HANA Privileges

Home/FAQ/HANA Privileges

What are the common authorizations that needs to be assigned to every user?

Below are the common authorizations that are required by every user:

  • SYS_BIC (Object Privilege) with SELECT
  • SYS_BI (Object Privilege) with SELECT
  • PUBLIC (Role) ** Only required, if the user has to login to HANA through HANA Studio, or Web IDE.
  • REPOSITORY_REST (Object Privilege)

** SYS_BI_CP_ALL (only if the user is an admin or a developer) – This privilege gives authorization to all the classical Analytic Privileges.

Why should we not assign the Public role to the restricted user?

Because, public will give authorization to view all the catalog objects. Since a restricted user shouldn’t view them thru any means, we don’t assign this authorization.

Why do we need Analytic Privileges?

Analytic Privileges will limit the authorization of the users on a specific Information View (IV). The same IV can be assigned to multiple users with different authorizations. For eg: User A when executes the IV, he/she will only see the data related to one region, and User B is restricted to a different region.

In simple, Analytic Privileges are used to restrict the user authorization on specific sub-set of data.

What are the basic requirements to create an Analytic Privilege?

To create an Analytic Privilege, you need:

  • Information View (CVs)
  • Type of AP that needs to be created
  • Object (Attribute) on which restriction should be applied
  • Restricted Value

What are the different types of Analytic Privileges?

Conceptually there are 3 types:

  1. SQL Based
  2. Classic AP
  3. Dynamic APs (Stored procedure) which assigns authorization to either SQL or classic AP. Hence it is not considered as a type of AP.

Technically, there are only 2, SQL Based, and Classic (XML)

NOTE: On a particular IV, you can either have SQL based or XML based APs. Information view can’t have both the APs.

error: Content is protected !!