User making direct changes to PRD system

Similar Messages

• How to restrict one user making DDL changes in another schema

  can anyone please let me know the way to restrict a user making the DDL changes Through Procedure (This user have the execute privilege on procedure owner by another schema) on another schema.
  Let say we have schema A and B. our requirement is, The User A should grant execute privilege on all the procedure that are created on A to user B, but if at all there is a situation a procedure is created with DDL changes(with execute immediate option) and gave the execute privilege to the user B, Then user B can make DDL changes through this procedure. i wanted to restrict user B making DDL changes any way to user A .
  Appreciate your help.
  Thanks,
  Karthik

  Your requirement doesn't sound terribly sensible.  If you want B to be able to execute the procedure, grant B access to the procedure.  If you don't want B to be able to execute the procedure, don't grant B access.  If you are concerned that someone is going to change the code in the procedure after it is created to transform it from something that you want B to have access to into something that you don't want B to have access to, you should be reviewing changes before they are promoted.
  If you're really determined to do things "uniquely", I suppose you could create a DDL trigger that looks to see who the user is and throws an exception if it is B.  But that seems like a poor second choice to dealing with the problem sensibly from the outset.
  If you aren't reviewing the changes and building code that tries to check whether something bad got slipped in, you're going to be fighting a losing battle.  If you write a DDL trigger that checks the user, for example, and I'm a developer that's intent on creating holes, I could simply add code to a procedure that submits a dbms_job that executes DDL.  That job would run as A so your DDL trigger would let it pass.  Of course, you could then turn around and disable DBMS_JOB in which case I could use DBMS_SCHEDULER instead.  You could disable that as well but then you're disabling the scheduler jobs that Oracle runs by default for things like gathering statistics.  And then the rogue developer simply moves on to the next hole to exploit.
  Justin

• Users unable to change password via system pref's 10.4.10

  I am running 1 OD Master and 3 OD Replica's, all servers running 10.4.10, clients running 10.2.8, 10.39 and 10.4.10. All network users can log in with no problems at all, however if a user needs to change their password in System Preferences in 10.4.10, they are unable to do so. The old password field keeps saying "incorrect password" though the password is indeed correct. I have no problems changing any users password on the 10.2.8 and 10.3.9 machines using System Preferences. Any ideas??

  I'm working through a problem right now where my users were having problems changing their passwords. I'm using network user accounts. I had a password policy configured on the server where users were allowed to change their passwords, and the password had to be changed every 90 days.
  Well, the time came when it was time to change the passwords and users were prompted to do so and did. However, afterwards they started receiving Kerberos password prompts, and it wouldn't take their new password. Restarting didn't help either. If I reset the password on the server, the user could login and things would be fine until they tried to change the password in Sys Prefs : Accounts and the problem would repeat itself.
  So far, the solution seems to be disabling the password policies in the Open Directory service in Server Admin. I'm going back on-site tomorrow to see what I can find out. You might want to give that a shot.

• Monitor Changes in  PRD System

  Hi,
  Is there any transaction Code to monitor the changes (a log file kind of thing) that were made to the objects in the production system on day to day basis ?
  If there is no such transaction code is there any other way to trace the changes any work around ?
  Regards
  Ellora

  Hi,
  Thanks Kapadia for your response.SLG1 is for analysing application log but  my requirement is to monitor the changes occured to the objects say Info objects,Infopackage,Queries,Templates and so on with user name and nature of change.Is there any way to trace these changes ?
  Regards
  Ellora.

• Cannot boot in Windows 8.1 anymore (after making some changes in both systems)

  Problem: I cannot boot in the Windows 8.1 partition created with Bootcamp anymore. When I try to do that, the system displays the grey screen then goes into a command line mode similar with MS-DOS and asks for inserting a disk (it reports no bootable drive).
  Possible causes:
  - I disabled the Bootcamp process in the Notification area in the Windows 8.1 systray
  - I created a new partition in OS X on which I installed an older OS X version I still need to use (Mt Lion)

  BroFlav wrote:
  Can you tell me what exactly I should do in gdisk after merging the OS X partitions with their respective Recovery partitions?
  Thanks, in advance.
  Once you have EFI, Yosemite HD, Lion HD and Bootcamp, use the following steps. Your values will be different then this example. Use defaults except the boot ability flag for the last Bootcamp partitions to be 'y'.
  sudo gdisk /dev/disk0
  GPT fdisk (gdisk) version 0.8.10
  Warning: Devices opened with shared lock will not have their
  partition table automatically reloaded!
  Partition table scan:
    MBR: hybrid
    BSD: not present
    APM: not present
    GPT: present
  Found valid GPT with hybrid MBR; using GPT.
  Command (? for help): p
  Disk /dev/disk0: 490234752 sectors, 233.8 GiB
  Logical sector size: 512 bytes
  Disk identifier (GUID): 59BDFEEB-1EB4-4529-94FE-3CBC2C3CD513
  Partition table holds up to 128 entries
  First usable sector is 34, last usable sector is 490234718
  Partitions will be aligned on 8-sector boundaries
  Total free space is 2604 sectors (1.3 MiB)
  Number  Start (sector)    End (sector)  Size       Code  Name
     1              40          409639   200.0 MiB   EF00  EF
     2          409640       401060383   191.0 GiB   AF05  Macintosh HD
     3       401060384       402329919   619.9 MiB   AB00  Re
     4       402331648       490233848   41.9 GiB    0700  Microsoft basic data
  Command (? for help): r
  Recovery/transformation command (? for help): h
  WARNING! Hybrid MBRs are flaky and dangerous! If you decide not to use one,
  just hit the Enter key at the below prompt and your MBR partition table will
  be untouched.
  Type from one to three GPT partition numbers, separated by spaces, to be
  added to the hybrid MBR, in sequence: 2 3 4
  Place EFI GPT (0xEE) partition first in MBR (good for GRUB)? (Y/N): y
  Creating entry for GPT partition #2 (MBR partition #2)
  Enter an MBR hex code (default AF): AF
  Set the bootable flag? (Y/N): n
  Creating entry for GPT partition #3 (MBR partition #3)
  Enter an MBR hex code (default AB): AB
  Set the bootable flag? (Y/N): n
  Creating entry for GPT partition #4 (MBR partition #4)
  Enter an MBR hex code (default 07): 07
  Set the bootable flag? (Y/N): y
  Recovery/transformation command (? for help): w
  Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
  PARTITIONS!!
  Do you want to proceed? (Y/N): y
  OK; writing new GUID partition table (GPT) to /dev/disk0.
  Warning: Devices opened with shared lock will not have their
  partition table automatically reloaded!
  Warning: The kernel may continue to use old or deleted partitions.
  You should reboot or remove the drive.
  The operation has completed successfully.
  Now Reboot and verify the output of fdisk again.

• Change program on prd system

  I want do NOT allow a sap user to  change / create ABAP programs on PRD system, without taking his sscr key. How do I do?

  Thanks for your help.
  I looked in scc4 and found the following  configuration:
  Change and transports for client-specific objects:
                          "automatic recording of changes"
  Cross-client changes:
                         "No changes to cross-client Customizing objects"
  Protection: client copier and comparation tool:
                         "protection level 0"
  catt and ecatt restrictions:
                        "ecatt and catt not allowed"
  I want to do the following configuration:
  Change and transports for client-specific objects:
                        no changes allowed
  Cross-client changes:
                       no changes to repositoru and cross-lient customizing obj
  Protection: client copier and comparation tool:
                      protection level1 : No overwriting
  catt and ecatt restrictions:
                     eCATT and CATT not allowed
  Do you think that would solve the problem that if I do this configuration ?
  You think other problems occur if this configuration would make?
  Thanks for help

• How to Change Default User Directory without changing System Directory

  Hi Everyone,
  I need to change default User Directory for my JDeveloper 11.1.1.0.2.
  Default User Directory = C:/JDeveloper/mywork
  Default System Directory = *<JDEV_HOME>/System*
  Now I Need to Change it to
  My Default User Directory = C:/Monty/JDev11g2/
  But System's Default Dir = *<JDEV_HOME>/System*(Same)
  For this i explicitly Set variable ide.user.dir to C:/Monty/JDev11g2/ in JDev.boot file as explained in Installation document.
  Working fine but it contains System Folder too. I don't want this.
  Any Help to find me separate these both as it works for Single User.
  Thanks,
  Fizzz...

  Hi John, You must be right if i'd believe in ghost, A Ghost of System's Folder :-). Well that's true, We should ignore it. But still If someone finds any Clue then let me know.
  Thanks
  Fizzz...

• How to find the when the password is changed for a system User

  Hi to all,
  We have a test database where our application connects to system user. The application runs more than a month without any issues, But suddenly my system and sys password gets changed. I wonder how this would happen. I have checked with DBA_USERS to check whether the account gets locked, But the account is in the Open state.
  I need to find out when the password gets changed for these users and who changed it? Is there any possible to trace it or we need to enable the auditing to find it in future.
  Kindly let me know the possible ways.
  Regards,
  Vijayaraghavan K

  Vijayaraghavan Krishnan wrote:
  Hi to all,
  We have a test database where our application connects to system user. The application runs more than a month without any issues, But suddenly my system and sys password gets changed. I wonder how this would happen. I have checked with DBA_USERS to check whether the account gets locked, But the account is in the Open state.
  I need to find out when the password gets changed for these users and who changed it? Is there any possible to trace it or we need to enable the auditing to find it in future.
  Kindly let me know the possible ways.
  Regards,
  Vijayaraghavan KThe only way to implement an Oracle Audit

• How to restrict the user from making any changes in Sales order- item level

  Hi to all
  How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
  Regards
  Anish Parikh
  Edited by: anish parikh on Jan 24, 2008 5:16 AM

  Hi Anish,
  This can be achieved through the roles and authorization.
  This can be done through the basis team. they can create user profiles and roles.
  For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
  Like that ur requirement can be done.
  Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
  Hope i answers.
  Reward points if useful.
  Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM

• Making parmanent changes to a internal table inside a user exit

  Hi All,
  I am having a User exit to which I am passing a structure as importing parameter.
  The user exit is not exporting the same structure, but is exporting some other values.
  My problem is that I want to make parmanent changes in the structure I am passing to the user exit.
  Currently what is happening:
  I am passing the structure to the user exit. It has got 6 rows. Inside the user exit I am making some changes to a particular field of all the rows. Till the program control is inside the user exit the changes in the structure are visible. As soon as the control come out of the user exit, the values for the field are switched to teh old values(values before passing to teh user exit).
  My question is, is there any method to make changes to a internal table inside a user exit and these changes are visible outside it when the program control come out of the user exit. (This is when the internal table to which the change is made in not exported by the user exit)

  Hi Dear,
  Your changes done in import parameters will not reflect outside exit. You can only change the values of export parameters...
  If you have very urgent requirement then make changes in SAP''s Standard code.
  For your problem you can write to SAP. In many cases SAP provides the solution.
  Award Points If Useful.

• Track the changes to the batch jobs in the PRD system.

  Hello Basis Guru's,
  Need your help in a Query. --> Is there any best practice that can be implemented to trace all the changes done to batch jobs in the past 3 months and going forward. Be it in its scheduling or its variant changes etc, i would like to track the changes to the batch jobs in the PRD system.
  Any pointers would be really helpful.
  Thanks in advance.
  Rgds,
  Sri

  Hello Raghu,
  Third party tools can only help you but not SAP. . A lot of us may think that for example if a Job 'X' runs daily then SAP considers this job as a single object.However actually SAP will treat each run of a job seperately infact as seperate jobs. If you would have noticed each job in SAP has a job id which is unique. So actually each run is unique. Now change logs can exist for only those objects that get changed. But change logs can not exist for objects that are newly created everytime !!
  If you would have noticed you can two jobs with the name A but running two different reports/variants whatver. This is because job name is not that important it is the job id.
  Every time a job runs a new entry gets stored in TBTCO,TBTCP etc.. tables. It is not that the existing entires are updated.However yes when a job is scheduled periodically there is some kind of a link that is created in the job series but it does not showo up in any of the tables!!
  As far as 3rd party tool is concerned I can name a tool like UC4. UC4 has its own database in which the job name will always be unique. For that you can easily find change logs. I think Chronicle (Redwood Scheduler) also supports this.
  Regards.
  Ruchit.

• Change master data of business consolidation directly in the quality system

  Dear All,
  I need to change master data of business consolidation directly in the quality system.
  Anyone an idea?
  Kind regards,
  Marilia

  Welcome to SDN.
  There are SAP Notes 933024, 804057 and 592239 that provide a means of opening UCWB only for master data objects.
  Another possible work around is to make the updates in BW and use the synchronization programs UGMDSYNC and UGMDSY20. However for FS Items and Cons Groups all of the master data elements such as breakdown category and period of first consolidation are not available for entry in BW so for these characteristics the maintenance must still be completed in UCWB.
  Edited by: Dan Sullivan on Jan 4, 2011 10:59 PM

• ME53N Prevent user from making a change

  How do you prevent a user from making a change to a purchase requistion via transaction ME53N?  We want the user to make a change to the purchase requisition using transaction ME52N not transaction ME53N.  When the user is in transaction ME53N and clicks on the pencil to change the purchase requisition we want to prevent the user from making any changes by sending a message or force the screen to go to display mode.  Thank you in advance.

  Sharon,
  I don't believe that your exact requirement can be met with standard SAP.
  However, this is a very odd requirement.  It sounds like you are saying that it is OK for a user to make a PR change in ME52N,  but for the same user it is not OK to make a PR change in ME53N.
  In most companies, if it is not OK for a user to make a PR change in ME53N, it is therefore also not OK for this user to make a PR change in ANY transaction, including ME52N.
  It is a straightforward matter to allow a user access to ME53N and ME52N, but to block his ability to change any PR at any time.  If this  is your requirement, then consult with your authorization team about the authorization objects that are checked in the ME5* series of transactions.  As I recall, it is possible to tailor authorizations (create/change/display etc) by plant, by Purchasing group, by purchasing org,by  document type, etc.
  Rgds,
  DB49

• Same SID for QA & Prd systems - pros and cons?

  We have the foll systems:
  1. Enterprise Portal 7.0
  2. NWDI 7.0
  3. NW 7.0 (with XECO - Ecommerce)
  4. TREX 7.1
  5. Content Server 6.40
  6. ECC 6.0
  Currently the QA and Prd systems have the same SID and system/instance no, although they are on different hosts.
  We would like to know what are the long term pros and cons for keeping the QA and Prd SIDs the same for all systems.
  We are already making a list, so thought we might as well get more inputs from the community too.
  We already have this arrangement for the past 3 months and have not faced any major issues.
  A couple of cons though:
  1. Cannot use solman as it cannot distinguish between the diff servers with same SID
  2. ABAP transports from QA to Prd have to be manually done (cannot use STMS)
  Thanks
  Prasad

  Hi Manoj,
  Changing the SID of java systems is a very tedious procedure. Hom sys copy is just a part of the SID change...there are a whole lot of configs to be done after that...the task is eq to a new setup of systems
  For once, the efforts put in are huge..you can see there are 5 systems..besides, it will involve coordination from all teams - basis, development, functional, project management.
  Here are a few advantages that we know of:
  1. No efforts reqd to change back to original SID
  2. During disaster recovery, we just have to restore the production database on QA and change the hostname, whereas its not so in case of having diff SIDs
  3. For end-users this will be transparent because they will be using the hostname in the URL which is anyways different
  We have the same SIDs for the past 3 months and have not seen major issues, but we also would like to know from the long term perspective if there are any risks that we have not foreseen...hence we seek help from the community.
  Hope its clear now
  Thanks for your response
  Prasad

• Index value maintenance directly in a Production system

  Hi,
  Is it possible to control the access to T-code: REAJINDX ( Index value maintenance) by Authorization Management (Profile Generator/Role management) in a closed system (Production) for configuration?
  Authorization Object: S_TABU_NAM
  Activity: 02
  Table: V_REAJINDXCLASS
  The requirement is the Index value maintenance directly in a Production system (closed system for the configuration) through the Authorizacion Management.
  Thanks and best regards,
  Fernando

  Hi Franz,
  First, thanks for your quick response. I haven´t got to solve the problem with these notes. I would like to explain in further detail the issue and the current system configuration.
  The configuration for the Client (T000) is the following:
  Client Role: T (Test) or P (Production)
  Changes and Transport for Client-Specific objects: No Changes Allowed
  Cross-Client Objects changes: 3-No Changes to Repository and Cross-Client Customizing objects
  The configuration for the object VC_REAJINDX (SOBJ) is the following:
  Category: CUST
  Transport: 2-Automatic Transport
  Adjustment: Automatically adjustable
  Current Settings: Marked
  With this configuration at client level and for this object, it is not possible to maintain the Index values in the target client. Then my question (doubt) is if it´s possible to maintain the index values in despite of this configuration by Authorization management (User roles/Profile Generator) for this object (Example: Give authorization to modify this object (in order to maintain the values) to a Key User with a specific role, SU01). Or if it´s not possible, then It´s necessary to change the configuration for the object (VC_REAJINDX) for the fields, Category, or/and Transport,... For this option, it´s necessary to modify the SAP standard using a Developer key and I´m not sure if it is a recommended solution.
  But my client wants to maintain the index values directly from PRD system and not from a DEV system and after transport the updates to PRD.
  On the other hand, the error message that the system shows it isn´t the message number TK430, It is the message nº SV052, No maintenance authorization for requested data (Diagnosis: You have attempted, in change mode, to access data for which you have no authorization.). This is the reason I think, maybe, it is possible to control it through the Authorization management.
  Thanks in advance and best regards,
  Fernando