Reply to: IPR database and its contents

You've ask your question, you've given insufficient information for anything more than a general answer, now you're getting all prissy. Thread locked.

Really? Your postings give the impression you're new to the market, possibly selling something you've franchised.

Oh well, with your extensive experience you've no doubt got airtight contracts and know what to do in all circumstances, sorted.

Thanks for letting me know I have rights and responsibilities as a vendor, I was previously unaware for the past 18 years.

There's too little information for anyone to understand the issue. Go and get professional advice as it's clear you don't understand that you have rights and responsibilities as a vendor.

that's a wild assumption - thanks for your input but I don't think you understand the issue.

Good points. Hadn't really considered the compliance aspects before. However, when reporting against anything you have the ability to "transform" the data, but I guess that is covered by different SOX compliance.

Yep, but as stated earlier there were restrictions on connecting to the back end directly, even with Business Objects.
For that they gave us the joy of SAP BW .

I suspect it's mainly protectionism. Mainly though it's for compliance with SOX, Gxp and other regulatory frameworks. If you circumvent the controls and checks in the SAP software, and the FDA (for example) catch you, you might suddenly find your US market is closed...

In 17 years of SAP experience I can tell you that users are rarely allowed to write their own reports, precisely for performance reasons. Even where they were, the report building software (except in COPA) was rarely flexibile enough for the endusers. Access to the data browser is extremely restricted for performance and data security reasons. Nowadays they're given Tableau or Business Objects, and they're allowed to build their own reports of that - off the backend of a BI system.

Surely the web interface would be using a specific set of access credentials and the d/b should have been locked down so that only that user could access it.

Having said all that, I think you are missing a trick to sell some more consultancy/development work.

Ah, shows how little I know about SAP. the Data Browser within this system is just like an ODBC connection and allows joins over tables, but I prefer to run Oracle SQL Developer - faster response and easier to extract - as long as you know the tables!

Its the accessing directly part that is key. If I use SAPs own tools to extract or view the data, no problem. If I hooked up an ODBC connection and even connected SAP Business Objects, directly, then there would be an issue.

If that's true, then I'd guess the Data Browser is restricted to certain users. I remember being sent on a crash course in ABAP at their facility in Feltham and was happy to see how easy report writing was - that you could let end users write their own reports.


The stuff I work with isn't as friendly as that - but I don't think in all my years of working with it that I've ever questioned the idea of accessing the tables directly. (thankfully currently ClientCo is on Oracle in the UK , but MS on one of their other instances )

True.
However with SAP, this included just viewing / extracting, I suspect this is due to potential performance issues.

But there's a bit of a difference between viewing/extracting data from the database and updating it (in terms of risk from breaking the software).


Also, since we don't know what the database is, what the agreement is, or what the client is doing, it's hard to know what this guy is on about.


...of course it will be interesting that should he choose to deliberately try to prevent them from accessing their data, he could find himself in a lot of hot water.

The difference there is the fact that they have this clearly written into their agreement. With SAP you invalidate your support contract, if you access the Netweaver database directly.

Obviously, thats if you can work out what you are looking at with its numerical / German names for the columns and tables.

People ask this question of SAP. Here's a fairly comprehensive answer: Questions to SAP Support: Is ODBC access to the... | SCN

This bit is probably most cogent:
In one sentence: "It is never - really never - recommended to grant access like this! (ODBC access)]"
Even worse, it may be an illegal act to do so, since in most countries there exist strict laws against the abuse of data. In addition, many SAP customers need to apply business regulations like SOX or BASEL II.
As a company you are responsible today for who can access what data when. And you will likely hold liable if you fail to do so.