Skip to Content

Hi Everyone,

In this document, i will tell you about the USERS  and ROLES available in SAP HANA by default

Lets start with OS Level Users available in HANA :

In SAP HANA, two OS Users are available :

1. root – superuser in any Unix/Linux based system

2. [SID]adm – here SID stands for System ID

Suppose if our System has ID as RC5 then our user will be RC5adm

Both these users are protected using SLES Authentication method( PAM ) and hashed passwords.

Here SLES stands for Suse Linux Enterprise Server and PAM stands for Pluggable Authentication Modules.

To know more about these visit : http://wiki.novell.com/index.php/SUSE_Manager/Authentication

OS authenticaion allows HANA to pass control of user authentication to the Operating System.

When we try to connect to our HANA server we pass the OS Username and password and if the OS Username is recognized and the OS Username and password are correct, we are able to connect to the HANA database Server otherwise the connection is rejected.

It is recommended to disable direct root access and use sudo command for root level access

sudo command allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers file.

sudo determines who is an authorized user by referring to the /etc/sudoers file.

To learn more about Linux and its commands visit http://www.linux.org/ or  http://linux.about.com/

[SID]adm user has rwx permissions to Grouped and Owned 

rwx – stands for read write and execute

It has ownership and group membership on file systems, files and execution environments of :

a. SAP HANA

b. SAP Sybase Replication Server and Components

c. SAP Load Controller

d. SAP Host Agent

Groups – dba, sapsys and sapadm

OS Users password are stored in files /etc/passwd and /etc/shadow

To know more about Users and Groups visit : https://wiki.archlinux.org/index.php/Users_and_Groups

For knowing how SAP is installed using SUSE Linux, visit :  https://www.suse.com/documentation/sles_for_sap/singlehtml/sles_for_sap_guide/sles_for_sap_guide.html

To know more about SAP on SUSE Linux visit : http://www.novell.com/docrep/2011/04/sap_on_sles11_simple_stack.pdf

Now lets move on to Users available in Sybase Replication Server :

1. sa – Superuser for Replication Server and Replication Agent

2. [RS ServerName]HANARS1_RSSD_prim – User for Replcation Server’s eRSSD

eRSSD – stands for Embedded Replication Server System Database

3. For ECDA, we have to use HANA’s Administrative User SYSTEM

ECDA – stands for Enterprise Connect Data Access

To learn more about eRSSD visit :

http://www.sybase.in/sb_content/1027266/ERSSD_wp.pdf or http://infocenter.sybase.com/help/topic/com.sybase.help.rs_15.0.whatsnew/pdf/whatsnew.pdf

to learn more about ECDA visit :

http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc32753.1550/pdf/rso_overview.pdf

For SAP HANA Load Controller and SAP HANA Host Agent, we need access to :

[SID]adm User – it acts both as a OS User and Application Administrative User

SAP Host Agent handles the login authentication between source system and target system.

SAP Load Controller starts the initial load of source system data to the SAP HANA database in SAP HANA, and communicates with the Sybase Replication Server to coordinate the start of the delta replication.

To learn more about SPA HANA Load Controller visit : http://help.sap.com/businessobject/product_guides/HAN01SP4/en/hana_sps4_master_en.pdf

Now lets move on to Users available in SAP HANA Studio :

SYSTEM – superuser or Administrator of SAP HANA

It has access to all privileges present in SAP HANA.

It is used to create Users for specific tasks such as :

a. System Administrative tasks( e.g.: operate and maintain the ICE and users using HANA Studio )

b. Modeling tasks( e.g.: Create Models and reports using HANA Studio )

c. End User Tasks ( e.g.: Consuming reports using Client tools like Excel )

d. Power User Tasks( e.g.: Need to work on few Administrative and few Modeling tasks )

e. Replication Tasks( e.g.: to perform Data Replication from Source ERP System to HANA System )

Finally lets move onto  Roles available in SAP HANA :

First let me explain what is role?

A Role is nothing but a collection of privileges.

Role can be either assigned to a User or to another Role.

They are reusable objects.

What is Privilege?

A privilege is used to impose restrictions on operations( such as INSERT, SELECT, DELETE ) carried out on certain objects( such as TABLE, VIEWS, SCHEMA )

Following are the predelivered roles available in SAP HANA Studio :

1. PUBLIC – This role has the minimum privileges required to work with a database and this role is granted implicitly whenever a user is granted

2. MODELER : This role has a lots of privileges and it enables a user to :

a. Create and activate Information Models

b. Create and activate Analytic Privileges

3. MONITORING : This role has full read only access to all metadata, monitoring and statistics.

4. CONTENT_ADMIN : This role has most vital privileges. It has :

a. SQL Privileges on Schema _SYS_BIC with GRANT OPTION

b. SQL Privileges on Schema _SYS_BI with GRANT OPTION

To learn more about HANA User Administration, please visit : http://help.sap.com/hana/hana_admin_en.pdf

There are couple of predefined roles for Information Composer also :

But first let me tell you what is SAP HANA Information Composer?

SAP HANA Information Composer is a Web application that allows you to upload and manipulate data on the SAP HANA database.

It uses the SAP NetWeaver Core Engine for Partners 1.0 (LJS 1.0), which interacts with the SAP HANA database.

The LJS 1.0 communicates with the SAP HANA Information Composer client via HTTP or  HTTPS. The following ports are used by default:

HTTP port 8080

HTTPS port 8443

If HTTPS is used, the SSL certification must be configured by the administrator.

LJS – stands for Lean Java Server( the actual Server in Netweaver Cloud )


Available roles for Information Composer are :

5. IC_PUBLIC : This role allows a User to see the shared physical tables and calculation views.     

6. IC_MODELER : This role allows a User to upload new content in the SAP HANA Databse and to create physical tables and calculation views.

To learn more about Information Composer visit : http://help.sap.com/hana/H1_SP3_info_comp_en.pdf

Thanks for reading my document.

This is my first document so any feedback will be appreciated by me.

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply