Roles with Change Access to Table Maintenance

Similar Messages

• Users with direct access to tables

  I need to find out which users have direct access to tables, not through the roles.
  Is dba_tab_privs the right table to query or table_privileges is the correct one.
  Please let me know the difference between these two.
  I have gone through the documentation but I am still not clear about the difference between them.
  Let me know whatever your thoughts are on this.
  Thanks,
  Rushi

  Ah, an opportunity to illustrate the value of COMMENTs:
  SQL> select * from dict where table_name = 'TABLE_PRIVILEGES';
  TABLE_NAME
  COMMENTS
  TABLE_PRIVILEGES
  Grants on objects for which the user is the grantor, grantee, owner,
  or an enabled role or PUBLIC is the grantee
  SQL> select * from dict where table_name = 'DBA_TAB_PRIVS';
  TABLE_NAME
  COMMENTS
  DBA_TAB_PRIVS
  All grants on objects in the database
  SQL>So, TABLE_PRIVILEGES is a view relevant to the user who is currently connected and SELECTing from it.
  DBA_TAB_PRIVS is what you want to use to find users with direct access granted to tables.

• How to change width of table maintenance screen in sm30

  Hi,
  I want to change the width of table maintenance screen in sm30 of a view. I am trying to change it through screen painter.
  But its giving me error - screen or window limit reached. I want to increase the widht to show all the fields at once.
  Is there any way for this?
  Also, earlier in table maintenance generator of view, there was one step selected. I changed it to two steps and re-generated the TMG. But again Its showing only one screen in sm30.
  Kindly tell me which step I have missed out.
  Regards,
  Seema Naharia

  I guess the links below should help in your problem ..
  http://www.saptechies.com/how-to-create-table-maintenance-generator/
  Window size on SM30
  If these do not please tell ..
  Regards,
  Manthan

• Problem with the regeneration of Table Maintenance

  My Scenario is like this.
  I have to add a Long Description with a length of 4000 Charecters. For this I have created in my Z TAble ZINT  INT2  5  and ZZLONG_DESC  LCHR  4000. I have activated the ZTABLE. I have Adjusted & Activated the Database by using Data Base Utility. I have regenerated the Table Maintenance (SM30), here my concern is I am not able to see the ZZLONG_DESC Field for Value Entry. I have seen all other Fields are ready for input, except this field. How do you achieve this.
  What ever I will type in ZZLONG_DESC, when I say SAVE it should be available in ZTABLE.
  How to read the Long TExt for 4000 charecters, is it possible using the Function  Module "READ_TEXT".  Please suggest me.
  Thanks & Regards,
  Sivaram Kandula

  Hi Sivaram,
     Yes, there is a problem with fields of long lengths. But, can I know exactly what type of table maintenance u have generated? Is it a one step or a two step? I suggest you to go ahead with creation of two step table maintenance. Then you will definitely see that in the second screen means, when you click on "New Entries" you should be able to see it. Plz have a try at this and let me know with the update. Hope this should work out.
     Otherwise, better to go with Text table concept. Hope you got it.
  Thanks,
  Adithya K
  SAP Practise.
  Note:  Reward points for the helpful answers.

• Integrate IdM roles with Sun Access Manager roles

  Hi all,
  I am currently working on a solution involving Sun Identity Manager 7.1 and Sun Access Manager 7.1 as well. We use AM for overall authentication and SSO across the application, and IdM for user provisioning.
  I need to create roles in Identity Manager, and I would like that when I assign a role to a user in Identity Manager, he gets the same role in my Access Manager repository (Sun LDAP). Identity Manager does provide a way to set attribute values in resources when a role is set. Access Manager on the other hand has both dynamic roles, based on an LDAP search, and static roles.
  What are the important differences between static and dynamic roles in AM?
  Does anybody know a good way to propagate roles from Identity Manager to Access Manager?
  Thanks.

  I found answers to my question. I succeeded in setting the Access Manager role from Identity Manager using the nsRoleDN attribute. Here are some references to begin with:
  About directory server roles:
  http://docs.sun.com/app/docs/doc/820-2493/fvbrn?a=view
  Forum thread reference:
  http://forums.sun.com/thread.jspa?threadID=5208694
  Here are roughly the steps I followed to get this working.
  Access Manager roles setup:
  1. In Access Manager, create a new static role named test_role under the identities realm (in Subjects > Role).
  Identity Manager roles setup:
  1. Create a new role in Identity Manager: tab Roles, click New....
  2. Assign the LDAP resource to synchronize the role with.
  3. On the Assigned Resources line, click the Set Attributes Values button. This shows up the attributes listing allowing you to bind your IdM role to your LDAP repository.
  4. Set the attribute nsRoleDN to the LDAP DN of the role that was created in AM (nsRoleDN must be added in the resource attributes mapping before).
  * In the column Value override, select Text.
  * In the column How to set, select Authoritative merge with value, clear existing. (* See IDM Admin guide about this setting, I am still not sure how it reacts with multi-value attributes)
  * In the text box, enter the role DN text (ex: cn=test_role,dc=com).
  5. Save the role. You can now add the role to a user.

• Creation of roles with restricted access to infoarea

  HI !
  We need to create some custom roles in BW, which will restrict the user (with that role) to access only specific infoareas in BW,  i.e. the reports and Infoproviders etc created under those InfoAreas.
  When I tried to create a role in tcode PFCG, I dont get any such options to restrict by InfoArea. Do we have to create custom Authorization objects for this and assign them to this role? if yes, how do we create such Authorization objects?
  I am totally new to roles/profiles etc... i read the online documentations, but cudnt understand them much.
  <u>Please provide the steps to do this</u>.
  Thanks,
  SUshmita

  hi Sushmita,
  try authorization object S_RS_COMP - business explorer compnent (under RS - business information warehouse),
  you can specify infoarea, infocube
  hope this helps.

• Issue with changing Access Service in ACS 5.2

  Hi,
  I am working on lab setup where I installed ACS 5.2 I created new access service and used it in existing service selection rule (Rule-2) earlier but it didn't work. Later I created new service selection rule and applied new service access rule. However even after this change it keeps applying predefined default access access service. Please refer attached picture for better understanding.
  As shown, I want Aks-Rule to work and apply service 'Lab-Policy' however it keeps referring Rule-2 and applies 'Default Device Admin' access service even after I disable it. 
  I have to restart ACS service from CLI console to make it work. Is this a bug or am I missing anything. Please advise guys.
  Regards,
  Akshay

  Since the policy AKS is top in sequence under service selection rule so it should hit for sure. As you wrote that even after disabling the default device admin, then also request is hitting the same and restarting the ACS services resolved the issue. The symptoms of your issue are exactly same as stated in this defect.
  CSCuo93378    Certain browsers cause ACS database corruption
  Due to this issue we have seen cases where request hits the disable and default policies without any reason. Actually accessing ACS via chrome mess around with all the operators in conditions.
  The only workaround is to access all the rules and conditions in supported browser. Ensure all the operators are correct, save the changes and restart the ACS services.
  The issue seems to be fixed in ACS 5.5 patch 5
  Regards,
  Jatin

• Varient table update with changes in sap table

  Hi,
  is there any way with which i can update a varient table with the new values in sap standar table.
  example can be, i created varient table T_TEST, its having 2 characterstic MAT_1 and MG_1,
  MAT_1 is key field and is is having material number from mara , MG_1 is material group.
  so can i update my varient table automaticaly each and every time a new material is created ?
  while going through SAP help i come across
  http://help.sap.com/saphelp_erp60_sp/helpdata/en/23/0be7d831cb11d2909c0000e8a49aad/content.htm
  but its for transfering data from varient table to new database table , i want it other way round.
  please reply if you did it in past.
  Thanks
  Best Regards
  Edited by: Ritesh on Nov 4, 2010 10:00 PM

  technical teams got the ways to do it , closing thread.

• Changing the table maintenance generator

  hi expert if table maintenance generator is created for a table and after the creation table is changed then how to change the old table maintenance generator?
  Thanks
  Avadhesh
  Moderator message: standard functionality, please search for available information/documentation before asking.
  locked by: Thomas Zloch on Oct 1, 2010 1:37 PM

  Hi Abbu_sap
  I am agree with Rock's answere.
  go to utilities->table maintenance generator and delete it.
  After it recreate it in a similar manner as you created earlier and save it.
  it will work fine.
  As I also do this every time I change the table and it works fine for me.
  Thanks
  Lalit Gupta
  Moderator message: please do not just repeat what somebody before you already said, there is no added value.
  Edited by: Thomas Zloch on Oct 1, 2010 1:37 PM

• User in 2 user groups always picks the rights from the group with least access -BOBJ 4.1 SP2

  We have BOBJ 4.1 SP2 installed.
  Lets say User1 is in a role1(User group) that has restricted access(no access to design menu for WEBI report in launchpad). Works fine when User1 logs into the launchpad. Cannot see the Design menu in Launchpad.
  User1 is also in another role2(user group) that has Design access for WEBI report (more like Power user access).
  Now when logged into a launch pad via SAP portal, and opening WEBI report on which role2 (user group) is applied that has Design access, user1 cannot see the Design menu of WEBI report. This is probably happening because User1 is also part of role1 that has restricted access. So it looks like it is always picking
  the role with least access and applying it no matter which report I am opening.
  I would expect the role to regulate the authorizations on the report. And one user could be a simple end user for one report and a power user for another report.
  Please advise if this is a Known issue or expected behavior. Is there a work around?
  Thank you very much
  Suman

  Hello Suman,
  Try avoid denial based security rights assignment instead you can specify the  unspecifed. As Greg said
  Denied + Granted = Denied
  Denied + Not Specified = Denied
  Granted + Not Specified = Granted.
  You should not deny rights for HR End User usergroup, Instead make them as unspecified. If you do so the whenever the user part of both the groups , your security rights aggregation would be
  Granted + Not Specified = Granted.
  Make sure you follow the approach as above.  You can refer the blog below for how to structure the folder, report and User group hierarchy and effective maintenance of security
  BusinessObjects Administration - Content Management Plan
  Regards
  Mani

• Userdefined Roles with transaction codes.

  Dear All,
  Can someone pls let me know how to get the details of the userdefined roles with linked transaction codes, tables in which the data is stored, so that a report can be created to list these details.
  TIA
  Abdul Moghani

  Hi,
  it looks like, this thread has to be posted in the abap forum.
  regards
  Siggi

• Problem with table maintenance allowed

  hi,
  here my problem is table is genarated and stored under local object that time i m creating function group is zabc. afterwards i m storing my table in my development class that time it is not possible to change function group in table maintenance genarator plz help me any one knows.
  what is the exact use of table maintenance generator i m using this for ztables and i m going to screen painter i m adjesting the fields.what is the exact use of it.

  Hi,
  1) You may delete the function group assignment and re-assign another one in change mode
  2) The use of table maintenance generator is to provide users with a screen to maintain data in the table. If the data is not going to be populated by any users then there is no need for it. Transactions will automatically populate the data in the background
  3) One can access the maintenance screen by going to SM30 or can assign your own transaction code to access it
  Hope it helps.
  Raj
  Reward points if helpful

• Error while accessing BSAD Table with dunning date

  Hi ,
  I developed a report for FI module accessing BSAD table with default customer ranges and for specific dunning dates - It ran for a very long time and timed out - (I know this is due to huge volume of data) -
  Is there any way to access BSAD table easily with Dunning dates (Other than creating Index on it) ???
  Or any standard function module available ??
  Regards
  Rajesh.

  Hi
  Try the below tables for the dunning data details:
  MHND            Dunning Data
  MHNDO           Dunning data version before the next change
  MHNK            Dunning data (account entries)
  MHNKA           Version administration of dunning changes
  MHNKO           Dunning data (acct entries) version before the next chang
  SKS

• DBIF_RSQL_SQL_ERROR with SQL error in the database when accessing a table.

  dear all,
    i have done a system copy from production server into quality server. quality was scrapped and freshly installed with SAP then used the DB flush method to carry out the system copy. i had to change the DBS_ORA_SCHEMA in environment variables to SAP<SOURCE SID> from SAPSR3. the sap version is ECC6.0,DB is ORACLE10.2 on WIN NT.
    after MMC opened, i get "SQL error in the database when accessing a table" error is coming. in SM21, I am getting "Transaction Canceled 00 671 ( DBIF_RSQL_SQL_ERROR 20081018130339sibqty_QTY_00 SAPSYS 000 )
  Database error 8103 at SEL access to table TBTCO
  Run-time error "DBIF_RSQL_SQL_ERROR" occurred
  Database error 8103 at FET access to table TBTCP
  Run-time error "DBIF_RSQL_SQL_ERROR" occurred
  > Short dump "081018 130339 sibqty_Q TY_00 " generated
  Transaction Canceled 00 671 ( DBIF_RSQL_SQL_ERROR 20081018130339sibqty_QTY_00 SAPSYS 000
  > Short dump "081018 130339 sibqty_Q TY_00 " generated
  Transaction Canceled 00 671 ( DBIF_RSQL_SQL_ERROR 20081018130339sibqty_QTY_00 SAPSYS 000
  Delete session 001 after error 023
  Database error 8103 at DEL access to table TMSALOGAR
  Run-time error "DBIF_RSQL_SQL_ERROR" occurred
  > Short dump "081018 130432 sibqty_Q TY_00 " generated
  Database error 8103 at FET access to table SNAP
  Run-time error "DBIF_RSQL_SQL_ERROR" occurred
  > Short dump "081018 130432 sibqty_Q TY_00 " generated
  Transaction Canceled SY 002 ( SQL error in the database when accessing a table. )
  Database error 8103 at FET access to table TSP02"
  please find the st22 DUMP:
  ow to correct the error                                                                          |
  Database error text........: "ORA-08103: object no longer exists"
  Internal call code.........: "[RSQL/READ/TBTCO ]"
  Please check the entries in the system log (Transaction SM21).
  If the error occures in a non-modified SAP program, you may be able to
  find an interim solution in an SAP Note.
  If you have access to SAP Notes, carry out a search with the following
  keywords:
  "DBIF_RSQL_SQL_ERROR" "CX_SY_OPEN_SQL_DB"
  "SAPMSSY2" or "SAPMSSY2"
  "INITIATE_JOB_START"
  If you cannot solve the problem yourself and want to send an error
  notification to SAP, include the following information:
  1. The description of the current problem (short dump)
  To save the description, choose "System->List->Save->Local File
  (Unconverted)".
  2. Corresponding system log
  Display the system log by calling transaction SM21.
  Restrict the time interval to 10 minutes before and five minutes
  after the short dump. Then choose "System->List->Save->Local File
  (Unconverted)".
  3. If the problem occurs in a problem of your own or a modified SAP
  program: The source code of the program
  In the editor, choose "Utilities->More
  Utilities->Upload/Download->Download".
  4. Details about the conditions under which the error occurred or which
  actions and input led to the error.
  The exception must either be prevented, caught within proedure
  "INITIATE_JOB_START" "(FORM)", or its possible occurrence must be declared in
  the
  RAISING clause of the procedure.
  |   
  please do me this favor if you know to avoid this problem..
  thanks a lot..

  Hello Anuj,
  This is because the COUNT(*) is returning a value which is longer than the INT4 data type it is expecting. If you restrict the selection by introducing a WHERE clause, then you won't get the dump:
  DATA: dyn_from    TYPE string,
        dyn_where   TYPE string,
        gx_sql_err  TYPE REF TO cx_sy_open_sql_error,
        gv_text     TYPE string.
  dyn_from  = `DD01L INNER JOIN DD02L ON DD02L~AS4LOCAL = DD01L~AS4LOCAL AND DD02L~AS4VERS = DD01L~AS4VERS`.
  dyn_where = `DOMNAME LIKE 'Z%'`.
  TRY .
      SELECT COUNT(*) FROM (dyn_from) WHERE (dyn_where).
      WRITE: / sy-dbcnt NO-GROUPING.
    CATCH:  cx_sy_open_sql_db             INTO gx_sql_err,
            cx_sy_dynamic_osql_semantics  INTO gx_sql_err,
            cx_sy_dynamic_osql_syntax     INTO gx_sql_err.
  ENDTRY.
  IF gx_sql_err IS BOUND.
    gv_text = gx_sql_err->get_text( ).
    WRITE: / gv_text.
  ENDIF.
  BR,
  Suhas

• Why data change in linked table in Access - link from Oracle DB

  Can someone please help me to solve this situation? I try to find out why data is changed from Oracle to Access. I must come back to this thread because lot of data in my Oracle database is defined as NUMBER(22), and I am using Access heavily.
  Here is the problem:
  In Access, I created ODBC connection (System DSN) to Oracle 9.2 database by using Oracle driver (NOT Microsoft ODBC for Oracle). Then I linked tables from Access with the Oracle table. What happens is that the number in Access linked table is displayed as a scientific number. Is there a way that I can preserve whatever I have in Oracle database?
  For example:
  Comp_ID in Oralce is defined as NUMBER(22) = 40000000000324003; In Access it looks like this 4.0000000000324E+16.
  What I have in my system:
  1- Oracle 9.2 client
  2- Oracle driver
  3- Access 2003
  4- Jet - SP 8

  Can someone please help me to solve this situation? I try to find out why data is changed from Oracle to Access. I must come back to this thread because lot of data in my Oracle database is defined as NUMBER(22), and I am using Access heavily.
  Here is the problem:
  In Access, I created ODBC connection (System DSN) to Oracle 9.2 database by using Oracle driver (NOT Microsoft ODBC for Oracle). Then I linked tables from Access with the Oracle table. What happens is that the number in Access linked table is displayed as a scientific number. Is there a way that I can preserve whatever I have in Oracle database?
  For example:
  Comp_ID in Oralce is defined as NUMBER(22) = 40000000000324003; In Access it looks like this 4.0000000000324E+16.
  What I have in my system:
  1- Oracle 9.2 client
  2- Oracle driver
  3- Access 2003
  4- Jet - SP 8