This section describes the SAP authorization objects and SAP roles that are needed to use the SQL Editor.
To be able to use the SQL editor to efficiently analyze a database, the following authorization objects must be configured:
S_DBCON
S_RZL_ADM
S_TABU_SQL
From SAP_BASIS 7.40 SP14 and SAP_BASIS 7.50 SP01, S_DBCON is configured differently. The table below compares these changes.
ACTVT |
Before SAP_BASIS 7.40 SP14 AND SAP Note 1933254 is Not Implemented |
After SAP_BASIS 7.40 SP14 OR SAP Note 1933254 is Implemented |
---|---|---|
03 (Display) |
The SQL editor is disabled. |
The SQL editor is enabled. However, you need to grant authorization for each individual table to be accessed. To specify tables and views to be accessed, use the authorization object S_TABU_SQL. |
23 (Change database parameters and database settings) |
The SQL editor is enabled for SELECT statements. |
The SQL editor is enabled for SELECT statements. However, you need to grant authorization for each individual table to be accessed. To specify tables and views to be accessed, use the authorization object S_TABU_SQL. |
36 (Extended maintenance) Caution This authorization is extremely powerful and
should not be granted on a routine basis.
|
The SQL editor is enabled for all types of SQL statements. |
The SQL editor is enabled for all types of SQL statements. However, you need to grant authorization for each individual table to be accessed. To specify tables and views to be accessed, use the authorization object S_TABU_SQL. |
You can implement the new functionality in releases prior to SAP_BASIS 7.40 SP14.
More information: SAP Note 1933254 - DBA Cockpit: Authorization check for SQL editor at table level in Related Information
SAP Note 1933254 also allows you to install the new functionality into older SAP_BASIS Releases and support packages.
From SAP_BASIS 7.40 SP14 and SAP_BASIS 7.50 SP01, the SAP roles for the SQL Editor are configured differently. The table below compares these changes.
SAP Role |
Before SAP_BASIS 7.40 SP14 |
From SAP_BASIS 7.40 SP14 |
---|---|---|
SAP_BC_S_DBCON_USER |
The SQL editor is disabled. |
The SQL editor is enabled for SELECT statements only and S_TABU_SQL allows access to ALL tables. Tip To restrict access to specific tables and views, create a copy of
SAP_BC_S_DBCON_USER and change the
authorizations of S_TABU_SQL
accordingly.
|
SAP_BC_S_DBCON_ADMIN |
The SQL editor is enabled, but only for SELECT statements. |
The SQL editor is enabled for SELECT statements only and S_TABU_SQL allows access to ALL tables. Tip To restrict access to specific tables and views, create a copy of
SAP_BC_S_DBCON_USER and change the
authorizations of S_TABU_SQL
accordingly.
|