In a previous blog, Managing User Authorizations in SAP HANA Smart Data Streaming SPS 10, we talked about how to work with Streaming permissions and roles through the streamingclusteradmin utility. As of SP 12, you can also manage Streaming permissions directly through the SAP HANA cockpit.
First, a quick recap:
- A permission consists of four parts: privilege, privilege type, resource type, and resource name. The first three are mandatory; the resource name is optional.
- You can group permissions together to make roles, and then grant roles directly to users, instead of granting each user individual permissions.
- During install, Streaming creates a preconfigured user called SYS_STREAMING, and HANA creates a user called SYSTEM. SYS_STREAMING has admin permissions in Streaming; SYSTEM has admin permissions in HANA, which includes Streaming. You can use either of these users to set up your first-time authorizations.
In the HANA cockpit, there’s now a Streaming Permissions tile, where you can add users, set their permissions and roles, and also create, edit, and remove roles directly.
Here are some typical roles or users you might create, and the permissions you might grant them.
You could grant an admin user permission to do everything on everything:
A streaming application developer will probably need access to a specific workspace. The two permissions below give him the ability to do anything with projects in the FreezerMonitoring workspace (create, edit, start, stop), and have full control over dataservices in that same workspace:
You might also have someone that just keeps an eye on projects, or just goes in to review them. In that case, you might not want to let that user edit any of the content. Instead, you could just give them read and view permissions on a workspace:
Keep an eye out for a video recap of the Streaming Permissions tile in the HANA cockpit, which will include a quick tutorial for setting permissions and creating roles.
Take a look at the documentation for Managing Streaming Permissions for more information.