• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1665921 - DBACockpit: Authorization check for SQL Command Editor

Главная Специалистам База уязвимостей Note 1665921 - DBACockpit: Authorization check for SQL Command Editor

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1665921-1) SAP Support Packages (SAPKB70111, SAPKB70211, SAPKB71109, SAPKB73007, SAPKB73103)
Описание
These problems are caused by a program error.
Как исправить
After implementing the corrections for this note, the SQL Command Editor shows the following behavior for a user with sufficient authorization.
Local system:
           The display of Oracle views with owner SYS is permitted.
           The display of table contents (as in SE16) is permitted.
Remote system:
           The display of Oracle views with owner SYS is permitted.
           The display of table contents (as in SE16) is NOT permitted.
While the display of table content is never permitted when you access a remote system, you can control the display of table content when executing the SQL Command Editor in a local system using an authorization role.

The display of table content in the local system is controlled using the authorization object S_TABU_DIS. Only if a user has an authorization role of the following type can they display table content in the local system.
ACTVT = 03
DICBERCLS = *
Ссылки