Restricting standard SAP queries from seeing HR Data

Similar Messages

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

• Is there any standard SAP report to see all active,inactive, retiree employ

  SAP experts
  Is there any standard SAP report where I can look all the employees whose employment specific status is 0 (terminated), 1(employee with the company but inactive), 2(retiree), 3(active).
  please help
  regards
  renu

  Hi Experts,
  I had a similar requirement and I used S_PH9_46000223 Report for my need as suggested.
  I observed one thing.
  "If I give Selection Date as "Today" then the entry date column is 00.00.0000"
  Can anyone clarify my doubt? it is happening in same way for other similar standard reports as well.
  Doubts
  1) Why this is happening
  2) Is it happening as it should? Whats the reason
  3) is there any functional/technical way to correct or modify
  Regards

• OIM 11g-How to restrict the role administrator from seeing "other" roles

  Dear All,
  How to restrict Administrator from seeing roles he is not suppose to administer?
  My administrator is suppose to assign only Role A. When he logs in He can see every single role. How to correct it so that he can see only Role A?
  Thank you for your time
  Maria

  Modify "All User Role Management Policy"

• How to access a table of SAP standard SAP method from external program

  Hi Friends,
  I have to access a table and modified it defined in a standard SAP method (PROCESS_INPUT_FILTER) of class (CL_HANDLE_MM).
  As we normaly do it in case of Standard program
  for example: ('(SAPLMEPO)ett[]') here we are accessing internal table ett defined in SAPLMEPO.
  so how we can do the same thing if some thing defined in standard SAP method.
  Pl. help.

  Thanks for the info guys, it will come in handy.
  I need to validate that a number is entered with zero or one decimal place, then make sure it is evenly
  divisible by .5 in order to test for whole or half numbers only. If not, I use an alert to
  display a message when the user leaves the field.
  If there is a better way to achieve this, I am all ears!
  Thank you for your time,
  Gary

• Populate data into standard component alv from Zcomponent popup data selected

  HI All
  I have to call Zcomponent in standard component and need to pass value into Zcomponent (table) and from  Zcomponent select row and pass back to standard component.
  Steps
  1) Created Zcomponent with interface node
  2) Enhanced the standard component and create used components for  Zcomponent and make it available at component controllers and view controllers.
  When I click on Button in standard component I am calling this Zcomponent as popup window.
  My problem I when I select data in Zcomponent I need to populate the data in ALV of standard component.
  I thought of 2 methods to take my selected back and populate data into standard component ALV.
  1) Create event: EVENT1 and   Interface method Method1 and link to EVENT1
  So that I can raise this event in Zcomponent and populate the data into standard component ALV
  Problem: Under events interface checkbox is visible, when I select my enhancement implementation the interface checkbox not visible under events tab?.
  2) Create Interface method Method1 write logic to populate data into standard component ALV
  But here to when I select my enhancement implementation the interface checkbox not visible under?
  Can anyone please help me why interface checkbox is not visible or any better solution to populate the data back to standard component alv?
  Thanks
  Gopal

  Hi Gopal,
  You can achieve your requirement by using EVENTS as below
  Create an event SET_DATA in component controller of zcomponent and mark it as interface and also include the parameters like context_element( type ref to if_wd_context_element), etc as below
  Now, create an action for the event onLeadSelect of your zcomp Table and write the below code
                   DATA lo_ctx_element TYPE REF TO if_wd_context_element.
                 "get the selected row
                   lo_ctx_element = wdevent->get_context_element( name =
                      'NEW_ROW_ELEMENT' ).
                 "Raise the event with parameter
                 wd_comp_controller->fire_set_data_evt( context_element = lo_ctx_element ).
  Use the Zcomponent in your standard component and make available in std. view's properties
  Create an event handler SET_DATA method for your Zcomp's event as below
  Now, inside this method, you get the parameter CONTEXT_ELEMENT and get the data from this context element as below
                 context_element->get_attrribute( ) or
                 context_element->get_static_attributes( )
  You can populate the data into standard component based on the obtained value from Zcomponent.
  Hope this helps you.
  Regards,
  Rama

• Displaying standard email fields (From, To, Subject, Date) in a List configured to accept email messages.

  OK, I'm no expert (can you tell?) and this is probably a stupid question to ask a bunch of SharePoint studs, but I can't find anything obvious in the online help.  I want my users to be able to forward email from Outlook to a SharePoint list. 
  I want the default list view to display the standard email fields.  How do I configure the List view to show those fields and be able to identify the messages of interest to them without having to open the file?
  Thank you.
  LO'D at Sanofi

  Email files' properties are not promoted properties, so they will not display. You would have to create an ItemCreated Event Receiver to extract this data from the MSG and promote them on your own.
  Trevor Seward
  Follow or contact me at...
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Standard SAP program name for the data extraction

  Please tell me the stadard SAP program  for the data extraction for Material, Vendor and Customer.

  you might want to explore tx. SXDA.

• Securing groups w/in HR module from seeing data

  Hi, looking for advice. Requirement is to secure a group of people from seeing HR data. My initial thought was to secure by employee group. Is this the viable way to go in lieu of doing anything custom? Advice/ideas appreciated. thx.

  Hi,
  As per Nolasco D'souza  we can restrict the employees access. Even we are also having authorization check with respect to Personal area and Infotypes.
  Please check with the customer how they wanted to access the system.
  Like, Through Employee group, personal area, Org key, infotypes...
  Thanks,
  Vasu.

• Standard SAP EXIT on Text Variables

  Hello Experts,
  I am working on Customer Aging Analysis. first of all I want to use standard SAP Queries and want to have a look on standard SAP EXIT created on variables.i have opened the query no 0FIAR_C03_Q0005. here it shows me one text variable 0P_KEYD2. now i want to see that SAP EXIT created on the variable of Posting Date.
  I went to SE37. i entered the Function Module EXIT_SAPLRRS0_001. but i didn't get standard SAP EXIT given by SAP.
  Can anyone tell me from where i can activate or Get the standard SAP EXIT ?
  Regards,
  Komik Shah

  Hi Mansi,
  Thanks for your reply.
  now if i want to add that SAP EXIT in EXIT_SAPLRRS0_001, then can i add it ? or do i have to directly use RSVAREXIT_0P_KEYD2 ??
  All standard SAP EXIT will work the same way you  mentioned ?? means goto SE37 --> type Variable Name --> get that exit.
  Regards,
  Komik Shah

• Currency in standard SAP Reports

  Hi Experts,
  Where can I find the currency translation settings for standard SAP reports (From Database currency to List Currency)? While I am executing one of the reports, I am finding that the system is translating the currency and displaying the output.
  Where can I find these settings?
  Regards
  Varun

  Hello Varun R
  Some  Reports such as S_ALR_87013019 are based on reporting table "RWCOOM".
  The special design of this reporting table is that it does not use the "report currency"
  to from reporting table "CCSS".
  As a consequence this "report currency" cannot be used in reports using RWCOOM.
  If you check the report definition of report S_ALR_87013019 or toher S_ALR*
  in transaction GRR3 (library 6O2, report 6OBU-001)  you see that the characteristic
  "currency type" with value "20" is used in the general data selection.
  This leads to the behaviour of the system always to display the values in controlling area currency.
  Even if you set RPO0 to a different currency this has no influence as the report definition in this case is "hard coded".
  In order now to have the values displayed in another currency (such as object currency) please copy this report into customer space and change the general data selection on characteristic "currency type" from "20" to "10".
  Afterwards you should be able to display the values in object currency.#
  I hope this helps
  Ger

• Executing a sap "program" from WD

  Hi,
  Before I have been able to do sap queries from WD using the RSAQ_REMOTE_QUERY_CALL fm. Now I'm trying to run a program called RMCY6010 using the SUBMIT_REPORT function module, but unlike to RSAQ_REMOTE_QUERY_CALL  there is not any option to choose data_to_memory in this fm. Then it is not possible to save the results to memory and map these to context variables in WD.
  Anyone who knows if this still can be done from a WD application? Is there another fm to use?
  Best regards
  Øyvind

  Hi Øyvind,
  I am sorry that I am not able to answer your question. However, I am calling RSAQ_REMOTE_QUERY_CALL, which you used before, and cannot get variant set to the correct value. I keep on getting NO_VARIANT error. I have tried "*", "", and "STANDARD". In thread,  , there is a similar discussion, but I prefer to use an FM to achieve it. Thanks.
  Regards,
  David
  Note: My question is answered. Forget about it. Thanks.
  Message was edited by:
          David Yen

• Restricting access to Queries via Search

  Does anyone have any ideas on restricting access to queries from the Bex search. We have folks that are using the search functionality of Bex and are finding queries that we have not been published to a reporting role. We instruct our query writers that when devloping queries, do not publish them to a reporting role until they are finalized and tested. We are finding that folks are using search in Bex and finding these queries that may be in the middle of development and trying ot use them. In other words, we would like to restrict the Bex search to just queries published to reporting roles.

  Hi Diago,
       Our dilema is that restricting access of the search by query name (via the role) requires the query writer, when finished with the development of their query, to do a savas with a different technical name that falls into the role restrictions of the authorization. This then leaves two versions of the query out there until the original gets deleted, if the query writer happens to remember to do that. It would be great to limit the search mechanism to just published queries. What are other folks doing to get around this issue. It seems that everyone would be running into it unless the search could be restricted in such a manner.

• Restrict authorizations for loads from HR to BW for certain data

  Hi,
  our customer wants protect some data in the HR productive system. This data are defined/restricted by certain personal areas.
  It is not enough to use reporting authorizations in BW to restrict presentation in queries or use filters in infopackets during load to avoid this data.
  The requirement is to make load of such data from HR to BW absolutely impossible, even BW administrator cannot see them and must not be able to load them.
  We will probably have to somehow limit ALEREMOTE users authorizations in BW. I do not know how and I even doubt, that extractors in HR source system perform authorizations checks for fields.
  Is there any way to do this?
  Thank you very much,
  Petr

  Hi Petr,
  Create a general enhancement program (restricted authorization) with generic name, which should be called dynamically for every datasource.
  Refer-
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2d99121a-0e01-0010-e78c-b1ae566a2413?overridelayout=true
  Not personally tested but check following.
  In that program, you may try applying following logic:
  1) You may need to use TYPE ANY field symbols
  2) In While Loop until all fields of C_T_DATA checked, may be a counter based on total number of fields.
      DELETE C_T_DATA where <TYPE_ANY1> EQ (OR use IN) specific value(s) of Personnel Area
      DELETE C_T_DATA where <TYPE_ANY1> CS (Contains, check pattern) specific value(s) of Personnel Area
  ENDWHILE.
  Optionally: For Standard Daatsources in the same program you can add logic based on standard field only "WERKS".
  Note: You may need to research on dynamic pointing using field symbols for every field.
  Thanks
  Arun Purohit

• Need info on Standard Web services to pull Order data in CRM from external applications

  Hi Gurus,
  I have a requirement to pull Order data in CRM from external non-sap application using Web services. Are there any standard SAP provided web services to pull order data based on some input? If yes, can you provide me any kind of documentation related to this?
  Appreciate your help on this.
  Thanks
  Lakshman

  Hi Lakshman,
  I have checked further.
  Please review below link of the SAP Help documentation :
  http://help.sap.com/saphelp_nw70/helpdata/en/47/3a989cbcef2f35e10000000a1553f6/content.htm?frameset=/en/46/97218e79f115eae10000000a114a6b/frameset.htm&current_toc=/en/d1/802cfc454211d189710000e8322d00/plain.htm&node_id=439&show_children=false
  and also the link :
  –http://esworkplace.sap.com/socoview(bD1lbiZjPTAwMSZkPW1pbg==)/render.asp?packageid=DE0426DD9B0249F19515001A64D3F462&id=347DD31EB5AB4BC592BD8B29C0981A1B
  Hoping that this will be helpful.
  Best regards - Christophe