Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1665921-1)
SAP Support Packages
(SAPKB70111, SAPKB70211, SAPKB71109, SAPKB73007, SAPKB73103)
Описание
These problems are caused by a program error.
Как исправить
After implementing the corrections for this note, the SQL Command Editor shows the following behavior for a user with sufficient authorization.
Local system:
The display of Oracle views with owner SYS is permitted.
The display of table contents (as in SE16) is permitted.
Remote system:
The display of Oracle views with owner SYS is permitted.
The display of table contents (as in SE16) is NOT permitted.
While the display of table content is never permitted when you access a remote system, you can control the display of table content when executing the SQL Command Editor in a local system using an authorization role.
The display of table content in the local system is controlled using the authorization object S_TABU_DIS. Only if a user has an authorization role of the following type can they display table content in the local system.
ACTVT = 03
DICBERCLS = *
Local system:
The display of Oracle views with owner SYS is permitted.
The display of table contents (as in SE16) is permitted.
Remote system:
The display of Oracle views with owner SYS is permitted.
The display of table contents (as in SE16) is NOT permitted.
While the display of table content is never permitted when you access a remote system, you can control the display of table content when executing the SQL Command Editor in a local system using an authorization role.
The display of table content in the local system is controlled using the authorization object S_TABU_DIS. Only if a user has an authorization role of the following type can they display table content in the local system.
ACTVT = 03
DICBERCLS = *
Ссылки