User role and Authority-check ?

Hello,
Could you please let me know how are the differences between User role and Authority-check. In a program I do not use Authority-check , And The user is not assigned to user role which contain this transaction ( for this program), Can the user execute this transaction OR he must be assigned to user role which contain this transaction to execute it . Supposing that we do not use any Authority-check in then program.
Thanks in advance

Hello Martin,
I think this answers the OP's question about user not being assigned the role which contains the trxn code. As you have explained in this case the default auth. check for S_TCODE will fail & user cannot execute the trxv. (If i remember correctly the tables for this are AGR_USERS & AGR_TCODES)
Anyways just to add to the OP's query. Auth. objects are added to profiles which in turn assigned to roles. So if you implement the auth. object in your program the user must also subscribe to the role containing the auth. obj. profile to be able to execute it.
@OP:
The transactions PFCG & SUIM might interest you. Also the tables dealing with these stuffs begin with AGR*. You can check the tables for better understanding.
BR,
Suhas

Similar Messages

  • With regard to lock object and authority check

    hi all
    i would like to know about lock object and authority check specifically in reports. there is a coding in sap library with regard to authority check, but there is no coding to restrict user (i mean there is no user names that the object is restricting for a particular user or any user has got permission to change or display object). 
    further, the code mentions that you need an authorization in your user master record for the object, could any of u explain where is user master record.
    below is the code for authority check.
    *&      Module  USER_COMMAND_0100  INPUT
    MODULE USER_COMMAND_0100 INPUT.
      CASE OK_CODE.
        WHEN 'SHOW'.
       AUTHORITY-CHECK OBJECT 'S_CARRID'
    ID 'CARRID' FIELD '*'
    ID 'ACTVT'  FIELD '03'.
       IF SY-SUBRC NE 0. MESSAGE E009. ENDIF.
       MODE = CON_SHOW.
       SELECT SINGLE * FROM  SPFLI
        WHERE  CARRID      = SPFLI-CARRID
        AND    CONNID      = SPFLI-CONNID.
       IF SY-SUBRC NE 0.
    MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
       ENDIF.
       CLEAR OK_CODE.
       SET SCREEN 200.
        WHEN 'CHNG'.
       AUTHORITY-CHECK OBJECT 'S_CARRID'
    ID 'CARRID' FIELD '*'
    ID 'ACTVT'  FIELD '02'.
       IF SY-SUBRC NE 0. MESSAGE E010. ENDIF.
       MODE = CON_CHANGE.
       SELECT SINGLE * FROM  SPFLI
        WHERE  CARRID      = SPFLI-CARRID
        AND    CONNID      = SPFLI-CONNID.
       IF SY-SUBRC NE 0.
         MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
       ENDIF.
       OLD_SPFLI = SPFLI.
       CLEAR OK_CODE.
       SET SCREEN 200.
      ENDCASE.
    ENDMODULE.                 " USER_COMMAND_0100  INPUT
    i thank u all for the help in advance.

    hi
    this might help
    REPORT YUSRLOCK NO STANDARD PAGE HEADING.
    TABLES: TRDIR, USR02.
    DATA: MARK,CNTR TYPE I,
          ACCNT LIKE USR02-ACCNT, ERDAT LIKE USR02-ERDAT,
          ANAME LIKE USR02-ANAME, CLI(3) VALUE 'AAA', SZIN TYPE I,
          SYDATUM LIKE SY-DATUM, FLAG(3).
    TABLES: UINFO.
    DATA: OPCODE TYPE X VALUE 2.
    DATA: BEGIN OF USR_TABL OCCURS 10.
            INCLUDE STRUCTURE UINFO.
    DATA: END OF USR_TABL.
    START-OF-SELECTION.
      CALL 'ThUsrInfo' ID 'OPCODE' FIELD OPCODE
        ID 'TAB' FIELD USR_TABL-SYS.
      SELECT * FROM USR02 CLIENT SPECIFIED ORDER BY MANDT BNAME.
        IF USR02-MANDT <> CLI.
          SZIN = SZIN + 1. SZIN = SZIN MOD 2.
          CLI = USR02-MANDT.
        ENDIF.
        IF USR02-UFLAG = 0.
          MARK = ' '.
        ELSE.
          MARK = 'X'.
        ENDIF.
        CLEAR FLAG.
        LOOP AT USR_TABL.
          IF USR_TABL-BNAME = USR02-BNAME AND USR_TABL-MANDT = USR02-MANDT.
            FLAG = '!!!'.
          ENDIF.
        ENDLOOP.
        SYDATUM = SY-DATUM - 30.
        IF SYDATUM < USR02-TRDAT.
          IF SZIN = 0.
            WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 2,
                  ' ',USR02-MANDT COLOR 2,
                  '   ',USR02-USTYP COLOR 2,
                  ' ',USR02-TRDAT COLOR 2, USR02-LTIME COLOR 2,
                  ' ',FLAG COLOR 6.
          ELSE.
            WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 3,
                  ' ',USR02-MANDT COLOR 2,
                  '   ',USR02-USTYP COLOR 2,
                  ' ',USR02-TRDAT COLOR 2, USR02-LTIME COLOR 2,
                  ' ',FLAG COLOR 6.
          ENDIF.
        ELSE.
          IF SZIN = 0.
            WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 2,
                  ' ',USR02-MANDT COLOR 2,
                  '   ',USR02-USTYP COLOR 2,
                  ' ',USR02-TRDAT COLOR 4, USR02-LTIME COLOR 4,
                  ' ',FLAG COLOR 6.
          ELSE.
            WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 3,
                  ' ',USR02-MANDT COLOR 2,
                  '   ',USR02-USTYP COLOR 2,
                  ' ',USR02-TRDAT COLOR 4, USR02-LTIME COLOR 4,
                  ' ',FLAG COLOR 6.
          ENDIF.
        ENDIF.
        HIDE: USR02-BNAME, USR02-MANDT.
      ENDSELECT.
      CLEAR USR02.
    TOP-OF-PAGE.
    WRITE:/ 'LOCK   USER         CLIENT  TYPE     LAST lOGIN     ' COLOR 6.
      SKIP.
    AT USER-COMMAND.
      IF SY-UCOMM = 'SEL'.
        DO.
          CLEAR MARK.
          READ LINE SY-INDEX FIELD VALUE MARK.
          IF SY-SUBRC NE 0.  EXIT. ENDIF.
          IF USR02-BNAME IS INITIAL.CONTINUE.ENDIF.
          SELECT SINGLE * FROM USR02 CLIENT SPECIFIED WHERE
          MANDT = USR02-MANDT AND BNAME = USR02-BNAME.
          IF MARK = 'X' AND USR02-UFLAG = 0.
            USR02-UFLAG = 64.
            UPDATE USR02 CLIENT SPECIFIED SET: UFLAG = 64 WHERE
            MANDT = USR02-MANDT AND
            BNAME = USR02-BNAME.
            COMMIT WORK.
          ENDIF.
          IF MARK = ' ' AND USR02-UFLAG = 64.
            USR02-UFLAG = 0.
            UPDATE USR02 CLIENT SPECIFIED SET: UFLAG = 0 WHERE
            MANDT = USR02-MANDT AND
            BNAME = USR02-BNAME.
            COMMIT WORK.
          ENDIF.
        ENDDO.
        CLEAR USR02.
      ENDIF.
    regards
    Arun

  • ABAP User Roles and Query for accessing particular T- codes and Reports

    dear Gurus
    I have one problem, i want to know about ABAP User Query ,i have one requirement my user wants to Lock all the HR Std versus Customized reports in T- code SQ01,other department peoples also see the Payslips and Hr personal reports which is harmfull to the dept so i want to Lock all the reports in Std T- code in SQ01 and i have created one Customized User Roles or Query in which the T-codes and Reports are assigned only those particular user can access the T-codes and Std reports .how can it be possible i dont have any idea about user roles and Queries .
    kindly help me out or send me some documents related to user roles and queries
    regards ritesh sharma

    Hi Ritesh,
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/103cafc2-7a64-2b10-14b3-eddb7d324561
    Regards,
    Flavya

  • User Roles and Authorizations

    As we know in MM different user have different roles to play and they need different SAP transaction and related activies.
    In SAP we define the particular user who are actually allow to access only certain transactions only?
    What are the steps to do this in SAP?
    Secondly in which stage of implementation we define those user roles and assign duties to them in SAP ?
    bEST Regards,
    Kapil

    u can create the user role using tcode su01 and pfcg for authorization management

  • VIRSA tables for users, roles and profiles sync?

    Hello,
    I am in a customer, implementing CC 5.2. At the first time, we tried CC 5.2 in DEV environment, and when everything was OK, we redirect RFC connectors to QA environment.
    After doing user, roles and profiles sync in DEV and in QA environment too, I have 4.500 user (1.100 from DEV + 3.400 from QA) when I recover all users "*" with "user level - risk analysis" from the "Informer" tab.
    It seems that "users, roles, profiles, sync" works like and "APPEND", but I did a COMPLETE syncronization not an INCREMENTAL.
    If I start an analysis for QA environment, CC works properly and only analyse QA users (3.400). But I would like to clean CC tables (users, roles and profiles) in order to have a clean copy of QA in CC.
    Which VIRSA tables (users, roles and profiles) I need to clean?
    It is necessary to do the same with authorization and text objects? Which would be these tables?
    Thanks in advance,
    Victor

    Hi all,
    SAP GRC Support provides a script which allows you to remove a connector since it does delete all data link to it. Anyway, I would recommend a deep analysis of it and find out if it does what you really want to do.
    Víctor, if what you want to do it is just to remove all user, role and profile master data (stored in tables VIRSA_CC_SYSUSR and VIRSA_CC_GENOBJ) you could upload a text file using data extractor functionality with the delete field set to X. Doing so user, role and profile master data will be removed from CC database.
    In order to use data extraction functionlaity you connector must be of type "File Local".
    Be careful about removing data directly from DB since, as Prem states, you might loose the DB consistency.
    Hope it helps. Best regards,
       Imanol

  • Query user roles and access

    hi,
    How can query user roles and access in whole database? I want to list username, status, rights, and role
    thanks
    P

    Hi,
    The data dictionary view dba_users has one row per user.
    The data dictionary view dab_role_privs has one row for every distinct combination of user and role that actually occurs ion your database,
    Are you interested in system privileges? See dba_sys_privs.
    Are you interested in individual grants, like the privilege to UPDATE a given table, or the privilege to execute a given stored procedure? See dba_tab_privs. (Don't be fooled by the name; it's not just for tables.)
    I hope this answers your question.
    If not, post some CREATE statements, that create tables, roles, and whatever else you want, and some GRANT statmeents that grant privileges on those objects. Pos the results that you would want to get from those objects and grants.

  • User, user roles and previllages

    I have made all the tables under one user for my oracle forms, is it a good approach or should i use multiple users for this and how can i use user roles and villages for oracle forms?
    Thanks
    Hina

    In our organization, we usually has an application owner and another schema with limited privilege to connect to from application (in this case forms). For example we have application owner say DBO which owns all the objects in the application and another user IA_APP is there to connect to database from application. Privileges such as SELECT, INSERT, UPDATE, DELETE is given to IA_APP user. Object access is provided through public synonym. You can do analogy to this in your application and database.
    Regards,
    Virendra

  • SM30 and AUTHORITY-CHECK

    Hi experts !
    Is There a way to see if the user has authority to chance the table view ? All users can see the data but not all can chance but i can't block the transaction.
    I also need show just some fields. The table has 7 fields but i can show just 4. How to do that ??
    Last doubt. The others 3 fields that do not appear I need to enter some informations like date and hour.
    Thx in advance.

    Hi
    At role Level you can keep the Authrization check for the Tcodes (PFCG tcode)
    using auth objects you can keep authorization check on the table fields or fields in a transaction
    see the following
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Regards
    Anji

  • ALV GRID and AUTHORITY-CHECK

    Hi all !!! 
    I'm using the ALV Grid control with checkboxes and I want to control if the actual user have the appropriate authorization to check/uncheck them.
    In the AUTHORITY-CHECK call, I want to make the authorization test on the "DEPARTMENT" of the user (from Table USER_ADDR or SU01).
    For example :
    DEPARTMENT AA1 --> check/uncheck OK
    DEPARTMENT AA2 --> check/uncheck NOT OK
    DEPARTMENT AA3 --> check/uncheck OK
    ... etc.
    How can I do ? Create an new authorization object/field ?
    PS : it's the first time I'm using AUTHORITY-CHECK..

    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check. 
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object> 
       ID <authority field 1> FIELD <field value 1>. 
       ID <authority field 2> FIELD <field value 2>. 
       ID <authority-field n> FIELD <field value n>. 
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    Example ;
    REPORT  EXAMPLE MESSAGE-ID Z1.
    TABLES: USR02.
    PARAMETERS: LOCK AS CHECKBOX, LISTLOCK AS CHECKBOX.
    DATA: UFLAGVAL TYPE I, LOCKSTRING(8) TYPE C.
    ---- Authorization check -
    AUTHORITY-CHECK OBJECT 'ZPROG_RUN' ID 'PROGRAM' FIELD SY-CPROG.
    IF SY-SUBRC <> 0.
      IF SY-SUBRC = 4.
        MESSAGE E000 WITH SY-CPROG. "some message about authorization check failure
      ELSE.
        MESSAGE E005 WITH SY-SUBRC. "some message about authorization check failure
      ENDIF.
    ENDIF.
    IF LISTLOCK = 'X'.
      WRITE:/ 'List all locked users: '.
      SELECT * FROM USR02 WHERE UFLAG = 64.
        WRITE: / USR02-BNAME.
      ENDSELECT.
      EXIT.
    ENDIF.
    IF LOCK = 'X'.
      UFLAGVAL = 64.                       "lock all users
      LOCKSTRING = 'locked'.
    ELSE.
      UFLAGVAL = 0.                        "unlock all users
      LOCKSTRING = 'unlocked'.
    ENDIF.
    SELECT * FROM USR02 WHERE BNAME <> 'SAP*' AND BNAME <> SY-UNAME.
      IF USR02-UFLAG <> 0 AND USR02-UFLAG <> 64.
        WRITE: 'User', USR02-BNAME, 'untouched; please handle manually.'.
        CONTINUE.
      ENDIF.
    check that user has authority to make these changes
      AUTHORITY-CHECK OBJECT 'S_USER_GRP'
          ID 'CLASS' FIELD USR02-CLASS
          ID 'ACTVT' FIELD '05'.
      IF SY-SUBRC <> 0.
        IF SY-SUBRC = 4.
          WRITE: /'You are not authorized to lock/unlock user ',
            USR02-BNAME, USR02-CLASS.
        ELSE.
          WRITE: /'Authorization error checking user ',
                 USR02-BNAME, USR02-CLASS, '(return code', SY-SUBRC, ').'.
        ENDIF.
      ELSE.                                "has authority
        UPDATE USR02 SET UFLAG = UFLAGVAL WHERE BNAME = USR02-BNAME.
        WRITE: / 'User', USR02-BNAME, LOCKSTRING, '.'.
      ENDIF.

  • HR PNP LDB and authority check

    Hello All,
                  Can someone plzz tell me if there is any major difference between CODE1 and CODE2 below? I understand if we use LDB we dont need to do authority check but is there is any exceptional case where we do this kind of codeing...
    CODE1:
    Start-of-selection
    GET pernr.
      CALL FUNCTION 'HR_CHECK_AUTHORITY_INFTY'
            EXPORTING
                 tclas            = w_tclas
                 pernr            = pernr-pernr
                 infty            = '0001'
                 subty            = space
                 begda            = pn-begda
                 endda            = pn-endda
                 level            = w_level
            EXCEPTIONS
                 no_authorization = 1
                 internal_error   = 2
                 OTHERS           = 3.
      if not sy-subrc is initial.
        reject.
      endif.
      PERFORM list_data.
    END-OF-SELECTION.
    CODE2:
    Start-of-selection
    GET pernr.
      PERFORM list_data.
    END-OF-SELECTION.
    Thanks in advance...
    -Muktar

    Hi Muktar,
    In my opinion, certain infotypes hold certain level of access by different user who is using that report to view HR information. Particularly sensitive infotype like 0008 (basic pay) and other pay involving infotypes can be use to check for authority before it is display or modify by users. So HR_CHECK_AUTHORITY_INFTY is used.
    Get PERNR does not validate the authority because PERNR itself is just a structure that contains a few PA Keys and several of other infotype structure that doesn't tell the authority to read by any specific users. Get PERNR contains the PROVIDE macro and in it does not do any authorization, if i am not mistaken.
    This is my understanding. I hope my explanation is correct and have help you in a way.
    Thanks
    William Wilstroth

  • User roles and role mapping

    I've just start as an intern in Change Management team that is helping to implement SD. My two tasks are to "develop SAP user roles specific to the new business processes" and "manage the role to position mapping for provision of security roles." None of the real employees in my team has ever done this, and my manager is now on three weeks leave. I'm new to SAP and I don't really know where to start. Can anyone offer any advice, or point me to some references? Thanks.

    Intern,
    Its a pretty cold manager who will dump a task on a inexperienced subordinate without any guidance or mentoring,  and then take three weeks off.
    Anyhow, you first need to get some insights as to what the expectations of the client are:  What type of users will there be?  What tasks will each user be responsible for carrying out?
    You also will want to collect a list of names of the actual users. Your Basis people will tell you which bits of data will have to be collected in order to create users on the system
    Next, you need to talk to the SD expert on your team about the solutions that will be implemented.  Quotes? Consignment? Scheduling agreements? Pricing? Customer Service? Marketing?  Customer Master? Material Master? The SD expert should be able to tell you at a very minimum which transactions should be made available.
    There are standard roles available delivered in the system.  These are pretty much un-usable as delivered, but they make a good starting point.  Review http://help.sap.com/erp2005_ehp_04/helpdata/EN/b4/3f9c41919eae5fe10000000a1550b0/frameset.htm
    and
    http://help.sap.com/erp2005_ehp_04/helpdata/EN/06/57683801b5c412e10000009b38f842/frameset.htm
    Once you have all the info needed from the client and your SD experts, you then design the supporting roles at a high level. I usually use an Excel Spreadsheet with two tabs:  One tab listing roles to be developed, with all the transactions and authorization object limitations for each one;  and another tab listing Users and the supporting data needed to create a user.  If you are a Basis expert, you already know the next steps.  If not, then you typically hand your designs to the Basis team for creation of the actual Roles.
    Good luck.  Remember not to treat your interns the same way you have been treated.
    DB49

  • Programatically creating users, roles and insert them into Jazn xml

    Hi All,
    I am using ADF 11G and ADF BC to develop my application. Whenever a user is created an entry will go into OID and into DB. Admin will apply the roles and users for that roles through application. Once the administrator assigns the roles, the user need to see the appropriate menus based on the roles assigned.
    If I use ADFSecurity, then I need to redeploy the application each and everytime an user is created and a role assigned to it. But I have to avoid the redeployment step. When ever admin assigns a role while approving the user, the same should be reflected in Jazn, so that I can use the securityContext to generate menus dynamcally.
    Is there a way to do programatically the below:
    1. Creating roles
    2. Assigining Users
    I want to use the functionality of ADFSecurity but programatically.
    Any information/links/guidance is much appreciated.
    Thanks,
    Morgan.

    Morgan,
    You can configure WLS to use OID instead of jaxn.xml file.
    [url http://download.oracle.com/docs/cd/E14571_01/core.1111/e10043/toc.htm]The security guide should be good reading for you.
    Best,
    John

  • User Roles and Rights

    Hi,
    I would like a particular user, r012, to be able to do user admin management.
    I granted "User Management" and "User Security" rights to this user, but they are still not able to, for example, reset someone else's password. It says "permission denied".
    I also created a role called UserAdmin, and assigned those two user rights to that role. When r012 su's to UserAdmin, they can then do most user management, although they are still not able to grep /etc/shadow, which I would like for them to be able to do to determine if a user is locked.
    1. Does a user have to su to a role to be able to do user management? Can't I just assign those user management features to them and they can stay within their own account?
    2. Is there anyway to grant the ability to grep /etc/shadow to a user?
    Thanks.

    /etc/shadow by default is read-only for the owner only, and the owner is root. What you can do is either assign the rights to the user to have access to such files, or create a role that allows them to do this. One way to do this is to assign the rights to the user via the SMC. For example, I can assign the role of primary administrator to a user, who can then use pfexec from a regular shell without having to su to root or some role. To grep /etc/shadow from a regular shell, you can type pfexec grep user1 /etc/shadow, and then pfexec passwd user1. No su'ing into root or a role is needed. You can assign whatever commands or rights are necessary to accomplish the function.

  • Defining BI Power User Role and Authorizations

    We are looking for information/best practices/guidelines pertaining to defining BI Power Users and the appropriate authorizations to attach to this role.  Our Power Users are asking for approval to access several transactions within BI, specifically within RSA1. I am curious to know how you define your power user role(s) and to what extent they have access to BW itself (i.e. BEx, Web Designer, direct access to BW transactions such as listcube, RSA1, RRI, ability to update custom tables, ability to access the data model structure, etc )? Do your power users have access to develop production queries in DEV and test in your QA environment or are they restricted to ad hoc queries in Production? Have you seen any best practices or guidelines from SAP surrounding appropriate authorizations for Power Users? Any information you would be willing to share with us would be most appreciated.

    Hatem,
    You have an option to use the old method however it's recommend to use analysis authorizations going forward.
    Take a look at the sap wiki for analysis auth for more info or search the site for other good info.
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorizationinSAPNWBI&
    Cheers,
    Ben

  • User Roles and System Privilegies????

    I need to know “MY_USER” Roles and System Privilegies.
    What query do I have to execute?
    Thanks!

    Querying DBA_ROLE_PRIVS will give you the roles a user has been assigned. Querying DBA_SYS_PRIVS will give you the system privileges a user has been assigned.
    Justin
    Distributed Database Consulting, Inc.
    http://www.ddbcinc.com/askDDBC

Maybe you are looking for

  • Error while deploying adf application on oracle cloud service

    hello, i hv registered oracle cloud service for java and database. i hv created simple adf application in which there are 2 jsf pages only linked together. I m using oracle jdeveloper 11gr2. so i hv created ear file for deployment on cloud. i deploye

  • My itunes told me there was a update to do so i did it now it wont work or sync with my phone!

    i logged into my itunes a few days ago and it told me there was a update so i did it and now it wont open up itunes or sync with my phone!  I've uninstalled itunes and reinstalled it but it's still not working and asks me to reinstall it everytime!

  • Safari Update 8.14.14 causing fan to run loud?

    I just did the update for Safari 7.0.6 on 8.14.14 and now it appears that my computer fan is running a lot louder after I did this update. I know that it is not the fan not working correctly or the vent is clogged because I am using Chrome right now

  • Implementing a Constraint Satisfaction Problem?

    Good afternoon, I'm having a lot of troubles implementing a Constraint Satisfaction Problem that requires the implementation of a restriction solver of finite domains (integers) under a java language. The system must allow: - Create restricted variab

  • Items and Purchase Orders...

    Help...Please... We have a problem, we run stock close to minimum at all times, (we supply short dated food stuff), and often our customers ask when the next delivery is due in. Now, we can drag and relate etc but often our staff just don't have time