FAQs

General Questions (4)

To create an Analytic Privilege (AP), you need the following:

– Information View (CVs)
– Type of AP that needs to be created
– Object on which restriction should be applied
– Restricted Value

Did you find this FAQ helpful?
0
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Below are the different types of Information Views that can be created in SAP HANA:

  • Attribute views – Mainly created on the master data
  • Analytical views – Mainly created on the transactional data
  • Calculation views – Combination of Attribute & Analytical views. Complex data previews are possible in CVs.

NOTE: SAP always recommends you to create and use calculation views.

Did you find this FAQ helpful?
0
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Analytic Privileges will limit the authorization of the users on a specific Information View (IV). The same IV can be assigned to multiple users with different authorizations. For eg: User A when executes the IV, he/she will only see the data related to one region, and User B is restricted to a different region.

In simple, APs are used to restrict the user authorization on specific sub-set of data.

Did you find this FAQ helpful?
0
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Here are few differences between Catalog Objects & Repository objects:

Did you find this FAQ helpful?
0
0

Leave a Reply

Your email address will not be published. Required fields are marked *

HANA Role Management (9)

Root Package access in a Repository role can’t be provided directly as other packages as the Root Package has a space in between. To provide the access, include the below statement with the required authorizations:

NOTE: It is not advised to provide access at the Root Package level, if it is a business user.

 

Did you find this FAQ helpful?
1
0

Leave a Reply

Your email address will not be published. Required fields are marked *

If you include a Catalog role in a Repository role using “Extends Role” option and try transporting the role after activating it, the privileges that were added in the Catalog role will not be effective in the Production environment, if the Catalog role is missing.

However, if the Catalog role (even with different privileges) is already available in the production environment, user will get access to those privileges.

Expert Recommendation – Don’t include any custom Catalog roles in the Repository roles. If it is a system delivered Catalog role, then it is okay to include in the Repository roles.

Did you find this FAQ helpful?
0
0

Leave a Reply

Your email address will not be published. Required fields are marked *

To work with Delivery Units, the following authorizations are required.

For creation of delivery units – REPO.MAINTAIN_DELIVERY_UNITS (system privilege)
For importing/exporting – REPO.IMPORT, REPO.EXPORT (system privileges)

These authorizations can be added in a role and assigned to the user.

Did you find this FAQ helpful?
0
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Catalog Roles in HANA can’t be transported. If you wish to transport the roles, ensure that they are created as Repository Objects. Roles in HANA DB can be transported in 2 ways:

  • Delivery Unit (referred as DUs)
  • HCLM (HANA Content Life Cycle Management) – SolMan and HANA CLM to be configured (Also, referred as CTS+)

To create a delivery unit (be in the modeller perspective)

1. From the right Quick view (links) section, choose Delivery Unit.
2. Select the system/user using which you wish to create the DU.
3. Click Create and give a name (you can fill all the other fields as per your project requirement)
4. Add the package(s)
5. Click Finish

Once the delivery unit (DU) is created, Export the same using Export option in the Quick view links or from the File menu  -> Export.

Did you find this FAQ helpful?
0
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Security Administrators in HANA need the following privileges along with the other BASIC (common) privileges:

System privilege: ROLE ADMIN, USER ADMIN (Gives authorization to create/maintain Roles, and Users)
Catalog analytic privilege: “_SYS_BI_CP_ALL”; (Gives authorization to all the Analytic Privileges)
catalog sql object “PUBLIC”.”GRANT_ACTIVATED_ROLE” with EXECUTE authorization (Gives authorization to assign Repository role to users from SQL Execute Window)
catalog sql object “PUBLIC”.”REVOKE_ACTIVATED_ROLE” with EXECUTE authorization (Gives authorization to revoke access to a Repository role from the users using SQL Execute Window)

Incase if the Security admin needs to assign Analytic privileges as well, then the GRANT_ACTIVATED_ANALYTIC_PRIVILEGE, and REVOKE_ACTIVATED_ANALYTIC_PRIVILEGE authorizations should also be assigned.

It is also recommended to add these privileges in a role and assign it to the Security Administrator.

Did you find this FAQ helpful?
0
0
  • Manpreet Brara says:
    Your comment is awaiting moderation.

    Very well explained

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    To create roles in design time, you need to have a project created under the project explorer. Note that the Administration perspective will allow you to create Roles as Catalog Objects (also called as Run-time roles). The run-time roles are owned by the author of the role. However, the Repository Role (Design time) are owned by _SYS_REPO when activated.

    To create the design-time roles, you need to be in the HANA Development perspective. From the HANA development perspective:

    1. Create a workspace
    2. Create a project
    3. Share the project with the team
    4. Create new folder under the project and start creating roles.
    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    In HANA, it is always recommended to assign roles than privileges as the roles are:

    • Reusable objects (can be assigned as and when required)
    • Easy assignment/removal
    • The design time roles are owned by the user _SYS_REPO and can be assigned to users using the standard CALL procedure.

     

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    SAP HANA has 5 types of privileges:

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Below are common privileges that are required for every user:

    SYS_BIC (Object Privilege)
    SYS_BI (Object Privilege)
    PUBLIC (Role)
    REPOSITORY_REST (Object Privilege)

    In addition the Analytic privilege – SYS_BI_CP_ALL can be assigned to users – only if the user is an admin or a developer user.

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    HANA User Management (7)

    After activating the design-time role definition, you can grant the resulting run-time role object to application developers, for example, by executing the _SYS_REPO procedure GRANT_ACTIVATED_ROLE. The call requires the parameters: ROLENAME (the name of the run-time role object you want to assign) and USERNAME (the name of the user to whom you want to assign the new run-time role). Below is the syntax:

    call “_SYS_REPO”.“GRANT_ACTIVATED_ROLE”(‘Role name’,’User Name’);

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    When you delete the user all the objects that are created/maintained by the user will be deleted automatically, which includes the assignments made by the user for the objects that are owned by him/her.

    However, this is not true with the “Repository Objects” as the Repository objects are owned by the user _SYS_REPO. Since _SYS_REPO is a database (system) user, it cant be deleted and the objects that are owned by this user can’t be deleted any-time.

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

     

    While deleting the user ID in SAP HANA, it will prompt with two options as below:

    The Restrict option will stop deleting the user if there are any depended objects available in the system. For eg: Roles created by the user, Tables, Information Views etc., Since deleting users will make these objects unusable, it is very important to take utmost care while deleting the user.

    Cascade option will delete the user, along with the objects that are owned by the user, including the assignments made by him.

    NOTE: Hence, it is always recommended to deactivate the user ID instead of deleting him

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Quite a most common question. Isn’t it? We would be wondering what are the privileges that a business user need in SAP HANA.

    Business Users should be present in HANA as “Restricted Users” who would be using various reporting solutions like SAP Lumira, Advanced analysis Office, Qlik Sense, Qlik View etc.,

    Business user doesn’t need any “system privileges” or “Root package privileges” in SAP HANA. These privileges are only for database administrators, modelers and data administrators.

    Business user needs SELECT authorization on _SYS_BI and _SYS_BIC schemas.

    Incase if the Business users want to publish data sets from SAP Lumira or other similar solution, then EXECUTE privilege on “REPOSITORY_REST” is required.

    Additionally, corresponding IV, and Analytic privilges along with REPO.READ authorization to the respective package should be assigned.

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Regular user are the Database users who login to HANA DB using HANA Studio  (or) Web IDE. Wherein, a restricted user logs in to the HANA system only thru the Reporting tool/component. Restricted users can be your business users who just execute some of the information views to see the output.

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    The PUBLIC role contains privileges for filtered read-only access to the system views. Only objects for which the users have access rights are visible. By default, this role is granted to every user, except restricted users

    Did you find this FAQ helpful?
    0
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    In HANA, privileges can be assigned manually to the users. However, assigning privileges individually is not a recommended approach either by SAP or the industry experts, due to the complex maintenance of the privileges. The alternative and best approach to assign privileges to roles and assign them to users.

    Did you find this FAQ helpful?
    1
    0

    Leave a Reply

    Your email address will not be published. Required fields are marked *