Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

direct database data access without data level authorization check

jihoon_kim
Associate
Associate

‎2010 Jul 30 1:44 AM

0 Likes
626

Hello,

My customer raised issue about direct database data access. Due to the customeru2019s strong security policy, it shouldnu2019t be allowed.

To prevent this kind of illegal data access, customer ask me to list up all the possibilities to display data without data level authorization check.

The things in my mind are

SQL Command Editor (for Oracle based system) : ORASPACE, DB02, ST04

Query Based : SQVI (Quick Viewer), SQ01/SQ02/SQ03 (SAP Query)

Data Browser : SE11, SE12, SE16, SE16N, SE17

Table Maintenance : SM30

Function Module : RFC_READ_TABLE

Function Module : DB_EXECUTE_SQL (DML)

Anyone knows anything which is not listed above?

Thanks

1 REPLY 1
Read only

former_member440650
Explorer

‎2010 Jul 30 5:10 AM

0 Likes
479

HI,

Generally in production user's should not be given all these authorizations.

Ram.