Actions

SAP HANA Security Quick Reference

October 13, 2013 | 27 Views |
 hanahana privilegeshana securityIn-Memory Computingmodeling views
Follow

Recently, I was given a task to advise HANA roles based on requirements given by my colleague and senior David Vitali

This was an opportunity to read and learn about HANA security while completing this task. However, soon I found that I would need to read several guides to fulfil the requirements and learn about different type of security privileges and roles. So, I decided to gather the information from different guides and put it into one quick reference (or cheat sheet). I can now quickly refer to document whenever I need to understand, create, update or review security for roles and users. I have also found that some of privileges available in our current system (i.e. SP06 Rev64) are missing from guides which are written for SP06. For example: DEVELOPMENT  privilege is not mentioned anywhere in guides.

Please do comment or suggest the updates if I am missing them. I will add them to quick reference. If possible, please do suggest roles for various purposes. Hopefully, I will keep getting such exposure and share.

EDITED on 17/10/2013: Added SQL syntax for inbuilt _sys_repo procedures. I have been using them for granting access and used once for revoke. Good for granting multiple privilege in one go.

Disclaimer:

This document has been prepared solely for information purposes for the use of the recipient and without any commitment or responsibility on my (Angad Singh) part.

To report this post you need to login first.

13 Comments

You must be Logged on to comment or reply to a post.

  5. Sinead Higgins

    Hi,

    I am curious about the DEVELOPER privilege you say is missing in the documentation. To my knowledge there is no such single privilege. However, the Developer Guide provides information about which privileges a developer actually needs. In particular the section “11.3.3 Custom Development Role” might be useful.

    Hope this helps.

    Regards

    Sinead (HANA documentation)

    (0) 
    1. Angad Singh Post author

      Hi Sinead,

      I am sorry I mistyped the privilege name. It is “DEVELOPMENT” system privilege. We are on Rev67. I am curious to know what does this privilege do?

      I understand there is information in developer guide about required developer privileges and that’s how we designed the roles for development.

      Regards

      Angad

      (0) 
      1. Sinead Higgins

        Hi Angad,

        You are right, there is a system privilege DEVELOPMENT that can be granted in the SAP HANA studio. I have found out now that this is a privilege for internal SAP use only. It should not be granted or even available for granting! This has now been reported as a bug. So please ignore it until it disppears.

        Thanks and regards,

        Sinead

        (0) 
  6. ROBIN DIDIER NIEL

    Hello Angag,

    Thank you for sharing the fruit of your work with the community. I personally came across the same challenge, not finding a quick reference to Hana security information. I collected also the following that I found useful for a better understanding of analytical privileges :

    ANALYTICAL PRIVILEGES (on data => on a row level, not mandatory)

    – On a analytical views

    – Not on SQL table or SQL views, not on calculation or aggregation attributes

    – Can restrict on certain values or combinations of values, range and IN-list (no value defined means no restriction or wild-card)

    – Privileges can be dynamic (filter by a stored procedure; ea. on user characteristic)

    – Privileges can be credited to a role (in a *.hdbrole by the variable ” analytic privilege: ” )

    – Evaluated during query processing.

    Feel free to use it if needed.

    Cheers,

    Robin

    (0) 

Leave a Reply