ORA-26723: user "STRMADM1" requires the role "DBA"

Similar Messages

• User cannot see the roles in the portal

  Hi,
  We have a users who uses portal for his reports. Today he executed a report which took more time. since then onwards when ever user logon to the portal he doesnt get any thing loaded on the page in his system but when the user logon on the other system he get all the roles assigned to him. so i guess there might have been some problem on his pc when he executed report with lots of selections.
  Did anyone had this issue earlier? How can we fix that issue on his PC?
  Thanks
  annie

  Hi
  thanks for your replies.
  We have restarted the PC twice, but still the problem exists.
  I have deleted the cookies and tried and it worked.
  thanks
  Annie

• How to get the obiee dashboard secuirity in adf to assign the roles in adf for users

  how to get the obiee dashboard secuirity in adf to assign the roles in adf for users

  thanks Benjamin...
  my present requirement is pull Role to Dashboard mapping from OBIEE Catalog
  in my project we are going to restrict the users and assigning the roles from adf.
  Pls Help me..

• Roles for the user to Edit the Dimension without being an administrator

  Dear Users,
  I have a query based on Planning security.
  I want the user to edit the dimensions and members in planning application. However, the user cannot be administrator.
  I have created a user and assigned the role of "Interactive User" on Planning roles and of "Dimension Editor" on Shared Services access. With this provisioning user the "Administration-->Dimension" is grayed out for the user.
  Please suggest if roles can be assigned to the user in order to Edit the Dimension without being an administrator?
  Regards,
  Praveen.

  I am sure this question gets asked over and over, they need to be an administrator.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Issue with the ROLES in Precalculation of WebTemplate in Reporting Agent.

  HI BWers,
  I am having trouble in understanding the functionality of ROLES and USERS in the Reporting Agent.
  My goal is to pre-calculate WebTemplate,so the users can get the data results based on their ROLES.
  -> When I select ROLES under Authorizations in Reporting Agent; my understanding was it will just pre-calculate the WebTemplate based on Roles. But, when I look at the job details its doing for the Users. I opted for   ROLES because I have 10-Roles and 100-Users, so the job runs for only Roles.
  -> I don't want to select the Users, as it will take longer time and uses lot of system resources.
  Can I just run for ROLES, for that under Authorizations in Reporting Agent do I need to select Precalculate User-Specifically and Select ROLES or just selecting ROLES will do. I tried both, just selecting ROLES is not working and selecting Precalculate User-Specifically & ROLES is not yielding the required results.
  Could you please throw some light on it, I am on BW 3.5 & SP15.
  Any help will be highly appreciated.
  Regards,
  swordfish.

  Hi,
  If you choose the Precalculate by User option, all the data and HTML pages for the Reporting Agent setting are precalculated for each of the selected users in a single job. This applies in both the cases: Roles or users. When you specify a role after selecting the option 'Precalculate by User', the precalculation will be done for all the users assigned to that role and not the role.
  Roles/Users is just 2 different ways of giving the user restriction. If you specify the roles, the system will precalculate for all the users assigned to the role. If you have few users for whom you want the precalculation to be done, then you can specify the user IDs. If you have many users assigned to a particular role for whom you want the precalculation to be done, then you can specify the role.
  Regards,
  Shilpa

• What is the Role of SAP PI in SAP SRM?

  Hello Gurus
  I'm from SAP-XI background.
  In my project I need to create a scenario from SRM ---> PI/XI ---> MDM.
  I'm having the below queries regarding this scenario.
  1) Do I need to download the "XI CONTENT for SRM SERVER and import it into PI server.
  2) If so what is the exact location in the service market place from which I can download
  3) What are the steps that need to be done between SRM and PI and also in SLD so that data will be sent from SRM to PI.
  Can anyone answer my queries.
  Thanks and Regards,
  Pruthvi

  Hi Pruthvi,
  Mentioned below are the list of output medium for SAP SRM.
  1. Email.
  2. Fax.
  3. Print.
  4. XML.
  Whenever SRM want to send data to another system in XML format and if you are not using SOA then PI is very much required to transfer the XML data to the target system. When you integrate  SRM with ECC 6 EHP 4 or higher version then many documents are transmitted in XML format only and XML document is sent out of SRM using ABAP Proxy.
  Since the XML data is sent out via ABAP proxy you have to import the integration objects for SAP SRM into SAP NetWeaver PI. you can find the same in the below location.
  https://websmp103.sap-ag.de/~form/handler?_APP=00200682500000001943&_EVENT=DISPHIER&HEADER=N&FUNCTIONBAR=Y&EVENT=TREE&TM…
  Steps involved :
  1. Deploy the integration objects of SAP SRM into SAP NetWeaver PI.
  2. Update the SLD with new business system data.
  3. Check Active Process Integration in the transaction SPRO in SRM .
  4. Go through the below steps :
       1) One RFC of type H to point to PI with all the details.
       2) Define the role of the business system in the server that you want to see(Sxmb_Adm)
       3)Connection between Business System and System Landscape Directory.
       3a)RFC destination LCRSAPRFC of type T for SLD connection.
       3b)RFC destination SAPSLDAPI of type T for SLD connection.
       4)Maintain the SAP J2EE Connection parameters for LCRSAPRFC and SAPSLDAPI in SAP J2EE      Engine
       5)Maintain SLD access details in Transaction SLDAPICUST.
       Please refer the section 1.3.1, 1.3.2, 1.3.3 and 1.3.4 in the document(as linked provided below)
  SLDAPICUST should point to the SLD host server. If you have a central SLD installed on the Dev server, then it is ok that it is using the host and port of the Dev server.
  PIAPPLUSER is the normal user that is used in trx SLDAPICUST (the user must have the role SAP_XI_APPL_SERV_USER).
  'Lastly, will the gateway Server of SAPSLDAPI and LCRSAPRFC will be the same for both DEV and QAs systems in XI?'
  5. Make the necessary confirmation in Integration directory for the relevant interfaces.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70066f78-7794-2c10-2e8c-cb967cef407b?quicklink=index&…
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e0ac1a33-debf-2c10-45bf-fb19f6e15649?QuickLink=index&…
  Checking XI Settings - mySAP SRM: Basic Settings - SAP Library
  Regards,
  Suresh

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •             B_BUPA_GRP
  •             B_BUPA_ATT
  •             B_BUPA_FDG
  •             B_BUPA_RLT•       
  Authorization objects for relationships:
  •             B_BUPR_BZT
  •             B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• Grant role DBA with Database Vault

  Hi all,
  I need help granting the role DBA to a user with Database Vault option installed. I created a user account and I need that this user be able to do all the things that a regular DBA role can do. I can't find a way to do this in Database Vault... any help will be appreciated.
  Thanks!

  Sysdba can issue powerful statements such as create user, drop user, alter user, create profile .. and so on... can be done only if it is allowed so by modifying the Can maintain accounts/profiles rule set.
  You can also login with dvsys account but that account is locked after installation. So unlock it with
  alter user username account unlock; command. And be aware that ANY system privileges are blocked in protected schemas. You can try to grant the following roles in DB Vault := DV_OWNER, DV_REALM_OWNER, DV_REALM_RESOURCE, DV_ADMIN, DV_PUBLIC, DV_ACCTMGR, DV_SECANALYST
  Following can help you
  SELECT TABLE_NAME, OWNER, PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE = 'DV_ACCTMGR';
  SELECT PRIVILEGE FROM DBA_SYS_PRIVS WHERE GRANTEE = 'DV_ACCTMGR';
  Regards
  Karan

• How can download the roles from one system and upload them into another  ??

  Do anyone have the solution ..... ......it  very  important.

  Hi,
  Visit [Role Maintenance Functions|http://help.sap.com/saphelp_nw04/helpdata/en/e4/15e48efd6c11d296430000e82de14a/content.htm] in section Download/Upload.
  To avoid inconsistencies, all roles from which a role is derived are also downloaded. When you download composite roles, all the roles which they contain are also downloaded.
  When you upload a role, all role data, including authorization data is uploaded from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case. You must therefore regenerate the authorization profiles after the upload.
  Mass Download:
  Save several roles on the PC.
  You can choose on the selection screen whether you:
       Also want to transport the single roles contained in the selected composite roles (Customizing switch ADD_COMPOSITE_ROLES in table SSM_CUST)
       Also want to transport the generated profiles for all single roles (PROFILE_TRANSPORT in table PRGN_CUST)
  You can define the default setting for both options using the value in the Customizing switch. If you explicitly set a switch to NO, the option in question on the selection screen is not active. Otherwise, it is active.
  Regards,
  Srilatha.

• What privileges or role is required for user to acces the explain plan?

  Hi mates,
  Can anyone pls tell me what privileges or roles(grants) are requred for a user to access the explain plan in oORACLE 8i 8174..
  I think the select any dictionary is not valid for explain plan accessibility in 8i.
  Cheers.

  I already had that... Just that a user (not a dba) requires access to the explain plan and I dont want to grant him a dba role.
  Are you aware of any other grant I can give to the user?

• During import ora-01917 user or role does not exist "High Priority"

  Hi,
  When i import the data the following error occured.
  imp system/[email protected] fromuser=dmv_ace_ruh touser=dmv_ace_ruh file=F:\dmvaceruh.dmp log=F:\dmvaceruhimp.log ignore=y
  fromuser=dmv_ace_ruh (exported by another database i.e database name is ACE)
  OS = Sun solaris
  touser=dmv_ace_ruh (database name is SAI)
  OS = windows server 2003
  Database Common 10g
  Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP and Data Mining options
  Export file created by EXPORT:V10.02.01 via direct path
  Warning: the objects were exported by DMV_ACE_RUH, not by you
  import done in AR8MSWIN1256 character set and AL16UTF16 NCHAR character set
  export client uses WE8MSWIN1252 character set (possible charset conversion)
  . importing DMV_ACE_RUH's objects into DMV_ACE_RUH
  . . importing table "DMV_COVER_RISK_SMI_DISC_LOAD" 0 rows imported
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT ALTER ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT DELETE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT INDEX ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT INSERT ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT SELECT ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT UPDATE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT REFERENCES ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT ON COMMIT REFRESH ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT QUERY REWRITE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  Regards
  S.Azar
  DBA
  Edited by: azarmohds on Oct 5, 2009 5:11 AM

  oradba wrote:
  What's not clear with this error message? The mentioned role ''PREM_ACE_RUH' does not exist in the target database. So granting privileges to this role cannot work.
  Werner''PREM_ACE_RUH' this is one of the user of ACE database. but i exported DMV_ACE_RUH user data only...
  but i cannot import the dmv_ace_ruh data to same user name of SAI database..
  regards
  S.azar

• What are the roles need to add for webservice user in SAP ECC 6.0

  Dear SDNS,
  Can you please help me to understand , what are the roles needed to add while creating a webservice user in ABAP STACK.
  Really appreciate your immediate help and response.
  Thanks and Regards.
  Suraj

  Hi Suraj,
  Please refer to this link & apply the role/s as per the requirements for the web service user:
  [http://help.sap.com/saphelp_nwpi71/helpdata/en/2b/07074155bcf26fe10000000a1550b0/content.htm]
  Best Regards, Trevor

• What are the roles required for MSS

  What are the roles required for MSS in R/3.
  I have created ESS roles. But need to find for MSS.
  I am able to see the PERNR in ESS on portal which created in R/3.
  I need to get my staff on portal.
  What config is required for this.
  MSS User.

  HI
  you will  have to create manager as portal role and assigned to them  necessary worksets containing necessary worksets  look into the PCD in migrated content and line *?? folder you will have necessary ESS and Mss packages. and all configs is related to iviews system properties and transactions  and applications you need to do it .please do not forget to give points
  with regards
  subrato kundu

• Removing the responsbility of user maintenance from the DBA

  Suppose you were working with a customer whose DBAs refuse to be involved with user maintenance, i.e. creation and deletion of users, password maintenance, role and privilege assignment etc. What technology and/or approach would you recommend?
  Some random thoughts along this line:
  1. Ask the DBA to create one user with CREATE USER and ALTER USER privileges, and give that user access to SQL*Plus so that he can run the queries to create and maintain users himself. Obvious downside: Someone else has to know SQL, at least a few SQL statements, or have a custom user interface built for them that wraps the SQL statements. Is this really such a bad solution?
  2. LDAP or OID. I don't understand enough about either of these two technologies to truly be able to discuss the pros and cons. How exactly do they work in a Windows network envionment, perhaps one with or without Active Directory and/or Windows Groups? Can they really allow someone other than the DBA to create users, maintain passwords and maintain roles and privileges? If so, doesn't the person in charge of assigning roles and privileges to users have to have CREATE USER or ALTER USER privileges anyway? Really, why would this be such an improvement over solution #1?
  3. Any other approaches and/or experiences along this lines anyone wouldn't mind sharing?
  Appreciating any and all insights,
  DTXCF

  THanks sybrandb.
  On #2, suppose the application is set up in such a way that by default all of the security is handled in the database, i.e. when the application is installed and the scripts run to create the database it creates roles like these:
  cst_role_product_editor
  cst_role_product_admin
  cst_role_product_viewer
  cst_role_order_viewer
  cst_role_order_admin
  cst_role_order_editor
  cst_role_store_viewer
  cst_role_store_editor
  cst_role_store_admin
  in other words, for each object type in the database (stores, products, orders, coupons, catalogs etc.) all of these roles are created at the database level, and by default, each individual user has to be created using a CREATE USER command with the proper roles assigned.
  If I take an application like this to the client and they say they want to implement LDAP and/or OID, when the people who create these users outside the database as you mention,
  1) Does it create any additional actual Oracle users, and
  2) Can LDAP and OID handle actually assigning these users to specific Oracle roles?
  And one more question - can you explain what exactly is a proxy account to a rookie like me who thinks proxy sounds like the name of a night club you'd find in Las Vegas?
  Sorry to impose so much but I do appreciate the help.

• OBIEE 11g issue - same user assigned to the multiple application role

  Hi All,
  We are facing an issue when assigning a user to the multiple application role and applying the data level filter on the different column of the same table.
  For example, we have a table Department with three columns Department No, Department name, Department location.
  Application Role A1 and A2 are created.
  Data Level security Applied on the application role A1: Department Name='Finance'
  Data Level Security Applied on the application role A2: Department location='US'
  The user "User1" is created in LDAP and is assigned to both the Application roles A1 and A2.
  When logged in with "User1", none of the filters of Role A1 or A2 is applied in the report. If this user is assigned to only one role, either A1 or A2, then the filter is applied. It seems the filter will not be applied if a user belongs to multiple roles with data filter applied on the same table across these roles.
  Please reply if anyone has faced similar issue.

  Hi All,
  Regarding the above issue to update the analysis we came up that the user if assigned to the multiple group with the data filter applied on the same column of the table is getting an *"OR"* join.
  We had a requirement to get an "AND" in the query condition. Please let us know if any one faced the issue and the resolution of the same.
  Regards,
  Jyotshna