Hi ,
Here in this blog I am trying to explain HANA Authorization concepts with an example that might be helpful to those who started learning HANA as like me .
If you alike to learn more on the topic please refer HANA security guide or Developer guide .
When a user accesses the SAP HANA database using a client interface (for example, ODBC, JDBC, or HTTP), his or her ability to perform database operations on database objects is determined by the privileges that he or she has been granted.All the privileges granted directly or indirectly (through roles) to a user are combined. This means that whenever a user tries to access an object, the system performs an authorization check on the user, the user's roles, and directly granted privileges.
Several Privilege types are used in SAP HANA
1. System Privilege
System privileges control general system activities, are mainly used to authorize users to perform administrative actions,
Including:
- Creating schemas
- Managing users
- Performing data backups
2. Object Privilege
Object privileges are used to allow access to and modification of database objects, such as tables and views.
3. Package Privilege
Authorizations assigned to a repository package are implicitly assigned to the design-time objects in the package as well as to all sub-packages. Users are only allowed to maintain objects in a repository package if they have the necessary privileges for the package in which they want to perform an operation.
4. Analytic Privilege
Analytic privileges are used to grant different users access to different portions of data in the same view depending on their business role.
5. Application Privilege
In SAP HANA Extended Application Services (SAP HANA XS), application privileges define the authorization level required for access to an SAP HANA XS application.
1. Right click on the Users menu and select “New User”
2. Name the User “USER1” & Maintain password
3. Execute
4. Login to the HANA System using the new user
5. Try to execute a SELECT on table in a Catalog
6.Create Role with appropriate privilege to execute the SELECT and Assign to USER1
7. Enter the container (Your Project folder) and Role name
8. Enter the package name and object privilege as shown below
9. Activate
10 . Check the created role in the system view
11. Grant the role created to the user USER1
12 . Execute the SELECT operation
13. Check if user has access to “CONTENT” Folder
14. Assign the appropriate privilege to the Role already created and Activate
15. Check to open the content folder
16. Add Package privilege to the role created
17. Check the Content folder
18. Try to Create a Schema
19. Provide System privilege “CREATE SCHEMA” to the role
20. Execute SQL console for Creating the schema
21. Try to access an application on top of XS
22. Provide application privilege to the role
24. Login to the application after obtaining the application privilege