Hello All,

In this blog would like to mention about administrating HCP HANA productive Database instance & following are the requirements which could be required while developing database tables & other development objects where many developers involved in the HCP account.

Agenda:

->Providing access to certain development HANA packages to users in the same account.

->Providing access to certain HANA schema to users in the same account.

Prerequisites:

->Should have productive HCP account.

->Should have productive HANA XS DB instance.

->Should have administrative access under members tab in HCP cockpit.

Here HCP cockpit will have one global account with many shared account & only administrator can create new shared account, also it is advisable to use dedicated data base instance for each shared account & assigning members for each shared accounts. This blog will be helpful if one shared account with many members with developers role are involved then restricting further access to specified resources(Like Tables/Schema/ HANA Repository Packages etc.,),

HCP Global Account:

GlobalAccount.png

HCP Shared Account(Here only shared account is created)

SharedAccount.png

Let us see step by step procedures to achieve the agenda,

Step 1:

-> Create DB user with administrator access. (You follow with help document SAP HANA Cloud Platform).

-> Once it has been created now you will be able to access the SAP HANA web Based development workbench under the Databases & Schema -> Choose the relevant Database as shown below (You should use DB user & password to login)

DbInstance.png

-> Please make sure that you are using the correct user & password while logging every time as this is the administrative user for your entire DB & make sure that the following role is applied under security tab of Development workbench.

SecutiryTab.png

-> Check the roles under Granted Roles Tab for the created user.

UsersRoles.png

Step 2:(Creating DB users with developer access)

-> First will assign members to HCP cockpit under members tab with developer role,

MembersCreation.png

-> Then using DB administrator user will create new DB user under security tab,

NewUser.png

-> Creating initial password for the new user,

NewUserPassword.png

-> Now with new user & password(initial password, reset might required for the first time login) developer now can login to web Based development workbench from the cockpit.

Step 3:(Granting roles to Schema)

-> First will assign the necessary developer role for the newly created DB developer user, here the developer should not create any new DB user or change any DB user, only he can create/Modify DB tables to assigned schema. For this will assign only catalog developer role(sap.hana.ide.roles::CatalogDeveloper)

under granted role tab.

CatalogueDevRole.png

-> Then will assign the necessary schema under the “Object Privileges” tab, by default schema with own user name will be assigned then we can add any SQL objects using “Add” icon.

SqlObjects.png

-> Then the required privileges can be assigned in the details section of the particular object, here we can choose the necessary actions that user can perform for the selected SQL object.(Here in this example it provides all the actions)

SelectPrivilages.png

-> The available SQL objects will be listed in a popup once “Add” icon is pressed, then we c an choose the necessary schema or any other SQL objects from the list.

SqlObjectsList.png

-> With this setup the newly created user will be able to view only the assigned objects under catalog  tab & can do the assigned actions in the development workbench & also the same user will not be able create any new schema rather he/she can only do any developments under the assigned schema & following error message will be show if the user try to create new schema.

SchemaError.png

Step 4:(Granting roles to Packages)

-> First will assign the necessary developer role for the newly created DB developer user, here the developer should not create any new DB user or change any DB user, only he can create/Modify HANA native objects (HANA XS/Calculation Views) to assigned repository package. For this will assign only editor developer role(sap.hana.ide.roles::EditorDeveloper) under granted role tab.

EditorDevRole.png

-> Then will assign the necessary schema under the “Package Privileges” tab, we can add any HANA repository packages/ or sub packages using “Add” icon.

PackagePriv.png

-> Then the required privileges can be assigned in the details section of the particular object, here we can choose the necessary actions that user can perform for the selected HANA package.(Here in this example it provides all the actions)

PackagePrivSel.png

-> The available HANA packages will be listed in a popup once “Add” icon is pressed, then we can choose the necessary packages or sub packages from the list.

PackagePrivSelFind.png

-> With this setup the newly created user will be able to view only the assigned objects under editor tab & can do the assigned actions in the development workbench & also the same user will not be able create any new packages at root level rather he/she can only do any developments under the assigned package & following error message will be show if the user try to create new package & root level.

PackagePrivSelError.png

Similarly administrator can use various tabs under the security to assign various privileges/roles to users.

PriTabs.png

With those steps we can administrate different users by assigning roles & privileges.

Please follow the help document for further details SAP HANA Cloud Platform.

Thanks,

Rumeshbabu S

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply