we would like to read the tables of SAP directly from MaxDB. The user sap<sid> is not a good candidate. So, we create another user dbreader.
Could somebody help me, how to grant read authorisation on all SAP tables to user dbreader?
Thanks a lot in advance.
I guess, you should assign the STANDARD class to this user, as seen below in help pages
ALTER USER dbreader STANDARD
first of all, whenever a table is created in database, it is created under some particular schema...
so if the user dbreader has created a table or any object ever, then it's tables or objects will be identified by dbureader.tablename (just as seen in below help page example hotel.customer)
so, I think you can utilized the grant statment as shown in help page example below for hotel schema,
GRANT SELECT ON hotel.customer TO PUBLIC (to grant table select for all other users)
However, the example shown is for granting the select access just for the table 'customer' of the particular schema. May be we would like to search more as how to grant select for all the tables
do you notice to what a dilemma you bring us with your request?
On the one hand, we're participating in this SDN community to help people, so that they can successfully use the software and enjoy it.
On the other hand you ask for the how-to for something that is a really bad idea and that will bring you into trouble.
By allowing a read-only access to SAP tables you bypass all permission management of SAP. As soon as any auditor sees that, the compliance certificate of your company is gone.
You can even access all clients - how do you prevent from working with the wrong set of data?
Also it does not seem as if you know what you're about to do there. In fact, you don't even know what data you want to see.
It's just the "gimme-all" request, something that might be OK at the kepab booth, but surely not with data access permissions.
Apart from the security aspect: SAP tables don't make sense on database level.
All references and dependencies between them are only kept within the application layer.
All the semantics of the data fields (and with them all consistency check) are only present at the application layer.
Even the state of records is not consistent on the database, as SAP uses it's own updater concept in - you guess it - the application layer.
So, for me the question is:
If I tell you how to do what you asked for, does it do more harm than it's useful?
The regular readers of this forum already know my reply to this kind of request...
DON'T DO IT!
Instead define and specify a API to the data you need to see.
Better use the tools you already paid for ... ABAP, BAPI, RFC, WebServices... there are tons of options to get data out of SAP systems properly. And all of them are safe, secure, well documented and reliable.
this is still my opinion too, but what is than the option for SAP BOJ with direct database access. I am having problems to find arguments against the direct database access to my BOJ collegues, when SAP provides a product what needs it for some important functionalities?!
> this is still my opinion too, but what is than the option for SAP BOJ with direct database access. I am having problems to find arguments against the direct database access to my BOJ collegues, when SAP provides a product what needs it for some important functionalities?!
Hmm... well, to be honest it's about 7 years now that I worked with Business Objects.
That was long before BO belonged to SAP and even before I started to work with SAP.
So, I've to say: no clue on this!
But I'm pretty confident that the BO colleagues in consulting, support and in the SDN community do have an approach for that.
What I can think of is to put BO to the same level of SAP and use the same DB user.
I assume (and hope) that the BO access will correctly handle permissions and clients then.
But as I wrote: no real clue...