that user I can still delete the resource. Please Help!

    Are you talking about preventing users from deleting resource assignments within a project? Or preventing them from deleting resources from the global resource dictionary?
    For global resource dictionary in Global Profile you would turn off:
    -Delete Resources
    And likely:
    -Add resources
    -Edit Resources
    -Edit Roles
    -Edit Resource Calendars
    For resource assignments on activities in Project Profiles you would turn off:
    -Add/Edit Project Activities Except Relationship
    Note: this will disable more then just the ability to alter resource assignments.

  • How to restrict a user from deleting a PO

    Dear All,
    I have to restrict some users from deleting a line item in PO. They will be authorised to create & change the PO but they must not be able to delete the line item.
    Further it would be more helpful if it is possible to restrict them from deleting one perticular type of  PO(ex-Capex PO). They can change a capex PO but can not delete it.
    Any of the answars will be highly appreaciated.
    Regards
    Rutabhadra Panda

    Hello,
    Speak to your basis guy, put if you have created Capex PO as a particular document type, then maintain authorisation object M_BEST_BSA (Document Type in Purchase Order) and activity 06 delete.
    You may find that delete is still possible through activity 02 change, so you might need to maintain different roles depending on what you need.
    Thanks.

  • HT201320 how to keep iphone4 from deleting mail in the server

    Ok, I have an iPhone 4 and it is a great phone but I nee to keep it from deleting my  mail in the server.

    Settings > Mail > Your Account > Advanced > Delete from Server > Never
    With this settings your phone will download new mail an leave the original on the mail server. You can delete mail from your phone but it will remain on your server until you delete manually or have a different device delete it.
    And if it's a POP account, it will never delate

  • Blocking users from deleting chat history

    I am a system admin and our users are suing skype IM. Some users are using the skype IM for their personal use. We want to view all the chat history of all the skype users. So, I want to block the users from deleting the skype chat history.

    Any chance anyone from Skype can respond to this??  The lacking control over skype as a system admin is the main reason Skype is lacking adoption in the enterprise.  We need a simple chat and video call solution both internally and externally but Skype might be out automatically if there is no way to control the chat history.  Primarily we need to stop users from deleting the history, and the ability to retrieve the history remotely.

  • Prevent user from deleting PO

    1. Is there a way to prevent the user from deleting the PO item if GR/SA had been done for service PO. (Just like how the system behave for material PO - Message 06 115).
    2. We also want to prevent the user from deleting the PO item if GR/SA and IR had been done for service and also material.
    Please advice. Thank You.

    1.Is System allowiing the user to DO ?
    2.User Deleting only Items ?
    if So then u have to activate User Exits or BADIs.
    Regards
    Peram

  • Prevent user from deleting someone else data

    I have a table
    create table T(
    infoID number primary key,
    info varchar2(4000),
    user varchar2(1)
    and users a,b,c with object priveleges on table T.
    What is the best way to prevent user from deleting someone else data?
    1. Create a view for each user to interacat with ( where user='a') and revoke privileges from table T.
    2. Use procedures or trigers to catch a bad user.
    3. ?

    Leo is certainly correct that VPD will solve the issue you have described. however another option also exists without the need to create a separate view for each user (as you described) or the use of VPD, the option would be to do something like the following.
    create user ownera identified by ownera;
    create user usera identified by usera;
    create user userb identified by userb;
    create user userc identified by userc;
    grant connect, resource to ownera;
    grant create view to ownera;
    grant connect to usera, userb, userc;
    conn ownera/ownera
    create table mytable ( id number primary key,
    userid varchar2(8) not null, mod_date date not null, text varchar2 (100));
    create sequence mytable_seq;
    create or replace trigger biu_mytable_trg
    before insert or update on mytable
    for each row
    begin
         select mytable_seq.nextval into :new.id from dual;
         :new.userid := user;
         :new.mod_date := sysdate;
    end;
    create or replace view v_mytable as
    select * from mytable where userid=user;
    grant select, insert, update, delete on v_mytable to usera, userb, userc;
    try inserting and selecting as the various userX users.
    Good luck.

  • Stop user from Deleting Staffing Data

    Hi Friends,
    We are implementing cProjects.  We need to control Deleting of Staffing from a project, because the deletion of staffing record is a hard delete.  The data is removed from the staffing tables of cProjects.  So if someone is staffed, data saved and then is deleted we are not able to capture this information as who was staffed earlier whose record is no more now.
    When some user changes the staffing dates, we are able to capture this in the BADI DPR_ATTRIBUTES, as the check method gives us the old attributes of the record as well as the new one that has been changed.
    But if some staffing is deleted, the DPR_ATTRIBUTES does not indicates
    through some variable that delete action has been performed for a
    record.
    Request you to suggest which BADI shall be implemented to capture
    Delete staffing data event that brings in the role that is being
    deleted such that we can stop the record from deleting in case we want to do so.
    We are very near to go-live and have already missed two deadlines till
    date, so request you all to help.
    Regards, Sandeep

    Hi,
    the BAdI DPR_ATTRIBUTES also has a method called DELETE_CHECK, this is called when staffing is deleted (called in class CL_DPR_PARTICIPANT and method DELETE_CHECK), so you could implement your own logic here.
    Regards,
    Silvia

  • Restrict users from saving own search in existing Named Searches

    Hello,
    I have created some Named Searches that will be used by the MDM users. These users are only allowed to use these named searches (in their search selections) but they are not allowed to 'overwrite' any of the named searches by their own search criteria.
    How can I prevent the user from 'overwriting' the Named Searches? 
    Because even when I set the user role to "None" for all functions and "Read-Only" for all tables and fields, the user can still make their own search and Save that as Named Search (and thus 'overwriting' the existing Named Search which impacts also the other users that make use of these Named Searches).
    We are using MDM 5.5 SP5 (5.5.42.106).
    Or is this an autorisation bug in MDM?
    Thanks for your answers!
    Regards,
    Marcel

    All,
    Just for your information:
    We have upgraded to MDM 5.5 SP06 Patch 3 (build 5.5.63.57) and they have introduced new role feature to protect named searched to be overwritten (see also release notes of patch 3 - OSS Note 1234675).
    So you can now change the Role (in MDM Console) and under section MDM Data Manager, you can set None or Execute for the function of Saving a Named Search.
    If you set it to None, then the menu option in the MDM Data Manager of saving an search as a Named Search (and hence overwriting the named search) is greyed out. Only when you set it to Execute (which is automatically set during upgrade to thi snew version when the role has set it's Default function to Execute), then the user can overwrite the named search with his own search.
    So, issue solved!
    Regards,
    Marcel

  • Project Online - Can't Delete Resource and User from Delete Enterprise Objects

    I would like to link a resource account to a user account but I ran into an error: "The resource account
    is already in use.".  This is a known issue which I attempted to resolve by following the instructions in KB2881398.
    However when deleting the selected resource from Delete Enterprise Objects I get a message indicating success ("The
    selected Resources and Users have been deleted.") but the duplicate user is still in the listing in Delete Enterprise Objects and when attempting to link the remaining resource to a user logon account I still get the error
    "The resource account is already in use."
    Why is the user not deleted even though Delete Enterprise Objects reports success and how can I delete these duplicates to be able to successfully link the account?

    Hi,
    This might be due to your Exchange Sync issue, where your project workspace is unable to delete that user from local DB. Try following steps to diagnose the problem:
    1) Go to your Resource Pool, DELETE a resource.
    2) While resource is being Deleted, open another window 
    Server Settings -> Manage Queue Jobs
    3) Here you can view the progress of your current Resource Deletion update, check if all goes smooth and your Resource is deleted successfully by showing process completion 100% :
     ( to view any error look at the
    last column of table on Manage Queue Job page)
    4) Cross check your Resource by running Resource Availability Report.
    Basically this will give you a fair idea of your resource deletion problems and how system is responding to it.
    Regards

  • Prevent user or users from deleting emails in Outlook or OWA?

    Dear,
    I have a question, I have Exchange 2013 SP1, how I can prevent user/s from deleting emails (specifically sent items) from Outlook or OWA?
    Thanks
    Regards

    Hi,
    In your case, you can enable litigation hold for these users in your Exchange 2013 server. If you want to place all mailboxes on hold, you can use the following cmdlet:
    Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -LitigationHoldEnabled $true -LitigationHoldDuration 2555
    For your reference:
    Litigation Hold and In-Place Hold in Exchange 2013 and Exchange Online
    http://blogs.technet.com/b/exchange/archive/2013/12/11/litigation-hold-and-in-place-hold-in-exchange-2013-and-exchange-online.aspx
    Hope this can be helpful to you.
    Best regards,
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Amy Wang
    TechNet Community Support

  • What is "database.sqlite3"? It's keeping me from deleting my trash.

    What is "database.sqlite3"? It's keeping me from empting my trash can.

    Hello:
    I have no clue how you got that on your computer - it is not installed by OS X.
    http://www.fileinfo.com/extension/sqlite3
    In any event, try emptying the trash while holding the option key down.
    I use a little utility called "Cocktail" for really tough trash problems (be careful if you use Cocktail, it has very powerful capabilities).
    Barry

Maybe you are looking for

  • Magic Mouse continually fails to left click, and keyboard problems

    Since my Yosemite 10.10.1 update, my mouse, and keyboard keep failing periodically. After a nights sleep, when I try to open a program, by left clicking, it will occasionally only right click. Being able to left click, is very crucial, even more then

  • [solved] Template virtual function in C++

    I know this isn't legal C++ due to the compiler not being able to determine how big exactly the vtable is. I'm looking for alternatives. Basically, I have an abstract base class defining the interface for a set of derived classes. One of the function

  • Problem with the enter key

    I am facing a problem when I press enter key on any control like buttons, menus etc., The event get transferred to the parent container. It results in very weird behavior. For example I am showing a right click popup on a button, and when I hit enter

  • Wireless button(f12) for 15-r007TX not working

    Heloo Team! i bouht a new Hp 15-r007TX(DOS) a few days back i installed windows 8.1 in it and simultaneously insgtalled all the drivers available at this site(http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?os=4158&lc=en&cc=us&dlc=en&sw_lang=&pro

  • Table Control not displaying selected data

    I have 2 screens, screen 100 is the selection screen where i select the data to be displayed and 300 is my table control.  When I select a single airline in screen 100, it displays all the airlines in my table control in screen 300, how can i fix?