Skip to Content
Author's profile photo Former Member

SAP HANA Security Quick Reference

Recently, I was given a task to advise HANA roles based on requirements given by my colleague and senior David Vitali

This was an opportunity to read and learn about HANA security while completing this task. However, soon I found that I would need to read several guides to fulfil the requirements and learn about different type of security privileges and roles. So, I decided to gather the information from different guides and put it into one quick reference (or cheat sheet). I can now quickly refer to document whenever I need to understand, create, update or review security for roles and users. I have also found that some of privileges available in our current system (i.e. SP06 Rev64) are missing from guides which are written for SP06. For example: DEVELOPMENT  privilege is not mentioned anywhere in guides.

Please do comment or suggest the updates if I am missing them. I will add them to quick reference. If possible, please do suggest roles for various purposes. Hopefully, I will keep getting such exposure and share.

EDITED on 17/10/2013: Added SQL syntax for inbuilt _sys_repo procedures. I have been using them for granting access and used once for revoke. Good for granting multiple privilege in one go.

Disclaimer:

This document has been prepared solely for information purposes for the use of the recipient and without any commitment or responsibility on my (Angad Singh) part.

Assigned Tags

      13 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Nice Document.

      Regards,

      Sushant

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Sushant,

      Thanks for your comment. Please do share more here so that I can keep adding stuff to file.

      Regards

      Angad

      Author's profile photo Martin English
      Martin English

      thanks for this,

      My team and I will be taking over maintenance / support of a HANA system before the end of the year and this will be very useful.

      Perhaps one of Mahesh Kumar CV, Bill Ramos, or Alvaro Tejada Galindo may be able to see if a similar table can be included in future releases of the SAP_HANA_Security_Guide_xx.pdf

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Martin,

      Thanks for reading and comment.

      Looking forward to future releases of security guide.

      Regards

      Angad

      Author's profile photo Former Member
      Former Member

      Nice Doc..Thanks for Sharing  🙂

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Naveen,

      Thanks for reading and comment.

      Regards

      Anagd

      Author's profile photo Stevanic Artana
      Stevanic Artana

      Good job in putting together those information. Looking forward to see more stuff.

      Author's profile photo Sinead Higgins
      Sinead Higgins

      Hi,

      I am curious about the DEVELOPER privilege you say is missing in the documentation. To my knowledge there is no such single privilege. However, the Developer Guide provides information about which privileges a developer actually needs. In particular the section "11.3.3 Custom Development Role" might be useful.

      Hope this helps.

      Regards

      Sinead (HANA documentation)

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Sinead,

      I am sorry I mistyped the privilege name. It is "DEVELOPMENT" system privilege. We are on Rev67. I am curious to know what does this privilege do?

      I understand there is information in developer guide about required developer privileges and that's how we designed the roles for development.

      Regards

      Angad

      Author's profile photo Sinead Higgins
      Sinead Higgins

      Hi Angad,

      You are right, there is a system privilege DEVELOPMENT that can be granted in the SAP HANA studio. I have found out now that this is a privilege for internal SAP use only. It should not be granted or even available for granting! This has now been reported as a bug. So please ignore it until it disppears.

      Thanks and regards,

      Sinead

      Author's profile photo Former Member
      Former Member

      Hello Angag,

      Thank you for sharing the fruit of your work with the community. I personally came across the same challenge, not finding a quick reference to Hana security information. I collected also the following that I found useful for a better understanding of analytical privileges :

      ANALYTICAL PRIVILEGES (on data => on a row level, not mandatory)

      - On a analytical views

      - Not on SQL table or SQL views, not on calculation or aggregation attributes

      - Can restrict on certain values or combinations of values, range and IN-list (no value defined means no restriction or wild-card)

      - Privileges can be dynamic (filter by a stored procedure; ea. on user characteristic)

      - Privileges can be credited to a role (in a *.hdbrole by the variable " analytic privilege: " )

      - Evaluated during query processing.

      Feel free to use it if needed.

      Cheers,

      Robin

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Thanks Robin.

      You have provided useful information.

      Regards

      Angad

      Author's profile photo Former Member
      Former Member

      Hi, I could not see the attached document, can you please let me know. Thank you.