Read-Only Access to Specific SAP tables
Is it possible to grant a user read-only access to a specific table or tables?
For example, say I wanted to give someone SE16N capability for just EKKO/EKPO/EKBE and NO OTHER tables. Is this possible? How?
Thanks.
Hi,
as it was mentioned the transaction SE16N checks for authorization object S_TABU_DIS. The problem in your case is that the tables EKKO, EKPO and EKBE are already assigned to the authorization group MA - MM Appl. table. But there are many more tables assigned to this group. Changing assignment of standard tables is not a good idea.
Cheers
Similar Messages
-
Hi,
is it possible to give a user read access to an SAP table but to restrict it to a subset of columns?
Thanks,
DigeshHi Digesh,
If your requirement is to restrict the excess to specific rows it is possible to use S_TABU_LIN, but it works only for table which contains org units, like plant, company code, etc.
Please search for S_TABU_LIN if this is your requirement.
Otherwise please follow Alex's suggestion.
BR,
Mangesh -
Give user Read-Only access to one table in a database.
Does anyone know how to give a user account Read-only access to 1 table within a SQL Server Database using SQL Server Management Studio? I don't want the account to be able to access any other tables in the database, just the one table. I'm not a sql programmer,
so if there is a way to do it in Sql Server Managment Studio settings that would be the best.Using Management Studio, I assume you already have a login and user for that person. If not,
How to: Create a SQL Server Login http://msdn.microsoft.com/en-us/library/aa337562.aspx
How to: Create a Database User
http://msdn.microsoft.com/en-us/library/aa337545.aspx
1. Then, in Object Explorer, expand the Database, expand
Tables, right-click the table you want, and then click
Properties.
2. On the Permissions page, under Users or Roles, click
Search, then Browse, etc, until you find the user. Click
OK until you are back to the Permissions page.
3. In the Permission for <user>section, find the
SELECT (that's the read permission) and click the Grant
box. Then click OK.
Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty -
Read only access to J2EE related tools
Hello,
I would like to help our auditors access everything they need to check in the Java systems, but I am not ready to give them ADMIN accounts. That`s why I need some kind of read only access for them.
So I would like to ask you if there is a SAP Note about the read only access roles for J2EE/ Java AS?
I am afraid there is no such note available, so can anybody share any experience with granting read only access to the Java system? I know how to grant access to the whole NWA, but what about the rest?
Examples:
- is there a way how to grant read only access only to the UME?
- is there a role for read only access to the portal PCD?
- is there something similar for KM access?
Or has anybody ever tried to split the admin roles into smaller pieces? Is there a description/ document how to do such thing?
Thank you for your time and effort,
cheers OttoHi,
thanks for trying, but I can use help.sap.com and was on that page before.
Maybe if there were any examples there or better: if the whole thing would be more granular (I see no point in using roles starting with SUPER, containing ADMIN or ending with ALL). I am looking for roles for surgery or for auditing. I don`t want to give anybody these super/admin/all roles just like that.
If you can suggest how to use that page, that would be cool. Otherwise I see no use.
By the way: another question of mine about surgery: How to restrict access to download/ upload UME configuration file
I would like to know how to controla access to this specific feature, nothing else.
Thanks for the time and effort,
cheers Otto -
View read allows read only access
Hi friends,
I have created maintainance view, I am getting this warning " View read allows read only access , Maintainance not possible". So to avoid this, what should i do now.
Thank youHi,
In Delivery and maintence check if the field Data Browser/Table View Maint. has the value delivery and maint allowed
or delivery and maint allowed with restrictions.
Regards,
Rajesh Kumar -
How to configure Mailbox Read-Only access for Mailbox's owner on Exchange Server 2010?
I have to configure the Exchange Server 2010's mailbox to only grant Read-Only Access on the mailbox's owners. So they can only allowed to read their messages and cannot modify or remove them. Are there any references or methods to do?
Hi,alexchy8
We can make use of 2 PowerShell commands to achieve this goal.
Add-MailboxPermission and Add-MailboxFolderPermission.
Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
You can read the following article as reference:
http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards. -
How enable read only access for ACS server itself
Hi,
We would like to know whether its possible to create a read only access to the ACS server. Currenlty ACS server has a generic login with full admin rights.
We need to create a login to couple of users to log into ACS to check the "Report and Activity" tab. Access to all other tabs should be disabled.
We are using ACS4.0 verison. Please let me know whether its possible.
Thanks
NachiHi,alexchy8
We can make use of 2 PowerShell commands to achieve this goal.
Add-MailboxPermission and Add-MailboxFolderPermission.
Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
You can read the following article as reference:
http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards. -
Read only access of a full schema ?
Hi all,
Can i create a role having read only access of a full schema ?
Thanks in advance.Can i create a role having read only access of a
full schema ?The point here is that there is not a single command to perform this task, so you will have to do it on a per object basis. If you want to give access to the complete schema then it is advisable to create a script to grant on each table and on each view from the source schema. By providing read only to the full schema, I understand you are referring not also to the tables but also to the views, sequences, and may be stored program units, so you will have to properly define the scope of this 'full schema'.
Once you have properly defined the scope and have granted, as suggested by means of a role, then you may want to create synonyms for each granted object, so you don't have to qualify it with the schema name prefix when the object is being accessed.
~ Madrid -
Read only access on abc scheema to all other users
i want to give read only access on abc scheema to all other users. which command will be used.
Hi
Create a role first
CREATE ROLE ABC_SELECTONLY_ROLE IDENTIFIED BY anypassword;
Assign SELECT permissions to that role.
spool c:\grantprivs.lst
SELECT 'GRANT SELECT ON ABC.'||OBJECT_NAME||' TO ABC_SELECTONLY_ROLE;'
FROM DBA_OBJECTS
WHERE OWNER LIKE 'ABC'
AND OBJECT_TYPE IN ('TABLE', 'VIEW');
spool off
@c:\grantprivs.lst
Attach role to users (EXCLUDE USERS AS YOU LIKE. In this example we have excluded SYS, SYSTEM etc)
spool c:\attachrole.lst
SELECT 'GRANT ABC_SELECTONLY_ROLE TO '||USERNAME||';'
FROM DBA_USERS
WHERE USERNAME NOT IN ('SYS','SYSTEM',DBSNMP','SYSMAN');
spool off
@c:\attachrole.lst
You may wish to create private synonyms for the users.
CREATE SYNONYM USER1.TABLENAME FOR ABC.TABLENAME;
Regards
Adnan -
Granting Read Only Access to user in another schema
Oracle Database 10g
Red Hat Enterprise Linux Server release 5.3
We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
And some views are in INVALID status.
I tried to compile them using alter view owner.viewname compile;
But got this ---- Warning: View altered with compilation errors.
Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
Then I used the following
SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
It turns out some reference types are non existent.
Does that mean DBAs cannot do anything about this ?Nilton wrote:
We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
TABLES -> YES grant SELECT
VIEWS -> YES grant SELECT
SEQUENCE -> YES grant SELECT
INDEXES -> There is no read access for indexes...indexes are put on tables and a user who has read access on tables can read the index as well.
FUNCTIONS / PROCEDURES / PACKAGES -> I am not sure what you mean by read access on procedures, functions and packages. You may grant EXECUTE privilege on these.
TRIGGERS -> there is no read access on triggers required. They are implemented on tables for a DML event. If the user has DML access he has the execute access on the trigger as well.
JOBS -> I am not sure what to read from Jobs.
And some views are in INVALID status.
I tried to compile them using alter view owner.viewname compile;
But got this ---- Warning: View altered with compilation errors.
Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
Then I used the following
SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
It turns out some reference types are non existent.
Does that mean DBAs cannot do anything about this ?There are compilation errors in the Views. e.g. the view may be referring to a table which doesn't exist etc.
Unless you fix the error in the view you can't compile it and male it valid. Fix the view errors. If objects are non existing create them or refer to view to some where else.
If the nonexistent objects were mistakenly dropped, or the data file which contained those objects was dropped, no matter what was the reason for that object to be gone a DBA can bring it back if he is a well prepared DBA and has setup his database for such kind of disasters.
Now tell us why those objects are non-existent ? were they meant to be gone ? or they were dropped mistakenly?
Now here are my guesses:
If they were meant to be gone then probably the views definitions need to be adjusted not to refer them anymore.
If they were mistakenly dropped then:
Do you have them in recyclebin? (only tables) if YES just FLASHBACK TABLE <<tablename>> AS BEFORE DROP.
Is your database has Flashback database ON? if YES FLASHBACK DATABASE until 'time/scn just before the object was dropped'
Do you have backups and your database is running in ARCHIVE LOG mode? if YES perform an incomplete recovery using RMAN. -
Is there a way to grant read only access to all tables in a schema, rather than doing it for each individual table in the schema?
I have a package that does something just like this, here is a snippit. It uses dynamic SQL to build the GRANT statements. I'm not sure if this is a 'best practice', but it works for me.
--Find the tables to GRANT SELECT privileges on
string_query := 'SELECT DISTINCT ''' || LOWER(schema_name) || '.''|| ' || 'table_name FROM all_tables WHERE UPPER(owner) LIKE ''%' || UPPER(schema_name) || '%''';
OPEN c FOR string_query;
LOOP
FETCH c INTO table_name;
EXIT WHEN c%NOTFOUND;
--Build the GRANT string
string_grant := 'GRANT SELECT ON ' || LOWER(table_name) || ' TO ' || UPPER(role_name);
--GRANT privilege
EXECUTE IMMEDIATE string_grant;
END LOOP;
CLOSE c; -
Hi All,
Can you please tell me how can we create read only users to istore (R12).
is there any possibility to provide certain users with a read-only access?
We have a number of internal staff & sales people across the business who have requested access to Istore. As this is for retailers and people placing orders against live accounts that interface into Oracle ,we want to give only read access to certain users.
Thanks in Advance.hi,
You can refer below document for what are the permission assigned to a user for displaying place order button and check out button.Using CRM HTML you have to create custom roles and assign permission to custom roles ,then you have to assign this role to that user doesn't need place order button.
You have to create Custom roles like XX_READ_ONLY_USER and assign the permission for this user for istore.
After select user management, search for the user and assign the custom role to the specific user.
IBE_CREATE_ORDER
Allows a user to submit a quote or cart as an order by pressing the Place Order button. If a user has this permission, ensure that he has the IBE_CHECKOUT permission as well, since without IBE_CHECKOUT the user will not see a Checkout button to enter the checkout phase.
For more details check out below link
[http://docs.oracle.com/cd/E18727_01/doc.121/e13575/T349071T351218.htm#T351225|http://docs.oracle.com/cd/E18727_01/doc.121/e13575/T349071T351218.htm#T351225] -
Avoid read-only access at physical standby
Hi!
DB=11.2.0.2
when I start the standby with
SQL> startup
the db is open read-only.
Is there a way to configure the db so that startup command only mounts the db and start redo apply?
this is the config:
DGMGRL> show configuration verbose;
Configuration - w
Protection Mode: MaxPerformance
Databases:
w_01 - Primary database
w_02 - (*) Physical standby database
(*) Fast-Start Failover target
Properties:
FastStartFailoverThreshold = '30'
OperationTimeout = '30'
FastStartFailoverLagLimit = '30'
CommunicationTimeout = '180'
FastStartFailoverAutoReinstate = 'TRUE'
FastStartFailoverPmyShutdown = 'TRUE'
BystandersFollowRoleChange = 'ALL'
Fast-Start Failover: ENABLED
Threshold: 30 seconds
Target: w_02
Observer: ora
Lag Limit: 30 seconds
Shutdown Primary: TRUE
Auto-reinstate: TRUE
Configuration Status:
SUCCESS
DGMGRL> show database w_02
Database - w_02
Role: PHYSICAL STANDBY
Intended State: APPLY-ON
Transport Lag: 0 seconds
Apply Lag: 0 seconds
Real Time Query: OFF
Instance(s):
w
Database Status:
SUCCESS
br
DanielIf Data Guard is setup correctly the application is not losing data, you cannot read from it, but it will apply logs:
Ex.
/home/oracle:STANDBY >sqlplus "/ as sysdba"
SQL> select * from BIGSHOW.CUSTOMER;
select * from BIGSHOW.CUSTOMER
ERROR at line 1:
ORA-01219: database not open: queries allowed on fixed tables/views only
So even as the SYS user I cannot read from my test user's tables.
ORA-01219 is expected when the standby is in this state.
You can open READ ONLY if you have Active Data Guard, but generally that will cost you extra.
OR, you can do thing to check your data:
To open a standby database for read-only access when it is currently performing managed recovery:
Cancel log apply services:
SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL;
Open the database for read-only access:
SQL> ALTER DATABASE OPEN READ ONLY;
At some point you have start the recovery again, you probably don't have an issue.
If you want more peace of mind on this you have to setup a test Data Guard system and bang on it.
Best Regards
mseberg -
Role for system data dictionary read-only access
[NOTE: this is for 9i]
What grants must a role have to have read-only access to
the system data dictionary tables (e.g.: ALL_SOURCE,
ALL_OBJECTS, ...)?
Or, is there somewhere in the docs that talks about this
kind of role?
Thanks in advance,
RobertWell, the answer to your explicit question would be that it would need SELECT on each of the data dictionary views that do not have SELECT granted to PUBLIC. To find out what those are, you could do:
SELECT table_name, privilege
FROM dba_tab_privs
WHERE grantee = 'SELECT_CATALOG_ROLE'however, it would probably be easier just to grant it SELECT_CATALOG_ROLE :-)
John -
Read Only Access to Storage Container
Is it possible to give Read Only access to a particular storage container without adding someone to Subscription and providing them the access key without anonymous request without going through SAS route
By default, a container and any blobs within it may be accessed only by the owner of the storage account. If you want to give anonymous users read permissions to a container and its blobs, you can set the container permissions to allow public access. Anonymous
users can read blobs within a publicly accessible container without authenticating the request.
This link gives full details
https://msdn.microsoft.com/en-us/library/azure/dd179354.aspx
Frank
Maybe you are looking for
-
Problem with video out sporatically failing
I have a 2G Touch and an iPod -> Composite Video cable hooked to my HD TV. I have sometimes been able to easily view video from my iPod but at other times I get "Device is not supported" error after which, no matter what I do, it refuses to work. How
-
Width of file in Application server
Hi there, I downloaded a file in application server. In Appl server, it shows a part of data (part of records) which an internal table contains. When I download that file using CG3Y transaction, the file contains same data as it appears in Appl serve
-
Hi, My IPhone 5 doesn't turn on at all. I wanted to sell this BUT I have important data on it such as Pictures, chats and I was signed into social networks. Is there a special way to delete my data as my phone doesn't turn on at all?
-
CS3 Crop Marks Appeared Suddenly
Today when I opened my Illus CS3--there were 8 large, black crop marks. This now happens every single time I create a new document, no matter RGB or CMYK. When I go Object>Crop Marks>Release, they disappear... .BUT then so do my bounding boxes, and I
-
I get popups about needing to update version and some add ons are expired. I would like to stop these I can't up date. I've downloaded myself and I get the file is corrupt a lot of hours for nothing tried several times downloaded from the library and