Tables of user and profile

I need the information on the tables user and profiles, for the information of the SOX of the company, as they are the names?

Hi Mauricio Ariza ,
  Check these tables, these will be helpful
Table Name                     Short text
USH02                          Change history for logon data
USH04                          Change history for authorizations
USH10                          Change history for authorization profiles
USH12                          Change history for authorization values
Regards,
S.Manu

Similar Messages

  • Table  for User Status Profile

    hi
    Please tell anybody what is the table for User Status Profile in Sales Orders? where it will stores?
    Regards
    Rajendra

    Hi,
    Use table JEST
    Here you will have to enter the object number as an input field
    Get object number from table VBAK or VBAP based on whether the status profile is attached at sales order header or at sales order item.
    Status which is active will start with letter E and the status inactive flag will be blank.
    Regards
    Ravi

  • Single firefox profile across all users and profiles on networks

    I'm in the process of setting up Firefox as the standard browser for an entire building, and part of this is ensuring that everyone's firefox profiles are saved to personal network drives as opposed to the local machines. I can use the profile manager to do this on a user-to-user basis, but what if I want all the users of any machine to use the same firefox profile that points to a specific network drive? (This will ensure users always have their browser settings and such regardless of where they access them, allow us to switch machines out without losing anyone's browser settings, etc. The contents of this drive are specific to the user account, but always have the same path.)
    As far as I can tell, profiles created in the profile manager are specific to each (domain) user, which would mean an awful lot of manual profile creation. Is there some way to ensure Firefox always uses a specific Firefox profile or path? Is there some way to have firefox check which profiles exist (in a .bat file, for example), so I can create the proper one if needed? Can I use a command line to set which profile to use by default, or can that only be done from the profile manager GUI?
    Finally, and this one may warrant a separate query, but I've found that when using profiles that point to a network drive, trying to open firefox on multiple computers will fail (another instance of firefox is open, close it or restart). Can I tell Firefox to force the old instance closed, or will I have to firefox.exe -no-remote -p "differentProfile" every time?
    We're on Windows 7, by the way, for references' sake.

    We just deploy images, so everyone should have firefox already, but we're pretty good about keeping all data on mapped network drives instead of letting windows save things locally, so I'm trying to find the best way to integrate Firefox in that system as well.
    Every user has a network domain account, which can be accessed from anywhere in the building. While mostly people use their own computers, due to the nature of the place, that is often not the case, and several people will need to sign on to the same machine on a given day.
    If there are command-line ways of checking for firefox profiles, I can have them run in our logon script to ensure everyone always has access to their personal profiles, but I'm not sure the best way to go about that, yet. I suppose that's the main part of my second question--what is the cleanest way to check for and create/map/assign firefox profiles automatically?

  • "USER" and "FILE" tables

    Our database in Access 2000 has tables named "user" and "file". The Migration Work Bench is converting those to "USER_" and "FILE_". I'm guessing the words are reserved words in Oracle. Is there any way I can adjust the migration script to create the tables using those words without the trailing underscore?
    We had a similar problem in the Access database with a table named "text", which is a reserved word in Access. (What can I say? We use the word that's most appropriate, DBMS be damned!) We were able to access it in Java code by wrapping it in square brackets. Does Oracle have a similar trick?

    Our database in Access 2000 has tables named "user" and "file". The Migration Work Bench is converting those to "USER_" and "FILE_". I'm guessing the words are reserved words in Oracle. Is there any way I can adjust the migration script to create the tables using those words without the trailing underscore?
    We had a similar problem in the Access database with a table named "text", which is a reserved word in Access. (What can I say? We use the word that's most appropriate, DBMS be damned!) We were able to access it in Java code by wrapping it in square brackets. Does Oracle have a similar trick?

  • Users And Security Best Practice

    Dear Experts
    I am designing an application with almost fifty users scattered in different places. Each users should access tables according to his/her criteria. For example salessam, salesjug can see only the sales related tables. purchasedon should access only purchase related tables. i have the following problems
    Is it a best practice to create 50 users in the DB i.e. 50 Schemas are going to be created? Where are these users normally created?
    or is it better for me to maintain a table of users and their passwords in my design itself and i regulate through the front end. seems that this would be risky and a cumbersome process.
    Please advice
    thanks
    Manish Sawjiani

    You would normally create a single schema to own the
    objects and 50 users to use them. You would use roles
    and object privileges to control access.Well, this is the classic 'Oracle' approach to do this. I might say it depends a bit on what you want to achieve. Let's call this approach A.
    The other option was to have your own user/pwd table. You can create your own custom authentication but I would go for the built-in Application Express Users - authentication scheme. You can manage the users via the frontend (Application builder > manage Application Express Users) . There you can manage the groups and end users which you can leverage in your Apex app. You can even use the APIs to create the users programmatically. It is all done for you. Let's call this approach B.
    Some things to consider:
    1) You want to create a web application and also other applications that access the data stored in Oracle (another PHP / Oracle Forms / Perl ) or allow access via SQL/Plus. Then you should use approach A. This way you don't need to reimplement security for these different approaches.
    2) You want to create one (or multiple) Apex applications only. This will be the only mechanism the users will access your data. Then I would go for approach B.
    3) When using approach A some users didn't like that all users will have access to their workspace, including the sql command line and having the capability of building applications and possibly being able to change the data they have access to through the Oracle roles. Locking down this capability is possible but it takes some effort and requires an Apache as a proxy.
    4) When using approach A you will need DBA privileges to manage the users and assign the roles. This might not always be possible nor desired. Depends on who will manage the Oracle XE instance.
    5) Moving the application including the end users to another machine is a bit easier using approach B since they are exported via the application export mechanism. Using approach A you would have to do it yourself. Be aware that the passwords are lost when you install the users into a different Oracle XE instance.
    6) If you design the application using approach B you will have to design security in a way that doesn't rely on the Oracle roles / grants security mechanisms. This makes it easier to change the authentication scheme later. For example, later you want to use a LDAP directory, a different custom authentication scheme or even SSO (SSO is not available out of the box but feasible). This is directly possible.
    Using approach A you would have to recode the security mechanisms (which user is allowed to update/delete which data).
    Hope that clarifies your options a bit.
    ~Dietmar.
    Message was edited by:
    Dietmar Aust
    Corrected a typo in (5): Approach B instead of approach A , sorry.
    Message was edited by:
    Dietmar Aust

  • VIRSA tables for users, roles and profiles sync?

    Hello,
    I am in a customer, implementing CC 5.2. At the first time, we tried CC 5.2 in DEV environment, and when everything was OK, we redirect RFC connectors to QA environment.
    After doing user, roles and profiles sync in DEV and in QA environment too, I have 4.500 user (1.100 from DEV + 3.400 from QA) when I recover all users "*" with "user level - risk analysis" from the "Informer" tab.
    It seems that "users, roles, profiles, sync" works like and "APPEND", but I did a COMPLETE syncronization not an INCREMENTAL.
    If I start an analysis for QA environment, CC works properly and only analyse QA users (3.400). But I would like to clean CC tables (users, roles and profiles) in order to have a clean copy of QA in CC.
    Which VIRSA tables (users, roles and profiles) I need to clean?
    It is necessary to do the same with authorization and text objects? Which would be these tables?
    Thanks in advance,
    Victor

    Hi all,
    SAP GRC Support provides a script which allows you to remove a connector since it does delete all data link to it. Anyway, I would recommend a deep analysis of it and find out if it does what you really want to do.
    Víctor, if what you want to do it is just to remove all user, role and profile master data (stored in tables VIRSA_CC_SYSUSR and VIRSA_CC_GENOBJ) you could upload a text file using data extractor functionality with the delete field set to X. Doing so user, role and profile master data will be removed from CC database.
    In order to use data extraction functionlaity you connector must be of type "File Local".
    Be careful about removing data directly from DB since, as Prem states, you might loose the DB consistency.
    Hope it helps. Best regards,
       Imanol

  • Trying to understand "User/Role/Profile Synchronization" and Batch Analysis

    Hello,
    Im trying to understand what exactly and from which tables these jobs are copying to which tables in CC. I have a understanding that these jobs are moving also deleted roles from backend. This is causing unnecessary delay to long lasting job. 
    I would appreasite if some one could explain the logic behind these jobs. What the fullsync and incremental is reading ? What kind of changes are causing a role/user/profile  to be included to the full and incremental jobs?
    How the incremental analysis logic is built ?
    br Janne

    Janne,
    In my current implementation we are going for an offline risk analysis due to the heteregoneus system landscape of our client (several SAP and non SAP systems and several SAP systems under 4.6C). Eventhough within our approach we don't perfrom the backend synchronization (we use CC data extractor to pull data from backend into CC) hope the following info could hel you:
    The tables such jobs you mention access to, are all the SAP backend system tables related with users, roles, profiles, action and permissions. If you check the data mapping appendix of the "user and configuration guide for 5.2" you will see all the data that CC retrieves. For instance, in order to extract user info (UserID, FName, LName, Email, Phone, Email, Department) tables USR21, USR02, ADRP, ADR6 and ADCP must be accessed.
    In terms of CC tables:
    VIRSA_CC_SYSUSR >> UserIDs and Systems ID relationship
    VIRSA_CC_GENOBJ >> User, Role and Profile master data
    VIRSA_CC_GENACT >> User-action, role-action and profile-action data
    VIRSA_CC_GENPRM >> User-permission, role-permission and profile-permission
    VIRSA_CC_SAPOBJ >> Action-permission
    VIRSA_CC_OBJTEXT >> Objects descripcions (ACT, PRM, FLD, VAL, ORG)
    Hope this helps.
    Regards,
       Imanol

  • BAPI to get all user lists for input object,authorizations, and profiles

    Hi Experts,
    BAPI to get all user lists for input specific object, authorizations, profiles and values?
    Any useful answer will be rewarded with suitable points.
    Thanks,
    Rohan

    Hi
    use the fun module/Bapi's
    BAPI_USER_GET_DETAIL
    BAPI_USER_LOCPROFILES_ASSIGN
    BAPI_USER_LOCPROFILES_DELETE
    BAPI_USER_LOCPROFILES_READ
    BAPI_USER_PROFILES_ASSIGN
    BAPI_USER_PROFILES_DELETE
    SUSR_BAPI_USER_PROFILES_ASSIGN
    SUSR_BAPI_USER_PROFILES_DELETE
    also you can use the tables UST12 for user based authorizations
    AGR_USERS   -roles assignment for users
    AGR_PROF  - Profile data for roles
    AGR_DEFINE - Auth Profiles for users
    See the AGR_* and US* tables further
    Reward points if useful
    Regards
    Anji
    Message was edited by:
            Anji Reddy Vangala

  • Same select (user, name, profile, role, table_name, privilege table)

    hello Everyone
    1.- i don't know how to merge the two qys to see in the same select (user, name, profile, role, table_name, privilege table)
    Im using the tables usuarios and view dba_users : See next qry
    SELECT Nvl(US.IDUSUARIO,DU.USERNAME) USUARIO,
    US.DESCRIPCION NAME,
    ACCOUNT_STATUS STATUS,
    DU.PROFILE,
    CREATED FECHA_CREACION
    FROM USUARIOS US,
    SYS.DBA_USERS DU
    WHERE DU.USERNAME = US.IDUSUARIO(+)
    UNION
    SELECT Nvl(US.IDUSUARIO,DU.USERNAME) USUARIO,
    US.DESCRIPCION NAME,
    ACCOUNT_STATUS STATUS,
    DU.PROFILE,
    CREATED FECHA_CREACION
    FROM USUARIOS US,
    SYS.DBA_USERS DU
    WHERE DU.USERNAME = UPPER(US.IDUSUARIO)
    ORDER BY NAME;
    this extract me, USER, REAL NAME, STATUS, PROFILE, CREATION_DATE
    JP01 Johan Pena OPEN DEFAULT 05-07-2010
    on the other hand:
    select * from role_tab_privs
    this extract me, ROLE, TABLE_NAME and PRIVILEGE
    DBA TABLE1 SELECT
    DBA TABLE1 INSERT
    DBA TABLE2 DELETE
    1.- i don't know how to merge the two qys to see in the same select (user, name, profile, role, table_name, privilege table)
    2.-i want something like this.
    USER, REAL NAME, STATUS, PROFILE, CREATION_DATE ROLE, TABLE_NAME PRIVILEGE
    JP01 Johan Pena OPEN DEFAULT 05-07-2010 DBA TABLE1 SELECT
    JP01 Johan Pena OPEN DEFAULT 05-07-2010 DBA TABLE1 DELETE
    Ect Ect. Ect.
    who can HELP ME.

    I have part understood your requirement and assumed the rest! Hence, I have used dba_role_privs in addition to the list of tables you used.
    Also, I think your LEFT OUTER JOIN on sys.dba_users is incorrect. I think you are trying to get all users from USUARIOS table for which roles / privileges exist in the database. If that is what you want the following query should help out. If not change the LEFT keyword in the MAIN query (NOT the one in WITH clause) to RIGHT but the results might be unpredictable.
    Note: Using ANSI standard keywords for JOIN allows you to use functions in the JOIN clause (such as UPPER(column name), which the Oracle propreitary notation does not allow and hence made you opt for the UNION option).
    WITH OS AS
            SELECT
                 DU.USERNAME
                ,DU.ACCOUNT_STATUS
                ,DU.PROFILE
                ,DU.CREATED
                ,DRP.GRANTED_ROLE
                ,RTP.TABLE_NAME
                ,RTP.PRIVILEGE
            FROM
                sys.dba_role_privs drp
            LEFT OUTER JOIN
                role_tab_privs     rtp
            ON
                ( drp.granted_role    = rtp.role    )
            LEFT OUTER JOIN
                sys.dba_users      du
            ON   
                ( du.username         = drp.grantee )
    SELECT
         NVL (US.IDUSUARIO, OS.USERNAME)    USUARIO
        ,US.DESCRIPCION                     NAME
        ,OS.ACCOUNT_STATUS                  STATUS
        ,OS.PROFILE                         PROFILE
        ,OS.CREATED                         FECHA_CREACION
        ,OS.GRANTED_ROLE                    ROLE
        ,OS.TABLE_NAME                      TABLE_NAME
        ,OS.PRIVILEGE                       PRIVILEGE
    FROM
        USUARIOS US
    LEFT OUTER JOIN
        OS -- temporary result set created using WITH clause above
    ON
        UPPER (US.USERNAME) = OS.USERNAME
    ORDER BY 2 ;Edited by: VishnuR on Jul 5, 2010 8:44 PM
    Edited by: VishnuR on Jul 5, 2010 8:47 PM

  • BW Roles and profiles Tables

    I would like to download a list of all users and what roles and profiles each has.  I did it once before but now I can't remember the table names.  Can anyone help?

    Hi,
    Roles:
    SAP_BW_DEVELOPER
    Profile:
    SAP_ALL
    S_BW_D____
    S_BW_D____1
    Authorizations are
    S_Rs_Admwb_a
    S_rs_adw_a
    S_rs_exp_a
    S_rs_wb_all
    Links for user roles:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714b6439b11d1896f0000e8322d00/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/42/271d24d86211d2961a0000e82de14a/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/e4/15e48efd6c11d296430000e82de14a/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/d3/559a4271c80a31e10000000a1550b0/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/52b74065448431e10000000a1550b0/frameset.htm
    For profiles and authorisations:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/52/67151e439b11d1896f0000e8322d00/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/20/efcbfed8a511d397110000e82de14a/frameset.htm
    Also chk this link..
    http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
    screenshots..
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
    Hope this helps,
    regards
    CSM reddy

  • Different user status profile for network header and activities

    Hi everyone!
    Is there any way to define different user status profile at network header level and at network activity level? As far as I know, it is only possible to enter a user profile at network type level, and both netwok headers and activities use the same statuses. Does it work this way?
    Thanks!
    Regards.
    Edited by: Thalos on Jul 2, 2011 12:27 AM

    Hi Punith, Hi abdul!
    Thanks for the reply!
    I've gone through the OPSC, but the thing is that here you define a user status profile at network plant level. But I need to define it at network activity level.
    The reason why I need this is because we have types of activities. We use network activities for client activities, for internal activities, to identify and follow-up risk management, etc. Each group of activities -since they have different usages- has different user status associated. But as I don't have any way to assign different user status profiles, all the activities have the same statuses, although  they will only use some of them.
    Thanks!
    Regards,
    Thalos.

  • IBots - Delivers: Selected Users and E-Mails based on SA_SYSTEM table

    Hi
    I have the following request and I am having issues with the setup.
    1) A report request that has a columned named Assigned to:
    2) Setup Scheduler
    3) Need to create an ibot to generate the report from step 1 and email it to selected people
    4) Setup SA_SYSTEM table with user information.
    a) This does work with reference to updating delivers information when I look at My Account
    5) Now I am attempt to do the following:
    1) The report listed above will generate a report that has many records that belong to different Assigned To people
    2) I would like to have the iBot generate the report(s) based on the Assigned To and that report only have that persons records in that specific report
    3) The iBot would have to generate several reports based on the Assigned to
    4) Automatically email the report to the correct person based on the email address setup in the SA_SYSTEM table that I created
    --- This system table is also been added to the Presentation Layer of the RPD file
    5) The users WILL not be subscribing to the ibot
    6) The user may never log into OBIEE ... Just receive reports from the iBot
    Questions:
    1) Has anyone ever done this?
    2) Can I do this
    3) Can someone help me out
    Other things I have done.
    1) I have created a simple iBot to create the report... But is has all records
    2) I can email the report to "Me"
    3) I does run on a regular scheduled basis
    Thank for any help
    Steve

    Rudimentary automated PDF generation using Delivers Hi Steve,
    When the iBot runs in personalisation mode it is in essence logging each user into the system. The user that runs the report e.g. Administrator will impersonate the users one by one and run the queries per user. If you are not able to populate the Authentication block you will need to do something a little more "out there" to achieve your goals.
    I have submitted a post a couple of days ago explaining a rudimentary method to generate customised pdf's based on session variables when running as a single user. You could modify this approach to achieve your desired result.
    Rudimentary automated PDF generation using Delivers
    Regards
    Chris
    Edited by: ChrisMarais on 23-May-2011 20:46

  • How to create User and Database in different Table spaces

    How to create User and Database in different Table spaces using oracle 10g
    Regards
    daya

    I am sorry but your question does not seem to make much sense.
    Can you please rephrase your question?

  • Table contain user name and tcode

    Dear Experts,
    Can you tell me which Table contained user name and tcode field?
    Thanks and Best regards,
    wilson

    You need to be even more carefull with parameter transactions.
    If SU24 is not maintained for them, PFCG will pull the proposals from the core transaction (via which the parameters are used in the skip screen feature...). If the core transaction has authority proposals for S_TCODE, then you will get those tcodes and their proposals as well.
    A carefull choice of menu objects (not only limited to Tcodes), taking heed of SU24 defaults and tuning it to meet your needs is the key. But it requires organizational discipline and good training, otherwise rather dont use it for anything other than important objects which you want to control manually only, even if your business roles are a mess.
    You can also restrict the authorizations of the security admins for example (as unpopular as that may sound... to segregate authorization concept development (SU24 etc), role building development (PFCG etc) and user administration (SU01 etc). Object S_USER_TCD also has a field called TCD...
    There are also other objects (as Dipanjan has pointed out) which have TCD as a field of an object which is not S_TCODE. In addition to I_TCODE, Q_TCODE, P_TCODE, see also S_IDOCMONI for example.
    To be honest I have given up on trying to find them all
    The easiest solution is to use the menu and maintain SU24 when the transaction is configured or the application is developed and tested. That is what SAP does as well in SU22. It is more work upfront, but more sustainable in the long run.
    If your users (and auditors) only see the menu (and use the SUIM --> Executable transactions) options, then you can get away with it in the short or even medium term. Latest when someone else need to maintain the roles they will hate it...
    My 2 cents,
    Julius

  • ADMT migrate users and preserve profile

    I'm testing an Interforest migration using ADMT 3.2 on Windows 2008 servers. I have a one-way trust established. I'm able to successfully move user accounts and computer accounts. I'm running into problems with preserving the users profile. I'm doing the
    following steps
    1. Migrate User Account to new target domain
    2. Migrate Computer Account to new domain
    3. Run Security Translation Wizard with the User profiles & groups selected
    When I login with my migrated user account to the new domain, it creates a new profile, instead of using the profile from the source domain. What am I missing?

    Hello Matthew
    I would like to point out a few things from my recent/ongoing experience with ADMT:
    When ADMT performs the SECURITY TRANSLATION on files/folders/registry etc., it looks for accounts in its LOCAL DATABASE(SQL Express) and not in AD directly.
    This means if an account is migrated using ADMT on SERVER1, that will only be present in the database of SERVER1.
    If we migrate the computer account using SERVER2, then in the AGENT DETAIL it says:
    Files - 100
    Changed - 0
    Unchanged - 100
    i.e. NO SECURITY TRANSLATION AT ALL and therefore A NEW PROFILE CREATED
    BEST PRACTICE - use only 1 ADMT server in the environment
    On Santhosh's portal there is a comment:
    vadimp
    says:
    May 30, 2010 at 5:02 AM Reply
    Not always change profileimagepath value is enough: if new profile is a result of ADMT mistake, then you must also add new SID ACL to old user profile folders and to
    NTUSER.Dat Hive in regedit. I obscure this ADMT v3.0 mistake when many users have profiles on the same PC
    http://portal.sivarajan.com/2010/04/workstation-profile-migration.html
    I can't find out NTUSER.DAT HIVE in REGISTRY
    I would like to know what makes the user retain the profile?
    How can I ensure that the users retain their profile when they logon to the TARGET domain for the 1st time.
    Changing the Registry is a REACTIVE STEP, user raises an incident - and we address it.
    But how can we prevent it?
    I wish someone could tell me a way, even if it is manual, but atleast ensures that no NEW PROFILES are created.

Maybe you are looking for