https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254360#M1384136 <HTML><HEAD></HEAD><BODY><P>I guess you are going to be more polite in future, or even completely quiet yourself?</P><P></P><P>Anyway, if your SP level is below 17, then see method CHECK_TABLES of class CL_ORA_SRV_JSEL - otherwise, see method OKCODE_PARSE_AND_EXECUTE of class CL_ORA_ACTION_SQLC.</P><P></P><PRE><CODE>* local system: if the user has the permission to display table contents like * in transaction SE16 (authority object S_TABU_DIS), the SQL Command Editor * will also allow to show the table contents. * remote system: on a remote system, the check is done according to the original * rules. If table-owner is 'SYS' or 'PULIC', the contents will be displayed, * otherwise the table contents will not be displayed. On a remote system the * Authority Check can not be executed. Therefore we have a different behaviour * in this case than running the SQL Command Editor on a local system. IF ( ( me-&gt;g_dbcon = 'DEFAULT' ) OR ( me-&gt;g_dbcon IS INITIAL ) ). *...local system AUTHORITY-CHECK OBJECT 'S_TABU_DIS' ID 'ACTVT' FIELD '03' ID 'DICBERCLS' FIELD ''. IF ( sy-subrc &lt;&gt; 0 ). "no authorization e_rc = 1. ELSE. e_rc = 0. ENDIF.</CODE></PRE><P></P><P>You will find this when you actually run the statement, unless it is an external DBCON connection.. in which case it is closed and nothing is displayed here.</P><P></P><P>So I would say that Mylene is correct, and there is a bit of an application authorization check made once the connection information to the DB table is known (even if it is only as strong as the one in debugging SE16). Obviously you need to be more carefull of S_ADMI_FCD PADM or ST0R or ST0M to get in there in the first place...</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Thu, 19 Nov 2009 13:30:44 GMT Former Member 2009-11-19T13:30:44Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254351#M1384127 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I want to restrict authorization... Is there a object/Tcode to do so?</P><P></P><P>Restrict Authorization for:</P><P></P><P><STRONG>DBACOCKPIT -&gt; Performance -&gt; Additional Functions -&gt; SQL Command Editor</STRONG></P><P></P><P>This should be done as Basis users should not be able to get access at the Table Level...</P><P></P><P></P><P>Thanks,</P><P>RaHuL...</P></BODY></HTML> Wed, 11 Nov 2009 07:34:19 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254351#M1384127 Former Member 2009-11-11T07:34:19Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254352#M1384128 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Your objects are within your t-code itself.</P><P></P><P>Make use of S_ADMI_FCD under it.</P><P></P><P>For documentation on this obj go to su21 and search for it.</P><P></P><P>As always, make use of trace:)</P><P></P><P>Regards,</P><P>Brahmeshwar</P></BODY></HTML> Wed, 11 Nov 2009 08:32:44 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254352#M1384128 Former Member 2009-11-11T08:32:44Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254353#M1384129 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks for the reply Brahmeshwar...</P><P></P><P>I have checked with <STRONG>S_ADMI_FCD</STRONG>... It doesn't work...</P><P></P><P>Any other guesses?</P><P></P><P></P><P>Thanks,</P><P>RaHuL...</P></BODY></HTML> Wed, 18 Nov 2009 07:43:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254353#M1384129 Former Member 2009-11-18T07:43:03Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254354#M1384130 <HTML><HEAD></HEAD><BODY><P>there's nothing to guess. this has nothing to do with SAP authorisations. this is on DBA-level - access to SQL when logged on in the SAP system is always done with user db2&lt;dbsid&gt;. so, check your DB-schema, groups, levels etc or go to your DBA and have her do so.</P><P></P><P>RaHuL, may i suggest that you phrase your topic subjects in a more 'meaningful' way in the future? like 'how to limit transaction DBACOCKPIT to display when it comes to SQL' or somesuch? thank you in advance.</P></BODY></HTML> Wed, 18 Nov 2009 08:21:31 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254354#M1384130 Former Member 2009-11-18T08:21:31Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254355#M1384131 <HTML><HEAD></HEAD><BODY><P>Rahul,</P><P></P><P>what makes you think I will give you a different answer on SAPFans (to the very same question of today)? </P><P></P><P><SPAN __jive_emoticon_name="happy"></SPAN> <SPAN __jive_emoticon_name="happy"></SPAN></P></BODY></HTML> Thu, 19 Nov 2009 11:09:18 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254355#M1384131 Former Member 2009-11-19T11:09:18Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254356#M1384132 <HTML><HEAD></HEAD><BODY><P>Mylène Dorias</P><P></P><P></P><P><STRONG>Just thought there would be more smarter people on that forum than you...</STRONG></P><P></P><P>If you donot wish to reply , keep your mouth shut and let others help...</P><P></P><P>Unwanted comments are not appreciated...</P><P></P><P></P><P>Thanks,</P><P>RaHuL...</P><P></P></BODY></HTML> Thu, 19 Nov 2009 11:55:21 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254356#M1384132 Former Member 2009-11-19T11:55:21Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254357#M1384133 <HTML><HEAD></HEAD><BODY><P>Now now... Mylene did add a smiley... and you didn't...</P><P>Perhaps this is because you think you are invisible in the internet? Huh?</P><P></P><P>Anyway, I have been looking into this and if you do not tell us your release and SP level (at least) then we cannot help you.</P><P>That is a general rule for asking questions, and in this case a necessary information.</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Thu, 19 Nov 2009 12:24:53 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254357#M1384133 Former Member 2009-11-19T12:24:53Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254358#M1384134 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>+<EM><STRONG>One More in the forum...</STRONG></EM>+</P><P></P><P>Can i <STRONG>curse you/use bad words</STRONG> and add a smiley at the end? If it is OK with you then let me know? </P><P></P><P></P><P>We are on SAP ECC 6.0 with Oracle 10 and Solaris 10 Kernel Release 700 [185] ...</P><P></P><P>Are any more inputs required?</P><P></P><P></P><P><STRONG>I would appreciate only relevant answers</STRONG></P><P></P><P>Thanks,</P><P>RaHuL..</P></BODY></HTML> Thu, 19 Nov 2009 12:40:25 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254358#M1384134 Former Member 2009-11-19T12:40:25Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254359#M1384135 <HTML><HEAD></HEAD><BODY><P>Dear Vijay Mehta from Reliance, Thane Belapur Road, KoparKhairane (Mumbai)</P><P>India,</P><P></P><P>What's your SAP_BASIS level (see transaction SPAM -&gt; installed support packs).</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Thu, 19 Nov 2009 12:57:14 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254359#M1384135 Former Member 2009-11-19T12:57:14Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254360#M1384136 <HTML><HEAD></HEAD><BODY><P>I guess you are going to be more polite in future, or even completely quiet yourself?</P><P></P><P>Anyway, if your SP level is below 17, then see method CHECK_TABLES of class CL_ORA_SRV_JSEL - otherwise, see method OKCODE_PARSE_AND_EXECUTE of class CL_ORA_ACTION_SQLC.</P><P></P><PRE><CODE>* local system: if the user has the permission to display table contents like * in transaction SE16 (authority object S_TABU_DIS), the SQL Command Editor * will also allow to show the table contents. * remote system: on a remote system, the check is done according to the original * rules. If table-owner is 'SYS' or 'PULIC', the contents will be displayed, * otherwise the table contents will not be displayed. On a remote system the * Authority Check can not be executed. Therefore we have a different behaviour * in this case than running the SQL Command Editor on a local system. IF ( ( me-&gt;g_dbcon = 'DEFAULT' ) OR ( me-&gt;g_dbcon IS INITIAL ) ). *...local system AUTHORITY-CHECK OBJECT 'S_TABU_DIS' ID 'ACTVT' FIELD '03' ID 'DICBERCLS' FIELD ''. IF ( sy-subrc &lt;&gt; 0 ). "no authorization e_rc = 1. ELSE. e_rc = 0. ENDIF.</CODE></PRE><P></P><P>You will find this when you actually run the statement, unless it is an external DBCON connection.. in which case it is closed and nothing is displayed here.</P><P></P><P>So I would say that Mylene is correct, and there is a bit of an application authorization check made once the connection information to the DB table is known (even if it is only as strong as the one in debugging SE16). Obviously you need to be more carefull of S_ADMI_FCD PADM or ST0R or ST0M to get in there in the first place...</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Thu, 19 Nov 2009 13:30:44 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-authorization/m-p/6254360#M1384136 Former Member 2009-11-19T13:30:44Z