Show TOC

 Database Access

With the ASCII Adapter you have two possibilities to enhance your database access security:

  • Limited access to database tables via a parameter in CRMASCAD .

  • Stored, encrypted password stored for accessing the database and RFC in the Windows NT registry.

Limited Access

By using the parameter #DBUser in parameter file CRMASCAD it is possible to limit the access to the database.

In contrast to parameter #DBOwner , which provides information on the owner (that is, on the technical R/3 user) of the database, parameter #DBUser defines a user with access rights limited to those tables that are required for current processing. These are always tables SMO7ASCAD and SMO7ASCSTR as well as the CDB tables to be currently processed.

Overview

Please grant the permissions/privileges to your database user as described below:

Permission / Privilege

SMO7ASCAD/SMO7ASCSTR

Tables to be processed

SELECT

Yes

Yes

INSERT

No, see 1)

No, see 2)

DELETE

No, see 1)

No, see 3)

Legend:

  1. Only to be granted if the automatic repository generation mode of the ASCII Adapter is to be used.

  2. Only to be granted if table(s) are to be used for data import into the database.

  3. Only to be granted if the particular table(s) are to be truncated automatically.

Note Note

Please note that when you apply this security scheme, it may take significantly longer to truncate tables, since the ASCII Adapter cannot internally use the SQL statement TRUNCATE TABLE due to missing permissions. Therefore, it tries to truncate the tables using the SQL statement DELETE, which works but which takes much longer. This functions but takes more time.

Since SAPDB does not know the TRUNCATE TABLE statement at all, the DELETE statement is always used here.

End of the note.

Concerning the ASCII Adapter, it is neither recommended nor necessary to gain enhanced database access security via the implementation or usage of database views or user synonyms.

The special database user for the ASCII Adapter must be defined in the given database. The necessary procedure differs with each database supported. You can find more detailed information on the following steps in the appropriate documentation of the respective database vendor.

SAPDB

  1. Create the new database user/login (it is recommended that you use the vendor’s SQL Studio application for this database).

  2. Grant the permissions (as listed in the table below) to this user for the given tables.

Oracle

  1. Create the new database user, if possible, with the Security Manager delivered by the vendor. This is a component of the Enterprise Manager for the respective database.

  2. Grant the Create Session privilege to this user.

  3. Grant the permissions ( Object Privileges ) to this user for the given tables (see above).

MS SQL Server

  1. Create the new database user (the new login), if possible, with the vendor’s Enterprise Manage r application for this database).

  2. Grant the permissions (as listed in the table below) to this user for the given tables.

DB2 NT/AIX

  1. Create the new database user (the new login), if possible, with the vendor’s Control Center for the given database).

  2. Grant the permissions (as listed in the table below) to this user for the given tables.

Encrypted Passwords in the Registry

The database access password for the ASCII Adapter and for access to RFC can be stored in an encrypted format within the Windows NT Registry.

The Registry Entry to contain this information is:

  • for the DB password: HKEY_LOCAL_MACHINE/SOFTWARE/SAP/CRMASCAD/Settings

  • for the RFC password: HKEY_LOCAL_MACHINE/SOFTWARE/SAP/CRMASCAD/Screen

If passwords are stored in the registry of your computer, these are used instead of the passwords specified via the parameter #DBPassword or #RFCPassword in the parameter file CRMASCAD . The entries in the parameter file can remain empty in this case.

You have to call up the ASCII Adapter in order to store an encrypted password in the Registry for later use. To do so, go into MS-DOS command mode and call up the ASCII Adapter as follows:

  • For database access: CRMASCAD <parFile> -P [<password>]

  • For RFC connections: CRMASCAD <parFile> -PR [<password>]

If you do not enter a <password>, an empty password is assumed.

When you call this program, the password you specify is saved. A warning will be issued if the connection fails, so that you can see whether the parameters you used are correct.

All subsequent calls of the ASCII Adapter and RFC connections will then use this encrypted password entry instead of the password specified in #DBPassword or #RFCPassword .

In order to store a new password, call the ASCII Adapter the same way again, specifying the new password.

In order to delete the password entry from the Registry, call the ASCII Adapter as follows:

  • For database access: CRMASCAD <parFile> -C [<password>]

  • For RFC connections: CRMASCAD <parFile> -CR [<password>]

This program call deletes the password entry from the registry, so that in subsequent database calls of the ASCII Adapter, the (unencrypted) password specified for parameter #DBPassword or #RFCPassword will be used.