Wild card "*" usage in the authorization role

Hi All,
I am an ABAP consultant(not a security pro, so please put up with any incorrect wordings), and working on a requirement where i need to check if the user has access to particular values entered on a screen field. For example if the text entered on the field is ABCDEFGUS, i want to check on the last two characters to see if user has access to enter values ending with US.
So i create an authorization object...etc, and in the role i enter US as the value,  but now when i run through the code using AUTHORITY-CHECK against the authority object. The authorization passes for all the values i enter, ex: ABCDEFGUK* - this should have failed as i have maintained *US.
Note: but when i maintain the value as ???????US in the role, it works as expected.
All the help and pointers, towards this would be appreciated.
Regards,
Chen

So you will maintain value like #US in your roles and just before authorization check you will amend string.
Hi Martin,
Have you ever tried this and used it in production?
Changing the value sent to the AUTHORITY-CHECK is easy but very intrusive to the data in the program which might be used else where.
Changing the value at runtime which the AUTHORITY-CHECK expects to find is a different ball game (also in performance).
I have done some experimental stuff with this in sandboxes using STATICS in a wrapper for fixed lengths but cannot recommend it at all. I cannot see it ever flying in an AUTHORITY-CHECK statement construct.
It is also completely unauditable to any authorization analysis tool...
Hang on a second... if SPRO can do this then we can as well --> I think we have a winner here! 
Cheers,
Julius

Similar Messages

  • Wild card usage in standard F4 help - issue

    Hi Friends,
    i want to list a function module which - second character  should be 'Z' .........HOW TO DO THAT ...
    usually  we will put : in se37 - IN THE FIELD VALUE COLUMN    :     %z*
    but wild card % or ? is not accepting ....give me your help on this.
    regards
    raaj

    thanks for your response.
    if  we use z* or *z.....
    please not that only second character of my listing should be  "z"
    If you give *z  - it will list out all values which ends with "Z" ....
    HOW TO USE  THE WILD CARD : %

  • Wild card usage in bex?

    Hello All,
    Is it possible to use a wild card (<b>*</b>) in the restriction of a characteristic in Bex?
    Suppose I have the a characteristic DepartmentName, if I want to report the data of all the departments starting with letter 'F' <b>(F*)</b> .
    So this should include departments like <b>F</b>ire, <b>F</b>leet, <b>F</b>inance.....
    Please let me know if this is possible? else let me know if there any other way to achieve this...
    Points are assured...
    Thanks in advance....

    hi,
    check out this thread.
    BW BEx using a wildcard  ("*")???
    hope it helps,
    regards,
    Parth.

  • How to pass wild card '%'  value from the parameter to the query

    Hello everyone,
    I have following 2 problems
    1) I was trying to do some thing like below
    select * from emp
    where ename like 'J%'
    for this i have used the following code
    select * from emp
    where ename like :P_ENAME
    and before running the query in the parameter box i entered J%. But my report returns an error which says INVALID PARAMETERS REQUESTED.
    2) I have a req of passing both comma separated and wild card for the same parameter. If we take the same example as above,
    user should be able to enter
    a) JASON, SMITH, JOHN OR b) J%
    I have used comma separated value option of the parameter for the csv values and its working fine, but i need to add the wild card feature also to the same parameter.
    Can anyone please help me with these things?????
    Thanks in advance!!
    Raghu

    Hi Raghu,
    I guess you are in older version, You have to get into latest version to use %, it should work well
    you should use where ( ename like :P_ENAME ) or ( ename in (:P_ENAME)) for both the condition to satisfy.

  • WILD Cards usage in BEX

    Hi Experts,
            Can any one suggest me whether WILD CARDS (eg : ' %' or ' ? ' ) will be used in Bex Explorer.
            I have a requirement where my ' Material Short Text ' will be   '<b> SULFATE,ZINC99.0011</b> '  Now user need a Keyin Field where in he can just Click on the Report and once the User entry window popup's, he be typing only 'SULFATE ' in the Short Text characteristic field and it should bring in all the records which has text description that starts with ' SULFATE XXXXXXX, xxxxxxx '(for eg: SULFATE,ZINC00.11  , SULFATE,1112.00,,,,,,,,,,,,. )
         Can any one suggest me how to succeed in this scenario.
    Thanks,
    Sam

    hi,
    check out this thread.
    BW BEx using a wildcard  ("*")???
    hope it helps,
    regards,
    Parth.

  • How to put the wild card search in the url

    I want to call a report use the url which inculd a page parameter 'LastName', to list all the person whoes LastName is begin with the certain character, like 'B'. So in the report sql query, i used
    Select Last_name, email, institution from members where Last_name like :lastname;
    and then i want to list all the 26 english character, let ueser click on it to retrieved the report.
    But when i test the URL like PORTAL_schemal.member_report.show?p_arg_names=_show_header&p_arg_values=YES&p_arg_names=_max_rows&p_arg_values=6&p_arg_names=_portal_max_rows&p_arg_values=6&p_arg_names=lastname&p_arg_values=B%, it always returns "no row returned".
    anyone can help?
    thanks a lot!!

    Try this :-
    PORTAL_schemal.member_report.show?p_arg_names=_show_header&p_arg_values=YES&p_arg_names=_max_rows&p_arg_values=6&p_arg_names=_portal_max_rows&p_arg_values=6&p_arg_names=lastname&p_arg_values=B%25
    Since % is a special characeter, you need to specify it as %<2-digit-ASCIIcode-in-hexadecimal>
    The ASCII code for % in hexa = 25
    Thus, you need to specify %25
    If you want to indicate the pattern %B% in the URL, it would be :-
    %25B%25

  • How to use wild card character in input field

    Hi
    I'm creating model in which the Purchase Order information need to be entered in Input Field.
    My requirement is search using wild char char as '*'
    Let say in input field  i gave PO order as 20* then it'll search for all the PO's which starts from 20.
    Could you please share some documents/guidelines, for this issue
    Thanks and Regards
    Puneet

    Hi,
    You can use the wild card char in the input box.please try  below steps.
    1.Check whether the input string has ' * '  char using "CONTAINS(text,pattern)" operation.
    2.If yes, Replace the ' * ' with space by "REPLACE(text,pattern,repstr)" operation.->consider this result as input2
    3.Now , Have a Filter from ur webservice(which gives your Purchase Order information )
    and filter it by the condition " BEGINS(WSField,input2)"
    the Final expression in the filter will be "_=IF(CONTAINS(input,""),BEGINS(HelpWSField,REPLACE(input,"\","")),true)_"
    Hope it helps.
    Regards,
    Priya
    Edited by: priya on May 20, 2009 12:49 PM

  • Wild card search in existsNode function

    Hi,
    How can i do a wild card search for the below data?
    I have a table as follows:
    ID VARCHAR2(32 BYTE),
    MESSAGE_TYPE VARCHAR2(64 BYTE),
    MESSAGE_CONTENT XMLTYPE,
    REJECTED_REASON VARCHAR2(256 BYTE)
    And Sample XML as:
    <?xml version="1.0" encoding="US-ASCII"?>
    <MessageEnvelope>
    <Header>
    <Partner>Renault</Partner>
    <MessageType>Release</MessageType>
    <PartnerMessageType>S74</PartnerMessageType>
    <MessageTime>2001-12-17T09:30:47.0Z</MessageTime>
    <LinkToRawMessage>String</LinkToRawMessage>
    </Header>
    <Body>
    <Release>
    <Addresses>
    <DealerDestAddr>ABCD</DealerDestAddr>
    <DestAddr>ABCD</DestAddr>
    <NextDestAddr/>
    <StartAddr/>
    </Addresses>
    <Assignment/>
    <ClientStatus/>
    <Dates/>
    <HoldInfo>
    <HoldCode>HoldTest</HoldCode>
    </HoldInfo>
    <Message/>
    <Partner>
    <OrderGiverCode>CMR00BCV</OrderGiverCode>
    </Partner>
    <ToDo/>
    <Transport/>
    <Vehicle>
    <VIN>W0LGDM9A_Ran11115</VIN>
    </Vehicle>
    </Release>
    </Body>
    </MessageEnvelope>
    I am executing the foll query:
    select * from t_xml x where x.message_type='DBLVEH' and x.MESSAGE_CONTENT.existsNode('//*[*="Release"]')=1;
    This gives me correct result.
    But i need to search *Rel and it should give me the desired result. How can i accomplish that?
    I tried the foll and it did not work:
    select * from t_xml x where x.message_type='DBLVEH' and x.MESSAGE_CONTENT.existsNode('//*[contains(*,"Re")]')=1;
    Regards,
    Sprightee

    sprightee wrote:
    Hi,
    How can i do a wild card search for the below data?I am not sure how this can be achieved using existsNode function but does following work for you?
    SELECT *
      FROM t_xml
      WHERE
        XMLExists(
          'declare namespace ora = "http://xmlns.oracle.com/xdb"; (: :)
           $d//*
             [ora:matches(text(), "Re*")]'
          PASSING MESSAGE_CONTENT AS "d");

  • Exchange Server 2013 with 3rd party wild Card Certificate shows Invalid

    Hi Team,
    I've Exchange Server 2013 SP1. Imported a valid 3rd party wild Card Certificate but the status is continuously showing  "Invalid" on all my 2013 servers. Any help?
    Thank you.
    Muhammad Nadeem Ahmed Sr System Support Engineer Premier Systems (Pvt) Ltd T. +9221-2429051 Ext-226 F. +9221-2428777 M. +92300-8262627 Web. www.premier.com.pk

    Hello,
    Can you enable it on the Exchange Services like, IIS, SMTP without any issues?
    If the certificate is for OWA, is there any certificate issue when you accessing OWA?
    Run the following command to get the Exchange Certificate information and post them for researching:
    Get-ExchangeCertificate |FL
    Thanks,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Simon Wu
    TechNet Community Support

  • Wild Card Cert

    Is there a way to use a wild card cert in the CSS SSL Proxy list ?
    Looks like you can request a cert such as ABC*.xyz.com from Verisighn.
    Can you use that in a CSS for URLS like
    ABC1.xyz.com
    ABC2.xyz.com
    ABC3.xyz.com
    and only use one VIP ?
    Thanks
    Steve

    the domain will be used to get a destination ip address.
    So, the CSS does not really control the domain<->ip resolution.
    If you can configure your DNS server to point all domains to 1 ip, then you only need 1 vip on the CSS.
    However, if you have 1 ip for each domain, you will need the 1 vip per domain on the CSS.
    I know working with a single vip sounds easier, but this could be a big limitation for you in the future.
    If your number of domain increases or if the traffic load increases, the CSS performance could slow down as it will require to inspect all data to identify the domain name.
    Playing with more vip will allow you to identify the domain with just the ip and increase performance.
    Regards,
    Gilles.
    Thanks for rating this answer.

  • Assign queries to authorization role via PFCG maintenace

    Hi,
    I would like to assign several queries to existing authorization roles.
    Therefore I am using the transaction PFCG > maintain the menu > add "other" SAP BW Query URL and fill in the name as well as object description.
    However, the new query will not be shown in the BEx Analyzer in the role folder.
    What do I have to administrate that the query will be shown in the role menu (BEx Analyzer)?
    Thanks!

    Dear Arvind,
    thanks for your reply.
    As an authorization administrator for SAP BI I do have the authorization for S_USER_AGR already.
    I am just testing in our development system.
    However, the query will not appear in the BEx Analyzer while selecting "Open Query" and search in "Roles".
    As far as I know queries could provided to authorization roles via BEx Analyzer.
    But does no possibility exists to maintain the authorization role via PFCG?
    Regards, Christian

  • How to upload authorization role & profile to PFCG

    I have downlaod the authorization role & profile from PFCG at client 100.
    How to upload the authorization role & profile to SAP client 200?

    check with ur basis guys once
    generally it will be dont by them check with them once

  • Authorization  -- Roles

    Hi All,
    We are moving our applicaiton from Oracle Forms to Apex. I am basically a forms developer and I didnt understand the authorization/roles in Apex.
    For eg in our database we have 2 roles app_lookup ( privs - insert,update, delete, select) and app_guest( privs select) . And we use the database authentication for forms. If we have 2 end users Super with role app_lookup and operator with role app_guest, and if I want to implement the database role, how can it be done in Apex.
    End user Super ( with all privs) need to update/delete/insert/select in apex
    End user Operator( with only priv select) need to select particular table/pages in apex.
    Could someone throw lights on how this can be done in Apex.
    thank you
    rajesh

    "user596620",
    You can go to your control panel and give us your real name, or at least something easier than "user596620".
    Why do I think Database Authentication is a dying trend?
    - LDAP directories were designed from the ground-up to store information like Authentication and Authorization data.
    - Almost every technology out there can use LDAP as an Authentication source.
    - There are only a few technologies that can use the DB for an authentication source. What if your users don't want to have a separate username / password for their APEX apps than their email account? You're out of luck.
    - Databases were never designed as user repositories. It's a square peg in a round hole.
    - Mixing data schemas and user accounts in a database is mess to maintain. It's often difficult to tell them apart. Which ones contain sensitive data, which ones are just users?
    - There are only a few attributes that you can store in a database "user". If you want to store phone, email, certificate, etc, you have to create your tables for it.
    - If end users have accounts in a database, it's that much easier for them to connect with third-party tools and start poking around.
    - There is no concept of delegated administration with a database. How do you give someone the ability to manage all users in a particular group?
    - Managing roles and privs for thousands of database user accounts is a nightmare. It's much easier in a web environment to assign select / execute privs to the account used by the web application, vs all of the users accessing the application.
    - Onboarding / off-boarding / auditing accounts scattered throughout a bunch of databases is impossible vs creating / deleting / auditing all accounts and groups (roles) in a single LDAP directory.
    I'm probably missing a lot of points here, so I may ask someone one the Identity Management side of things to chime-in.
    Tyler

  • Remote ssh commands with wild cards

    I am trying to send a remote command via ssh - need to get a file listing in a directory using a wild card. However, the ssh command will not return results using a wild card:
    ssh [email protected] sudo ls -l /var/audit-files/201110* (directory requires root permission)
    /var/audit-files/201110*: No such file or directory
    I've tried quoting the command, the directory, the file names, etc - same results. It will only work with a specific name that exists, but not with a wild card. Is there a way to make this work?

    This is a rather complex situation. The problem is that you need to quote the '*' character; however, quoting it once may not be enough. Every time the command goes through a shell you'll strip out a set of quotes. It isn't clear to me how many times this will go through the shell but I'm guessing you'll have to at least double quote it.
    ssh [email protected] sudo ls -l "/var/audit-files/201110\*"
    I won't guarantee that this will work but it might. I don't know what the permissions are on /var/audit_files. If you need root to read that you may need to triple quote it. I've never had much luck getting the quotes right in complicated situations like this.

  • QUERY ERROR WITH WILD CARD ON FORM WHEN NO DATA WWC-49102

    Portal 30985 ; database 9014 on sun solaris
    Same server : two databases 9014 : db1 with portal and db2(used here as remote database);
    Step1 ; Create public database link; db_link on db1 through Portal interface;
    Step2 ; create public synonym emp_syn for table emp@db_link through Portal interface;
    Step3 :create form based on emp_syn;
    the form is generated OK and also is behaving OK when Insert,Update,Delete from
    underlying table ;but when I am quering for 758% into the empno field I've got the same error:
    Error: An unexpected error occurred: ORA-00000: normal, successful completion (WWV-16016)
    No conversion performed for type NUMBER, value 758%. (WWC-49102) INSTEAD OF RETURNING EMPTY FORM(NO ROWS)
    I have tryed to query on other fields ;
    querying on a numeric field will give the above message;
    querying on a varchar or date field with or without wild card will raise the following error:Error: An unexpected error occurred: ORA-00000: normal, successful completion (WWV-16016)
    An unexpected error occurred: ORA-00000: normal,successful completion (WWV-16016).
    Lawrence

    Hi Mike,
    You can actually just check for the existence of the cell:
    var l_Cell = $x(pId);
    if (l_Cell)
    rest of the code to hide the column
    }As long as l_Cell refers to a valid page item, then the if test passes and the rest of your code can run.
    Andy

Maybe you are looking for

  • 6230i first time isyncer

    Hi I've just bought a Nokia 6230i (which is listed as a suppoeted phone on Apple's Isync pages). But although I can communicate with the phone over Bluetooth the option to synchronise with Isync is not available. Anybody know what's going on? I don't

  • Saving and reteriving xml

    Hi, Can someone help with this,Where should I locate XML configuration file in the WD project structure. second how can I refer to this file via WD runtime? Thanks Best Regards Yasir NOman

  • AMD Radeon HD 6990 vs Mercury Playback Engine

    I just installed an AMD Radeon HD 6990. I am using Adobe Premiere Pro CS5.5 My Mercury Playback Engine "GPU" choice does not show up in Premiere. I tried the hack. Nothing. I see my card is not listed in the http://www.adobe.com/products/premiere/tec

  • Expression errors not displaying

    When I write an After Effects expression that doesn't work for some reason, a dialogue box is suppoed to appear telling me what the error is. Since upgrading to 5.5, that dialogue is gone -- my expression just gets a yellow warning sign beside it wit

  • Recording a video for 10 minutes iOS 7.0.6 = overheating = yellow spot on the screen :(

    Hello, last night i was trying to record a video using the rear camera of my iPhone 4S, the phone started to get very hot after minute 5 and then i started to notice yellow spot on the right corner of the screen. I got scared and stoped the video bef