Creating an SAP HANA user with just enough rights to use SAP Lumira
I was digging through the SAP Lumira and SAP HANA documentation and found in the SAP HANA Modeling Guide a list of required permissions in section 3.1 for granting permissions for HANA Analytic Views. The problem is that the permissions defined were for both accessing the data associated with an Analytic View and being able to model views as well. In my case, I wanted to create a HANA user that could only access the data using Lumira. With some help from Lars Breddemann, I came up with the following SQL based solution in HANA Studio for creating the user login and granting access to run Analytic Views for use with Lumira. Here is the code that creates a LUMIRA user, grants SELECT rights to the HANA database schemas that contain the tables and then grants rights to view and execute the Analytic Views. You just need to tweak the script to meet your needs and run it in SAP HANA Studio’s SQL Console window.
— Create the low priviledged user for Lumira
CREATE USER LUMIRA PASSWORD Hana1234;
— Grant SELECT permissions on the SCHEMAs where the
— data resides for your Analytic Views. In this example, the WIKIDATA schema is
— where the main tables reside.
GRANT SELECT ON SCHEMA “WIKIDATA” TO LUMIRA;
— These are the schemas where there are modeling specific tables. In my case
— the _SYS_BI schema has a time dimension table I used for my star schema.
GRANT SELECT ON SCHEMA “_SYS_BI” TO LUMIRA;
GRANT SELECT ON SCHEMA “_SYS_BIC” TO LUMIRA;
— Grant remaining rights needed to view and execute
— Analytic Packages
GRANT EXECUTE ON “SYS”.”REPOSITORY_REST” TO LUMIRA;
— Check to see that the permissions were set correctly
SELECT * FROM “SYS”.”GRANTED_PRIVILEGES” WHERE GRANTEE = ‘LUMIRA’;
To see how I used this user account to analyze Wikipedia data that I processed with Hadoop on AWS and with HANA One, check out my recent blog post “Analyzing Wikipedia Data with SAP Lumira“