Read-Only Access to Specific SAP tables

Similar Messages

• Is it possible to give a user read access to an SAP table but to restrict it to a subset of columns?

  Hi,
  is it possible to give a user read access to an SAP table but to restrict it to a subset of columns?
  Thanks,
  Digesh

  Hi Digesh,
  If your requirement is to restrict the excess to specific rows it is possible to use S_TABU_LIN, but it works only for table which contains org units, like plant, company code, etc.
  Please search for S_TABU_LIN if this is your requirement.
  Otherwise please follow Alex's suggestion.
  BR,
  Mangesh

• Give user Read-Only access to one table in a database.

  Does anyone know how to give a user account Read-only access to 1 table within a SQL Server Database using SQL Server Management Studio? I don't want the account to be able to access any other tables in the database, just the one table. I'm not a sql programmer,
  so if there is a way to do it in Sql Server Managment Studio settings that would be the best.

  Using Management Studio, I assume you already have a login and user for that person. If not,
  How to: Create a SQL Server Login http://msdn.microsoft.com/en-us/library/aa337562.aspx
  How to: Create a Database User
  http://msdn.microsoft.com/en-us/library/aa337545.aspx
  1. Then, in Object Explorer, expand the Database, expand
  Tables, right-click the table you want, and then click
  Properties. 
  2. On the Permissions page, under Users or Roles, click
  Search, then Browse, etc, until you find the user. Click
  OK until you are back to the Permissions page.
  3. In the Permission for <user>section, find the
  SELECT (that's the read permission) and click the Grant
  box. Then click OK.
  Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

• Read only access to J2EE related tools

  Hello,
  I would like to help our auditors access everything they need to check in the Java systems, but I am not ready to give them ADMIN accounts. That`s why I need some kind of read only access for them.
  So I would like to ask you if there is a SAP Note about the read only access roles for J2EE/ Java AS?
  I am afraid there is no such note available, so can anybody share any experience with granting read only access to the Java system? I know how to grant access to the whole NWA, but what about the rest?
  Examples:
  - is there a way how to grant read only access only to the UME?
  - is there a role for read only access to the portal PCD?
  - is there something similar for KM access?
  Or has anybody ever tried to split the admin roles into smaller pieces? Is there a description/ document how to do such thing?
  Thank you for your time and effort,
  cheers Otto

  Hi,
  thanks for trying, but I can use help.sap.com and was on that page before.
  Maybe if there were any examples there or better: if the whole thing would be more granular (I see no point in using roles starting with SUPER, containing ADMIN or ending with ALL). I am looking for roles for surgery or for auditing. I don`t want to give anybody these super/admin/all roles just like that.
  If you can suggest how to use that page, that would be cool. Otherwise I see no use.
  By the way: another question of mine about surgery: How to restrict access to download/ upload UME configuration file
  I would like to know how to controla access to this specific feature, nothing else.
  Thanks for the time and effort,
  cheers Otto

• View read allows read only access

  Hi friends,
      I have created maintainance view, I am getting this warning " View read allows read only access , Maintainance not possible". So to avoid this, what should i do now.
  Thank you

  Hi,
  In Delivery and maintence check if the field Data Browser/Table View Maint. has the value delivery and maint allowed
  or delivery and maint allowed with restrictions.
  Regards,
  Rajesh Kumar

• How to configure Mailbox Read-Only access for Mailbox's owner on Exchange Server 2010?

  I have to configure the Exchange Server 2010's mailbox to only grant Read-Only Access on the mailbox's owners.  So they can only allowed to read their messages and cannot modify or remove them.  Are there any references or methods to do?

  Hi,alexchy8
  We can make use of 2 PowerShell commands to achieve this goal.
  Add-MailboxPermission and Add-MailboxFolderPermission.
  Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
  Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
  You can read the following article as reference:
  http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards.

• How enable read only access for ACS server itself

  Hi,
  We would like to know whether its possible to create a read only access to the ACS server. Currenlty ACS server has a generic login with full admin rights.
  We need to create a login to couple of users to log into ACS to check the "Report and Activity" tab. Access to all other tabs should be disabled.
  We are using ACS4.0 verison. Please let me know whether its possible.
  Thanks
  Nachi

  Hi,alexchy8
  We can make use of 2 PowerShell commands to achieve this goal.
  Add-MailboxPermission and Add-MailboxFolderPermission.
  Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
  Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
  You can read the following article as reference:
  http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards.

• Read only access of a full schema ?

  Hi all,
  Can i create a role having read only access of a full schema ?
  Thanks in advance.

  Can i create a role having read only access of a
  full schema ?The point here is that there is not a single command to perform this task, so you will have to do it on a per object basis. If you want to give access to the complete schema then it is advisable to create a script to grant on each table and on each view from the source schema. By providing read only to the full schema, I understand you are referring not also to the tables but also to the views, sequences, and may be stored program units, so you will have to properly define the scope of this 'full schema'.
  Once you have properly defined the scope and have granted, as suggested by means of a role, then you may want to create synonyms for each granted object, so you don't have to qualify it with the schema name prefix when the object is being accessed.
  ~ Madrid

• Read only access on abc scheema to all other users

  i want to give read only access on abc scheema to all other users. which command will be used.

  Hi
  Create a role first
  CREATE ROLE ABC_SELECTONLY_ROLE IDENTIFIED BY anypassword;
  Assign SELECT permissions to that role.
  spool c:\grantprivs.lst
  SELECT 'GRANT SELECT ON ABC.'||OBJECT_NAME||' TO ABC_SELECTONLY_ROLE;'
  FROM DBA_OBJECTS
  WHERE OWNER LIKE 'ABC'
  AND OBJECT_TYPE IN ('TABLE', 'VIEW');
  spool off
  @c:\grantprivs.lst
  Attach role to users (EXCLUDE USERS AS YOU LIKE. In this example we have excluded SYS, SYSTEM etc)
  spool c:\attachrole.lst
  SELECT 'GRANT ABC_SELECTONLY_ROLE TO '||USERNAME||';'
  FROM DBA_USERS
  WHERE USERNAME NOT IN ('SYS','SYSTEM',DBSNMP','SYSMAN');
  spool off
  @c:\attachrole.lst
  You may wish to create private synonyms for the users.
  CREATE SYNONYM USER1.TABLENAME FOR ABC.TABLENAME;
  Regards
  Adnan

• Granting Read Only Access to user in another schema

  Oracle Database 10g
  Red Hat Enterprise Linux Server release 5.3
  We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
  I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
  And some views are in INVALID status.
  I tried to compile them using alter view owner.viewname compile;
  But got this ---- Warning: View altered with compilation errors.
  Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
  Then I used the following
  SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
  select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
  It turns out some reference types are non existent.
  Does that mean DBAs cannot do anything about this ?

  Nilton wrote:
  We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
  I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
  TABLES -> YES grant SELECT
  VIEWS -> YES grant SELECT
  SEQUENCE -> YES grant SELECT
  INDEXES -> There is no read access for indexes...indexes are put on tables and a user who has read access on tables can read the index as well.
  FUNCTIONS / PROCEDURES / PACKAGES -> I am not sure what you mean by read access on procedures, functions and packages. You may grant EXECUTE privilege on these.
  TRIGGERS -> there is no read access on triggers required. They are implemented on tables for a DML event. If the user has DML access he has the execute access on the trigger as well.
  JOBS -> I am not sure what to read from Jobs.
  And some views are in INVALID status.
  I tried to compile them using alter view owner.viewname compile;
  But got this ---- Warning: View altered with compilation errors.
  Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
  Then I used the following
  SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
  select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
  It turns out some reference types are non existent.
  Does that mean DBAs cannot do anything about this ?There are compilation errors in the Views. e.g. the view may be referring to a table which doesn't exist etc.
  Unless you fix the error in the view you can't compile it and male it valid. Fix the view errors. If objects are non existing create them or refer to view to some where else.
  If the nonexistent objects were mistakenly dropped, or the data file which contained those objects was dropped, no matter what was the reason for that object to be gone a DBA can bring it back if he is a well prepared DBA and has setup his database for such kind of disasters.
  Now tell us why those objects are non-existent ? were they meant to be gone ? or they were dropped mistakenly?
  Now here are my guesses:
  If they were meant to be gone then probably the views definitions need to be adjusted not to refer them anymore.
  If they were mistakenly dropped then:
  Do you have them in recyclebin? (only tables) if YES just FLASHBACK TABLE <<tablename>> AS BEFORE DROP.
  Is your database has Flashback database ON? if YES FLASHBACK DATABASE until 'time/scn just before the object was dropped'
  Do you have backups and your database is running in ARCHIVE LOG mode? if YES perform an incomplete recovery using RMAN.

• Granting read only access

  Is there a way to grant read only access to all tables in a schema, rather than doing it for each individual table in the schema?

  I have a package that does something just like this, here is a snippit. It uses dynamic SQL to build the GRANT statements. I'm not sure if this is a 'best practice', but it works for me.
        --Find the tables to GRANT SELECT privileges on
        string_query := 'SELECT DISTINCT ''' || LOWER(schema_name) || '.''|| ' || 'table_name FROM all_tables WHERE UPPER(owner) LIKE ''%' || UPPER(schema_name) || '%''';
        OPEN c FOR string_query;
           LOOP
              FETCH c INTO table_name;
           EXIT WHEN c%NOTFOUND;
              --Build the GRANT string
              string_grant := 'GRANT SELECT ON ' || LOWER(table_name) || ' TO ' || UPPER(role_name);
              --GRANT privilege
              EXECUTE IMMEDIATE string_grant;
           END LOOP;
        CLOSE c;

• Istore User read only access

  Hi All,
  Can you please tell me how can we create read only users to istore (R12).
  is there any possibility to provide certain users with a read-only access?
  We have a number of internal staff & sales people across the business who have requested access to Istore. As this is for retailers and people placing orders against live accounts that interface into Oracle ,we want to give only read access to certain users.
  Thanks in Advance.

  hi,
  You can refer below document for what are the permission assigned to a user for displaying place order button and check out button.Using CRM HTML you have to create custom roles and assign permission to custom roles ,then you have to assign this role to that user doesn't need place order button.
  You have to create Custom roles like XX_READ_ONLY_USER and assign the permission for this user for istore.
  After select user management, search for the user and assign the custom role to the specific user.
  IBE_CREATE_ORDER
  Allows a user to submit a quote or cart as an order by pressing the Place Order button. If a user has this permission, ensure that he has the IBE_CHECKOUT permission as well, since without IBE_CHECKOUT the user will not see a Checkout button to enter the checkout phase.
  For more details check out below link
  [http://docs.oracle.com/cd/E18727_01/doc.121/e13575/T349071T351218.htm#T351225|http://docs.oracle.com/cd/E18727_01/doc.121/e13575/T349071T351218.htm#T351225]

• Avoid read-only access at physical standby

  Hi!
  DB=11.2.0.2
  when I start the standby with
  SQL> startup
  the db is open read-only.
  Is there a way to configure the db so that startup command only mounts the db and start redo apply?
  this is the config:
  DGMGRL> show configuration verbose;
  Configuration - w
  Protection Mode: MaxPerformance
  Databases:
  w_01 - Primary database
  w_02 - (*) Physical standby database
  (*) Fast-Start Failover target
  Properties:
  FastStartFailoverThreshold = '30'
  OperationTimeout = '30'
  FastStartFailoverLagLimit = '30'
  CommunicationTimeout = '180'
  FastStartFailoverAutoReinstate = 'TRUE'
  FastStartFailoverPmyShutdown = 'TRUE'
  BystandersFollowRoleChange = 'ALL'
  Fast-Start Failover: ENABLED
  Threshold: 30 seconds
  Target: w_02
  Observer: ora
  Lag Limit: 30 seconds
  Shutdown Primary: TRUE
  Auto-reinstate: TRUE
  Configuration Status:
  SUCCESS
  DGMGRL> show database w_02
  Database - w_02
  Role: PHYSICAL STANDBY
  Intended State: APPLY-ON
  Transport Lag: 0 seconds
  Apply Lag: 0 seconds
  Real Time Query: OFF
  Instance(s):
  w
  Database Status:
  SUCCESS
  br
  Daniel

  If Data Guard is setup correctly the application is not losing data, you cannot read from it, but it will apply logs:
  Ex.
  /home/oracle:STANDBY >sqlplus "/ as sysdba"
  SQL> select * from BIGSHOW.CUSTOMER;
  select * from BIGSHOW.CUSTOMER
  ERROR at line 1:
  ORA-01219: database not open: queries allowed on fixed tables/views only
  So even as the SYS user I cannot read from my test user's tables.
  ORA-01219 is expected when the standby is in this state.
  You can open READ ONLY if you have Active Data Guard, but generally that will cost you extra.
  OR, you can do thing to check your data:
  To open a standby database for read-only access when it is currently performing managed recovery:
  Cancel log apply services:
  SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL;
  Open the database for read-only access:
  SQL> ALTER DATABASE OPEN READ ONLY;
  At some point you have start the recovery again, you probably don't have an issue.
  If you want more peace of mind on this you have to setup a test Data Guard system and bang on it.
  Best Regards
  mseberg

• Role for system data dictionary read-only access

  [NOTE: this is for 9i]
  What grants must a role have to have read-only access to
  the system data dictionary tables (e.g.: ALL_SOURCE,
  ALL_OBJECTS, ...)?
  Or, is there somewhere in the docs that talks about this
  kind of role?
  Thanks in advance,
  Robert

  Well, the answer to your explicit question would be that it would need SELECT on each of the data dictionary views that do not have SELECT granted to PUBLIC. To find out what those are, you could do:
  SELECT table_name, privilege
  FROM dba_tab_privs
  WHERE grantee = 'SELECT_CATALOG_ROLE'however, it would probably be easier just to grant it SELECT_CATALOG_ROLE :-)
  John

• Read Only Access to Storage Container

  Is it possible to give Read Only access to a particular storage container without adding someone to Subscription and providing them the access key without anonymous request without going through SAS route

  By default, a container and any blobs within it may be accessed only by the owner of the storage account. If you want to give anonymous users read permissions to a container and its blobs, you can set the container permissions to allow public access. Anonymous
  users can read blobs within a publicly accessible container without authenticating the request.
  This link gives full details
  https://msdn.microsoft.com/en-us/library/azure/dd179354.aspx
  Frank