Restricting users from backend changes
Hello,
I have some users who keep doing the changes from backend without going into the application ( Forms 10g Frontend). I want to restrict all users to change the data from backend so that whenever they use sqlplus they can't change the records in the tables. But whenever they are running the application ( Oracle forms) they should be able to change(insert/Update/Delete) the records in the table. Any suggestion how can I make this happen.
Thank you.
Assuming the users dont have the schema owner password and have to log into their own accounts in sqlplus.
grant a role to the user identified by a password. Dont tell the users the password. :)
grant select, insert, update, delete, execute permissions to specific tables, functions, procedures to the role.
When the users go into sqlplus they wont be able to do anything until the role is enabled since it has a password. Remember, they dont know the password so they are not going to be doing much.
In your pre-form trigger do this to enable the role so they can do things.
Check to see if the currently logged in person has the role assigned..
SELECT GRANTED_ROLE
FROM USER_ROLE_PRIVS
WHERE USERNAME = my_username_variable and
granted_role = 'MY_ROLE';
if they do have the role then do this...
DBMS_SESSION.SET_ROLE('my_role IDENTIFIED BY my_password');
Now they can insert, update, delete and so on from the form.
Similar Messages
-
Restricting User from Status Change
Dear All,
I have the below requirement in support ticket :-
1. End User can confirm only the calls pertaining to them.
2. End User is allowed to change the status "In Process" and "Confirmed".
3. Message processor is allowed to change the status "Customer Action" and " Proposed Solution"
Regards,
RajHi
If standard roles as per the guide not helping you thn
you can customize them more...for e.g A user "X" can set status but User "Y" cannot ..to do this use this authorization object
authorization object B_USERSTAT and authorization key can be created and assigned to ur each status in the status profile
So for e.g...for same status profile -
X & Y are processors but X cannot set certain status which Y can
Hope it answer ur query
Regards
Prakhar -
Restricting user from changing price in me22n after goods receipt
i want to restrict the users from changing the price of the material in me22n after after goods receipt.
pls tell me the userexit for it with detail.Okay, then let me play the role of the bad man.
Why would you need to restrict users from changing a price after GR ?
Do you think that users are changing prices just for fun or to mess up the system?
Have you talked to users why they want change the price after a GR?
do you have an alternative plan, for the case that the price really needs to be changed to be able to post the invoice? do you want to cancel always the GR in this case? Is is possible? What if the stock is already issued? do you then want to cancel the entire chain? what if a month end closure was already done? -
Restrict users from changing roles
Is there a way to restrict users from changing roles
themselves? If a user goes to My Connections and then clicks Edit,
they could, in theory, change to any group they want--except to the
administrator group because you have to enter a password. If the
admin isn't watching the site 24/7, the user can change their roll,
let's say from a writer to a publisher, and publish something
before the admin can notice.
Is there anything that can be done to restrict that?You can use connection keys...this will only allow a user to
change their name and email address (I think...I can check on this
tomorrow). We use these at my work and it allows for a lot more
control over who is assigned to the proper groups. -
Need to restrict users from adding or modifying folders or reports
Requirement: Need to restrict users from adding or modifying folders or reports through Info view and to reflect the modifications only thriough LCM.
Issue: Customer wants to restrict users from adding or modifying existing reports from Infoview and need to force users to do make the changes through Life cycle manager tool.
As per my understanding LCM can only be used to to promote folders and objects from one environment to another and to schedule the promotion of these jobs on a daily basis.My query is:
Can we add or modify existing reports or folders using the LCM tool?
Could you please help me out in this issue and provide me your suggestions.
Thanks in advance.
Prashanthi Rayaprolu.You can not restrict that using LCM. Need to modify the rights at the folder level.
Explicitly remove the following rights for the user group,
Add objects to the folder
Edit objects
Delete objects
Copy objects to another folder (check this if required)
Once the above four are denied then users wont be able to Edit/Add/Delete reports in that folder. -
Restrict users from editing and deleting not owned items
Hello guys.
I'm trying to restrict users from editing and deleting items created by other users. I know, that it can be achieved by using SPList.WriteSecurity parameter, but if I change its value to 2 or 4 - nothing happens...
May be there are some list permissions that can override this security setting? I tried to combine permissions in different ways but users either cannot modify any items or can edit/delete all of them...
By the way, setting ReadSecurity=2 works as it should work regardless of user permissions...
Please help.Hi,
I understand that you want to change the write security for the document library. You can try the PowerShell script below:
$web = Get-SPWeb http://serverURL
$list = $web.Lists["Document library"]
$list.ReadSecurity = 2
$list.WriteSecurity =2
$list.Update()
$web.Dispose()
This setting will not affect the site collection administrator, he will always be able to edit the documents. You need to sue another account to have a test. If this still doesn't work, I think you need to manually edit the permission for each documents.
Thanks,
EnTan Ming
Entan Ming
TechNet Community Support -
Create EBS user exactly as an existing user from backend
Hi All,
I want to create a new EBS user which is exactly as an existing EBS user from backend ( such as responsibilities, end_date,start_date etc)
EBS 12.0.6
Database 11.2.0.2.0 .
Thanks in advance,
PPFNDLOAD (download the user data you want to clone, edit the ldt file with the new user info/details and upload it again using FNDLOAD) -- https://forums.oracle.com/forums/search.jspa?threadID=&q=FNDLOAD+AND+User&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
Thanks,
HusseinShall i have to create a user first then run then run FNDLOAD
I found this command from a site (http://oracle.anilpassi.com/oracle-fndload-script-examples.html)
FNDLOAD apps/**** 0 Y DOWNLOAD $FND_TOP/patch/115/import/afscursp.lct ~/XX_FND_USER_SRINI.ldt FND_USER USER_NAME='SRINI'
Now I have changed the info in the ldt file according to my user id.
What i command i should write now ?
Thanks in advance.
PP -
Restricting users from removing EFB paramter
Dear all,
We have defined user parameter EFB in OMET to ensure users have reference documents when creating a PO. This EFB parameter is then added to the user profile via SU3's parameter tab.
However, all users have access to SU3 to define their own set of parameters. With that, we run into the risk of users removing the assigned EFB parameter themselves, thus allowing creation of PO without reference.
Is there anyway that we can restrict users from removing this parameter or are there any alternatives?
Thanks.Hello,
Sorry, but there´s no option to prevent the change if the user parameters.
I could find the answer from a developer:
"the maintenance of PIDs is designed without any authorization check. The background is that every user should have the possibility to fit his/her own PIDs for daily work.".
Best Regards,
Arminda Jack -
How to restrict users from printing documents and exporting to local file
Hi SAP gurus,
I have two questions.
1. How can I restrict users from printing a document? i.e. billdoc? I would like to know if I could block it though authorization. If yes, what auth obj to use?
2. How to restrict certain users from exporting to local file? the System> List>Save-->Local File. I have tried restricting it using auth object S_GUI but it seems it is only applicable to older versions of SAP. im on ecc6.
Thank you in advance.Hi,
Check this:
Create your own gui status and attach it to the list in the event START-OF-SELECTION.
In the menu painter extra -> adjust template.
Make it a list status and you will see all the standard list options appear including list->download
Deactivate the ones you don't want.
If you just want to prevent users from downloading the list you can achieve this with authorization object S_GUI, activity 61. Menu option will still be there though.
Please note that if you remove authorisation for S_GUI activity 61 then all downloads will not be possible.
If you just want to disable downloads only for a particular report, you can try this test program:
Code:
REPORT ztest.
DATA: PROGNAME LIKE SY-CPROG value 'Z_CHECK_AUTH',
FORMNAME LIKE SY-XFORM value 'F_CHECK_AUTH'.
START-OF-SELECTION.
CALL FUNCTION 'SET_DOWNLOAD_AUTHORITY'
EXPORTING
FORM = FORMNAME
PROG = PROGNAME
EXCEPTIONS
OTHERS = 1.
WRITE: / 'TEST'.
You also need this:
Code:
PROGRAM z_check_auth.
FORM f_check_auth USING pe_result TYPE i.
pe_result = 5.
ENDFORM.
Also have a look at the exit SGRPDL00.
Hope this helps you.
Rgds,
Raghu -
!!!How to restrict user for making changes in Sales order , partner level
Hi all,
Can anybody tell me how to restrict user for making changes in Sales order at partner level, is it through user exit?Hi Ruchi
I hope u had gone to the screen fields which u want them not to be editable. So there u select all the fields contents which u do not want to to be changed and check the boxes with W.content and Display and save it. Once evrything is done u have to activate the particular transcation going in to the standard variants and put the name and click the activate button.
Hope its clear
Reward if help ful
Sri -
Restricting User from creating new records using when-validate-record
Hi,
I have a requirement for which I have to restrict he user from creating a record in the Supplier Master form if the suppliier type is 'Affiliate Supplier'.
I have done the following setups
Seq 10
Description Restricting user from creating Affiliate records
Level Function
Enabled Yes
Condition:
Trigger Event WHEN-VALIDATE-RECORD
Trigger object VNDR
Condition "${item.VNDR.VENDOR_TYPE_DISP_MIR.value} is NOT NULL
and
${item.VNDR.VENDOR_TYPE_DISP_MIR.value} LIKE 'Affiliate%'
Processing Mode BOTH
Context
Level User
Value User Name
Action Sequence 1
Type Message
Action Description Saving Affiliate record
Language ALL
Message Type Show
Message Text You Cannot Create Affiliate records Here
Action Sequence 2
Type Builtin
Action Description Stop Proceesing
Language ALL
Action Enabled Yes
Builtin Type RAISE FORM_TRIGGER_FAILURE;
This is working good on one instance but when I moved it to another instance
when I query the form and try to navigate to the bank accounts tab of the form which is based on a differnt block i.e VNDR_USES block, the when-validate-record trigger fires there also and stops the processing.
Any suggestions on this would be higly appriciated.
Thanks in Advance.Hi Srini,
Yes, it does work...but in a Form Session if i Create more then one Item, in some cases it fires for the first records and not sleeps for the second.
Sometimes it doesn't give any response.
Appreciated if you divert to the link to check the Pacthes for 11.5.10 on Form Personalization.
Please share any ideas/example if yiou have to achieve the below requirement.
Requirement:
Once New record is created , a Custom Procedure should be invoked.
with out closing Form i am able to create n number of Items, so for every Item it should invoke Custom PLSQL Code on Save.
Let me know if i can achieve the same in Custom.pll .....as i can use either of Options.(Form Personalization/Custom.pll)
Thanks & regards,
Edited by: user632004 on Mar 16, 2010 7:50 PM
Edited by: user632004 on Mar 16, 2010 8:09 PM -
Restrict users from archiving PST to local computer
Hi all,
I would like to restrict users from archiving emails in outlook to the local computer. We have a serious problem that users are archiving emails to the local computer and then they can copy those emails to external devices or that they can attach this local
pst file to their personal outlook profile which they can forward it to external recipients. We have ran into a serious problem now and I am try to resolve this problem by restricting users to archive the emails to their local computer. Is there any way I
can do this?
Only designated users should be able to archive the outlook emails (from the support team) and they can save it to a central file server.
Please share me your thoughts. Thank you all for taking time to read this and for your suggestions.Hi Friend,
Use Group Policy Feature and enable the “DisablePST” Reg value as it will not allow users to create new PST file or even remove the Archive function from their Outlook interface.
Registry path to disable PST File authentication (Group policy):
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook
Take a brief explanation about various restrictions over PST File:
https://www.simple-talk.com/sysadmin/exchange/using-group-policy-to-restrict-the-use-of-pst-files/
Note: Improve community discussions by marking the answers helpful otherwise respond back for further help.
Thanks
Clark Kent -
Restrict users from using Manual series
Hi SAP,
Is there a way to restrict users from using the Manual series?
Thanks,
JaniceHi Rahul,
Ok, i have seen already the authorization for document manual numbering and it is available only for 8.8 versions and not on 2007 version of SAP.
Anyway, when im doing the testing i found out that for banking transactions like incoming, user can still use the manual series even if he has no authorization for manual document numbering.
Another concern from our client was the use of manual series only, is it also possible in SAP? I tried to give user authorization in the manual document numbering and no authorization to series group no but user cannot already open the transaction window. Let us know if their inquiry is possible so i could inform them that only manual series can be restricted.
Thanks for your help.
Regards,
Janice -
Hi Experts,
Is there a way to restrict users from sending data through input schedules ?
My requirement is to lock the weeks as we go . for example if data has already been sent in week1 no one should be able to modify it through input schedules.
other weeks should be open for sending data. The weeks that have passed need this restriction.
Any ideas ?
ThanksHi,
You should first maintain the work status at the appset level. Please refer to the below link from help.sap:
http://help.sap.com/saphelp_bpc75/helpdata/en/f8/d51b881cfa4c5992de481ccfa05db3/content.htm
Hope this helps. -
Restrict Users from saving files on Local PC but forced to Network Shared Location
Hi,
We have the Domain in Windows 2003 Standard.
How can I restrict users from saving files in their Local PC?
Also, need to forced them to save the files in Network Location with permissions...
Thanks.
~CoolPra~Hi,
You can create a file screen to prevent users from saving files on a certain volume. File screens are used to block specific types of files from being saved on a volume or in a folder tree. A file screen affects all folders in the designated path. You need
to update the server to Windows Server 2003 R2 to install the File Server Resource Manager.
File Screening Management
http://technet.microsoft.com/en-us/library/cc772675(v=ws.10).aspx
Best Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Maybe you are looking for
-
Custom splash screen for app under JWS 1.2 from 1.4.1 beta?
Has anyone gotten a custom app's splash screen to come up instead of the damn Sun Java Web Start splash screen to come up when the app starts from a desktop icon or if you launch it from JWS? I added it to my jnlp file as specified in the docs, but i
-
Ipad 1 crashes, if there are over four png files loaded in the same location.
I added a HTML widget in iBooks Author. This includes four transparent pictures, which are loaded over each other. If there are more, then four of them, then ipad 1 just closes the programm. Any ideas?
-
JEditorPane always scrolls down to the bottom, how can I prevent this?
Hello, I have the following code that contains a JTable and JEditorPane in a panel. When I click on a headline on the table, I have some text showing up in the lower pane. My problem is that the lower pane (that is inside a JScrollPane) always scroll
-
Installed Maverick yes Mac still shows 10.8.5 installed
Weird thing. I have been trying to run the migration assistant on my Macbook Pro with Mavericks installed and its the old version from 10.8. So I looked at "About this mac" and it says that 10.8 is installed. Yet I installed Mavericks on it and even
-
Browser closes on invoking the Forms Services 10g.
Hi All , When I invoke the forms services using the following url in the browser , the browser window closes :- http://<IP-address>/forms/frmservlet Could anyone let me know what could be the reason for this and how to resolve it. Thanks,