Special permission on Db_datareader user for execute sp_helptext
Hi friends
I have a question. Is there a method that allow a user db_datareader execute the procedure sp_helptext?.
I tried the following with bad results:
1) I created a role in my database and i tried to assign the sys.sp_helptext procedure but appears the following message:
"Permissions on server scoped catalog views or system stored procedures or extended stored procedures can be granted only when the current database is master (Microsoft SQL Server, Error:4629)"
So, i created the role in the master and i assign the user. but it didn't work in the execution.
2) in a blog i found that was possible using this script:
grant VIEW DEFINITION on OBJECT::sys.sp_helptext to RL_Ejecutor
The "RL_Ejecutor" is a role that i created but it didn't work.
Please help me with this
Greetings
db_datareader is a fixeddatabase role. That means you cannot change the permissions db_datareader has.
To allow a user to execute succesfully sp_help text over an object (a view, stored procedure or function) the user must have at least view definition permission on that object, not on sp_help_text stored procedure.
The following statement grants view definition permission to TestUser (a user in the database)
GRANT VIEW DEFINITION TO TestUser
TestUser now can execute successfully sp_help on any object of the current database.
If you want to allow TestUser to view the definition of an specific object you execute the following statement:
GRANT VIEW DEFINITION ON dbo.YourStoredProcedure TO TestUser
The same is valid for a user defined database role, just replace TestUser with the name of your database role.
"No darás tropezón ni desatino que no te haga adelantar camino" Bernardo Balbuena
Similar Messages
-
RFC profile user for execute RFC
hi abappers,
I want know the profile or activity groups that is used in SAP if the user want conect with a RFC to modul function.
¿Is there a t-code?
¿Is there method for compare activity groups or profile or users,... between systems?
Cordial greetings.Hi,
You may use FM BAPI_USER_GET_DETAIL to read user data from remote systems.
Remark: In general user administration is RFC enabled so most FM BAPI_USER* are enabled to. This is the reason why RFC users should have the authorization to display users only - unless you want to allow remote changes...
Kind regards,
HP -
Hi Experts,
I am learning GP(Guided processor)according the document
http://help.sap.com/saphelp_nw70/helpdata/en/44/0d5b8f250d5cfae10000000a155369/frameset.htmneed.
I meet two question when I learn the GP.
The first:
This document don't tell me how to config the member framework of the company. After I design the GP, I have to config the user and role in the runtime for executing. I hope I can use the WDA(webdynpro for java or webdynpro for java) to implement to config the user for executing in the runtime. Thus, the customer don't config the user when runing the GP. But I don't know how to do this.
I need a document guide step by step to tell me how to do this.
The second:
If I use the workflow in the GP, I have to install and config the NWDI(Netweaver Development Infrastructure). Now I have installed the NWDI, but I don't know config it so that I can download it to my machine for develop the workfolw in the GP.
Do you give me some hints? Thanks a lot.
Thank a lot.
Best regards,
taoHi, Mithu,
Thanks a lot for your help in advance.
I have carefully read the document: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6b66d7ea-0c01-0010-14af-b3ee523210b5.
Now, I think I have to set the processor of every actions in every process if I use the GP for processing the workflow.
I am better to hope that I can set the processor to the role for every actions in every process in the runtime through get the organizational structure in the WDA(webdynpro for java or webdynpro for java). Thus, the customer don't set the processor to the role for every action in every process when runing in the GP. I don't know how to do this.
Whether the function is not supported in the GP? If so, I have to config two organizational structure: in the R/3 and in the Portal. I don't think our customer don't receipt this solution.
Do you give me some hints? Thanks a lot. My email: [email protected]
Thanks again.
Thanks & Regards,
Tao -
Granting read/write to user for SQL agent
Hi all, I'm new to SQL, SSMS, TSQL etc. How do I grant read/write permission to a user for SQL agent, so they can see the SQL Server Agent part in object explorer?
Thanks in advance :)Hi all, I'm new to SQL, SSMS, TSQL etc. How do I grant read/write permission to a user for SQL agent, so they can see the SQL Server Agent part in object explorer?
Thanks in advance :)
Please refer to below two links
http://msdn.microsoft.com/en-us/library/ms187901.aspx
http://msdn.microsoft.com/en-us/library/ms188283.aspx
Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.
My TechNet Wiki Articles -
How to set user specific Layout for executing IW38/IW39 report.
Dear Experts,
We have 10 users seperatly, For executing IW38/39 transaction they have maintained seperate layouts for executing the reports. While saving layout they have saved the layout as 'user specific' Now some body has chage the settings.
After changing the setting all are getting same layout.
Please suggest how to set user specific layout. When user enter the IW38/39 report by default he should get his layout.
Thanks in advance.Create Variant using SHD0 and with Group and assign to particular user's
Here is the steps
Creating a Variant Group
1. Open transaction SHD0, enter the transaction code, and press enter.
2. Choose the Standard Variants tab page, and then the sub tab page Variant Groups, and enter a group name, such as GROUP_GEN
3. Choose Create. Enter a short text on the Maintain Variant Group window that appears and save the variant group.
Assigning Users
Once you have created the variant group and the relevant transaction variants with screen variants, you now need to assign users to the variant group as follows
1. Return to the Standard Variants tab page, Variant Groups sub tab page.
2. Enter the name of a user that you want to assign to this variant group, and choose Assign. A message that this user was successfully assigned to the variant group appears in the status bar. If you choose a where-used list for users, this user is displayed in the user list.
3. However, for the screen variants of the variant group that you created above to be displayed for the user, you first need to select Set Proposal. The user is assigned to the group and the associated transactions are started with the corresponding variants only once you choose the Set Proposal function.
You can use this procedure of user assignment for all other users that you want to add to the variant group
Hope this helps.
Thanks
S.N -
How do I know what transactions executed by specific user for last month
All
We have a request to find out what transactions are executed by secific user
for last couple of months.
Is there any report in SAP would tell me ?
Please advise.
From
PT.Hello PT,
If you use the search for the term "How do I know what transactions executed by specific user for last month" then I guarantee you some good hits in the result, and further more detailed search terms to use...
Cheers,
Julius
(this time in response to the correct thread...) -
Execute Webdynpro4Abap Application with same ERP-User for all portal-users?
Hi,
is it possible to let a Webdynpro4Abap application run with only one ERP-User for all portal-users? Therefore not needing an ERP-license for every portal-user?
Somekind of mapping maybe?
Regards
JanJan,
It is possible but it all depends on the type of application .If you want to show same data for all users you can use one user but if data is different for all users then you cannot go with this approach.
to configure single backend user for your application go to tcode SICF and look for that application and go to logon data tab by double clicking and give one common user details
Thanks
Bala Duvvuri -
Can grant truncate table permission to a user?
Whether can grant truncate table permission to a user separately.
I know that the role db_ddladmin can do,but the create,alter and drop permissions will be granted the same time(These permissions are not what we want to
grant to user).
Is there any solution?
Best regards!!
If you haven't all the things you want,be grateful for the things you don't have that you didn't want.You can't grant truncate because for whatever reason, that permission doesn't exist. What you can do is use a stored procedure and use EXECUTE AS OWNER to get around it.
create database foo
go
create login foobar with password = 'alkdsfji9eorngv';
go
use foo
go
create user foobar from login foobar;
go
create table test(rowid int identity)
go
insert into test default values;
go
select * from test
go
create procedure dbo.truncate_test
with execute as owner
as
truncate table test
go
grant execute on dbo.truncate_test to foobar
go
execute as login='foobar'
execute dbo.truncate_test
revert
go
select * from test
go
use master
go
drop database foo
drop login foobar
This keeps your database safe and allows you to grant execute on the truncate procedure to allow them to truncate the table.Jonathan Kehayias
http://sqlblog.com/blogs/jonathan_kehayias/
http://www.twitter.com/SQLSarg
http://www.sqlclr.net/
Please click the Mark as Answer button if a post solves your problem! -
A Solution for Enabling Sandbox activation by non admin users for testing (OIM 11gr2 PS2)
I just wanted to post what i came up with as a solution the the problem of not being able to Test the effects of sandbox changes for non admin level users prior to their publication. We are constantly making changes to the UI through sandboxes, the problem is rolling a sandbox back isn't easy, and we cannot be sure of the effects they will have on non administrative users until they are published, since the out of the box sandbox link isn't available to non Sysadmin level users.
To allow these non admin user accounts to test the effects of sandbox changes in our development environment, I did the following (as always, follow at your own risk):
Create and activate a new sandbox.
Close all open tabs (including the Home and Sandbox tabs) and click the "Customize" link.
Click the view -> source drop down in the upper left.
After the source is visible, click the Accessibility or Sandbox link to find the area that you will add the new "UserSandboxTest" (call it whatever you want) link.
Add a new commandImageLink directly in the panelGroupLayout: horizontal item before the "switcher" item (see the UserSandboxLink in my screen shot below):
Edit the Link you just inserted, Entering whatever you want the link to display as in your browser in the "Text" field.
Export the sandbox.
Unzip the exported sandbox and navigate to the IdmShellV2.jspx.xml (path should be: \templates\mdssys\cust\site\site).
Edit the IdmShellV2.jspx.xml file and find the new item you added in step 5.
Add the following to the commandImageLink xml item: actionListener="#{pageFlowScope.uiShell.context.launchSandboxes}" rendered="#{oimcontext.currentUser.roles['SANDBOX_USER'] != null}". Note: I used a new custom enterprise role, SANDBOX_USER, to control the display of the new link, You should substitute whatever EL conditions you need in the rendered property.
Save your IdmShellV2.jspx.xml file and zip the contents back up, just like you would for any other customization.
Import your newly edited sandbox back into the target environment.
Publish the sandbox.
This seems to work great for allowing us to test other sandbox changes effects on different types of users.On step 10, adding the check to determine if the user should have access to the role ended up breaking access to the unauthenticated pages like the self registration page and the forgot userid/user login pages. Non-authenticated users cannot execute the method to return the role, so that fails which leaves the page not loading. To correct this I changed the rendered property to rendered="#{securityContext.authenticated}". This prevents the link from displaying on non authenticated pages, but displays for anyone else who's logged on. We only plan on using this in our development environment where no one but developers and system admins have access anyway, so it's not an issue that everyone will see the link. I wouldn't recommend putting this in an environment where end users will be logging in and testing without developing a method (or finding another way to limit the display) that can be called by unauthenticated users to prevent them from seeing the link.
-
SAPinst Error--Phase 2--Creation of User for SAP System
Hi,
I am installing SOLMAN 7.0 on Red Hat Linux 5 with IBM Java SDK version 1.4.2_10
When I run the SAPinst it gives ERROR in the 2nd phase of Creating users for SAP system.
The SAPinst log file shows as below:-
WARNING[E] 2008-06-07 17:49:28.362
FSL-01002 Unable to create account user="orasmd". useradd: cannot create directory /oracle/SMD (return code 12)
WARNING[E] 2008-06-07 17:49:28.363
MUT-03025 Caught ESyException in Modulecall: ESAPinstException: error text undefined.
ERROR 2008-06-07 17:49:28.427
FCO-00011 The step createAccounts with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_Users_Create_Do|ind|ind|ind|ind|5|0|createAccounts was executed with status ERROR .
Please suggest and help me in resolving this error asap.
Regards,
Abhijeet KHi,
Thnx a lot for the suggestion Markus
I have created the directories required.
The SAP installation has started, but now I am getting the message as below during the ORACLE DB Installation phase,when I run the Oracle ./RUNINSTALLER in Bash Unix:-
[orasmd@SOLMAN SAP]$ ./RUNINSTALLER
oracle_stage is not set (OK)
oracle_base is not set (OK)
oracle_home is not set (OK)
oracle_sid is not set (OK)
oracle_home_name is not set (OK)
oracle_inst_group is not set (OK)
from_location is not set (OK)
tmp_netca_file is not set (OK)
tmp_dbca_file is not set (OK)
Working in /oracle/stage/102_64/database/SAP ...
The environment variable ORACLE_HOME is not set! abort ...
I have set the ORACLE_HOME env variable as below:-
ORACLE_HOME=/oracle/SMD/102_64
export ORACLE_HOME
But I get the same message again as above.
Do we need to set the ORACLE_HOME env variable in the BASH_PROFILE directly??? Coz I heard that if we set it with the Export command then the env is set only for the current instance and not permanently.
If so what is the exact entry I need to make in the BASH_PROFILE???
Rgds,
Abhijeet K -
How to create a password file for executing psadmin command to deploy portl
how to create a password file for executing psadmin command to deploy portlet
What you have done is perfectly right. The password file doesn't have anything else apart from the password
for example in your case
$echo password > /tmp/password.txt
However I remember that in windows install, the Application server used to wait for a user's input when a deploy was to be done for the first time. So Can you read the Release notes or the Readme file which has come with windows.
The solution was,
manually use asadmin command of application server to deploy some war (any webapp will do), at this time, a question will be prompted to accept a certificate. once this is done, deploy portlet should work fine!!!
HTH -
Hi All,
Recently, we've encountered some weird error for some users when trying to assign records to them through both the CRM UI and CRM SDK Call.
The error message saying: "The user for which we are checking a privilege should be in the same org as the context provided".
Here is the trace log for assigning a lead for one of those users (same error for other records):
[2010-08-09 13:58:06.0] Process: w3wp |Organization:d905ae4d-8d9f-df11-a1b0-00237df0351e |Thread: 22 |Category: Exception |User: fb56b107-949f-df11-a1b0-00237df0351e |Level: Error | CrmArgumentException..ctor
at CrmArgumentException..ctor(String message)
at SecurityLibrary.TryCheckPrivilege(Guid user, Guid privilege, ExecutionContext context)
at SecurityLibrary.CheckPrivilege(Guid user, Guid privilege, ExecutionContext context)
at SecurityLibrary.CheckPrivilege(Guid user, EntityMetadata metadata, PrivilegeType type, ExecutionContext context)
at CascadeEngine.AssignDB(BusinessEntityMoniker moniker, SecurityPrincipal assignee, ExecutionContext context)
at RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at LogicalMethodInfo.Invoke(Object target, Object[] values)
at InternalOperationPlugin.Execute(IPluginExecutionContext context)
at PluginStep.Execute(PipelineExecutionContext context)
at Pipeline.Execute(PipelineExecutionContext context)
at MessageProcessor.Execute(PipelineExecutionContext context)
at InternalMessageDispatcher.Execute(PipelineExecutionContext context)
at ExternalMessageDispatcher.Execute(String messageName, Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, PropertyBag fields, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at RequestBase.Process(Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at RequestBase.Process(CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at CrmServiceInternal.Execute(RequestBase request, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
at InProcessCrmService.Execute(Object request)
at PlatformCommand.ExecuteInternal()
at AssignRouteOnCreateUpdateListener.AssignEntity(Entity entity, LookupValue owner)
at CommunicationListener.HandlePostEvent(PlatformCommand command, Response response)
at PlatformCommand.ExecuteInternal()
at UpdateCommand.Execute()
at EntityProxy.Update(Boolean performDuplicateCheck)
at AppForm.HandleFormEventAssign(Boolean gridRefreshCallbackAdded)
at AppForm.RaiseDataEvent(FormEventId eventId)
at EndUserForm.Initialize(Entity entity)
at CustomizableForm.Execute(Entity entity, String formType)
at LeadDetailPage.ConfigureForm()
at AppUIPage.OnPreRender(EventArgs e)
at Control.PreRenderRecursiveInternal()
at Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at Page.ProcessRequest()
at Page.ProcessRequest(HttpContext context)
at sfa_leads_edit_aspx.ProcessRequest(HttpContext context)
at CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at ApplicationStepManager.ResumeSteps(Exception error)
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
>Crm Exception: Message: The user for which we are checking a privilege should be in the same org as the context provided, ErrorCode: -2147220989, InnerException: System.ArgumentException: The user for which we are checking a privilege should be in the same
org as the context provided
I checked the user id and the organization id, and there are both correct (in the database). The user id "fb56b107-949f-df11-a1b0-00237df0351e " is actually the internal CRM System User.
What could the issue be?
Can anyone help, please. ThanksAre you sure, the User which you are assigning is in the same organisaion. It seems that the Orgname which you are specifying is not correct. and the web service is pointing to other user which is not the current ms crm organisaion.
Could you please paste your code here for more details.?
Thanks, Ranjitsingh R | http://mscrm-developer.blogspot.com/ | MS CRM Consultant -
Need to give access to users for report painter query without GR55
Hi,
I need to create a transaction code for a query created using report painter. We do not want to give access to user for GR55.
Please help us in achieveing this one or any other way to execute report without GR55 access.
Regds,
Servesh
Moderator: Please, search before posting - it has been answered several timesHi,
You can create the transaction the same using SE93 transaction code.
Also see the below link for detailed rocess:-
[http://home4sap.com/Blog/2009/08/how-to-create-a-transaction-code-for-report-painter-reports/]
Regards,
Gaurav -
No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
In EP we are trying to access bsp
and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
How to give authorization please help
venkateswararaoFirst Check is the ICF service is active using the SICF transaction.
Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
and SAP_HR_HAP_MANAGER.
Add the above roles to your user , it should work -
Client and user to execute COM_PRODUCT_UPGRADE
Hello:
I am almost finishing the SAP upgrade from 46C to ECC 6.0; Upgrade Assistant is asking for execution of report COM_PRODUCT_UPGRADE using SE38.
¿Which client and user should I use to do this work? ¿Is it possible tio use client 000 and user DDIC? The manual is not clear about this.
Thank you.Hi,
It does not appear important which client/user you execute the report COM_PRODUCT_UPGRADE:
Note 826092:
Executing conversion programs for product master
Page 6
In the upgrade guides for ramp-up, the following follow-up activity is
missing:
As of SAP netWeaver 2004s, several conversion reports needed for the
product master are bundled into a single report, COM_PRODUCT_UPGRADE.
If the upgrade log LONGPOST.LOG (displayed in phase CHK_POSTUP) requests
you to execute the upgrade report COM_PRODUCT_UPGRADE, after the
upgrade, call transaction SE38 and execute the report. A transport
request is created which you need to transport in all subsequent
systems. After the import of the transport request, you must run report
COM_PRODUCT_UPGRADE in the respective subsequent systems.
Regards,
Aidan
Maybe you are looking for
-
Here's my setup. First Generation Apple TV. G4 Powermac running OS X 10.5.8 iTunes 10 with the Library stored on an External 3 Terabyte USB 2 drive. It's plugged into a PCI USB 2 card. Everything worked fine till I transferred my iTunes library to th
-
.flv videos not loading
Hello, Has anyone had this problem and found a fix. For some reason my flash videos are not playing. Nothing loads on the Captivate page in the LMS enviroment. It works just fine before I upload the zipped file, I unzipped into into a test folder and
-
HT4623 How to recover form Ipad recovery mode?
How can I recoverd my Ipad from the recovery mode? It does not restart or restor no functions at all.
-
Please read my other post im im need of help for my pc
-
Differences between security tasks in BPC 7.0 MS and BPC 10.0 NW
Hi all, I am on a migration Project from BPC 7.0 MS to BPC 10.0 NW and I have to migrate task profiles. The problem is that while uploading the task profiles from a .csv, I realized that there are differences between the tasks to assign in source and