Hi ,


Here in this blog I am trying to explain HANA Authorization concepts with an example that might be helpful to those who started learning HANA as like me .

If you alike to learn more on the topic please refer HANA security guide or Developer guide .


When a user accesses the SAP HANA database using a client interface (for example, ODBC, JDBC, or HTTP), his or her ability to perform database operations on database objects is determined by the privileges that he or she has been granted.All the privileges granted directly or indirectly (through roles) to a user are combined. This means that whenever a user tries to access an object, the system performs an authorization check on the user, the user’s roles, and directly granted privileges.



Several Privilege types are used in SAP HANA


1. System Privilege

System privileges control general system activities, are mainly used to authorize users to perform administrative actions,

Including:

  • Creating schemas
  • Managing users
  • Performing data backups

2. Object Privilege

Object privileges are used to allow access to and modification of database objects, such as tables and views.

3. Package Privilege

Authorizations assigned to a repository package are implicitly assigned to the design-time objects in the package as well as to all sub-packages. Users are only allowed to maintain objects in a repository package if they have the necessary privileges for the package in which they want to perform an operation.


4. Analytic Privilege

Analytic privileges are used to grant different users access to different portions of data in the same view depending on their business role.

5. Application Privilege

In SAP HANA Extended Application Services (SAP HANA XS), application privileges define the authorization level required for access to an SAP HANA XS application.



1.    Right click on the Users menu and select “New User”



/wp-content/uploads/2014/09/1_551283.jpg


2. Name the User “USER1”  & Maintain password


/wp-content/uploads/2014/09/2_551685.jpg


3.  Execute

/wp-content/uploads/2014/09/3_551686.jpg

4.  Login to the HANA System using the new user

/wp-content/uploads/2014/09/4_551692.jpg


5. Try to execute a SELECT on table in a Catalog

/wp-content/uploads/2014/09/5_551690.jpg

6.Create Role with appropriate privilege to execute the SELECT and Assign to USER1

/wp-content/uploads/2014/09/6_551423.jpg


7. Enter the container (Your Project folder) and Role name


/wp-content/uploads/2014/09/7_551697.jpg

8. Enter the package name and object privilege as shown below


/wp-content/uploads/2014/09/8_551425.jpg


9. Activate


/wp-content/uploads/2014/09/9_551426.jpg




10 . Check the created role in the system view


/wp-content/uploads/2014/09/10_551427.jpg




11. Grant the role created to the user USER1



/wp-content/uploads/2014/09/11_551712.jpg






12 . Execute the SELECT operation

/wp-content/uploads/2014/09/12_551711.jpg






13. Check if user has access to “CONTENT” Folder



/wp-content/uploads/2014/09/13_551434.jpg



14. Assign the appropriate privilege to the Role already created and Activate




/wp-content/uploads/2014/09/14_551438.jpg



15.  Check to open the content folder


/wp-content/uploads/2014/09/15_551439.jpg



16. Add Package privilege to the role created



/wp-content/uploads/2014/09/16_551471.jpg


17.  Check the Content folder



/wp-content/uploads/2014/09/17_551472.jpg




18. Try to Create a Schema



/wp-content/uploads/2014/09/18_551473.jpg



19. Provide System privilege “CREATE SCHEMA” to the role


/wp-content/uploads/2014/09/19_551474.jpg


20. Execute SQL console for Creating the schema

/wp-content/uploads/2014/09/20_551475.jpg






21. Try to access an application on top of XS


/wp-content/uploads/2014/09/21_551476.jpg



22.JPG




22. Provide application privilege to the role

/wp-content/uploads/2014/09/23_551481.jpg

24. Login to the application after obtaining the application privilege

/wp-content/uploads/2014/09/24_551482.jpg

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply