/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
When trying to perform a query in a system table following error is thrown "Malicious SQL query detected! " and an alert message appears informing that "The SQL query has forbidden statement for this type of action! ".
Environment
SAP SALES CLOUD CPQ
Reproducing the Issue
- Log into CPQ
- Open Script Workbench
- Run a Query in a system table, for example SqlHelper.GetFirst("SELECT TOP 1 name FROM sys.tables WHERE name = {Table Name})
- Error is thrown "Malicious SQL query detected! " and an alert message appears informing that "The SQL query has forbidden statement for this type of action! ".
Cause
Expected Behavior.
Resolution
- From CPQ-2602 onward, System tables are treated as Sensitive data
- Access to the sys view (sys.tables, sys.column ...) is forbidden due to security reasons
- Implementation should be changed and Custom Tables should be used instead of System Tables
- In case an extension is required, due to impact on implementation, CPQ Developers require:
- Detailed use case
- List of Tables in use
- Estimated time that is needed to migrate from System Tables to Custom Tables.
See Also
Keywords
System Table, System View, Internal Table, sys view, Custom Table, Table, CPQ , KBA , CEC-SAL-CPQ , Sales Cloud CPQ , Bug Filed
Product
SAP CPQ 2024
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)