SAP HANA 2.0 SPS 01: New Developer Features
Wednesday, April 12th SAP has begun to ship SAP HANA 2.0 SPS 01. If you would like to learn more about all the new features in SAP HANA 2.0 broadly, you can refer to the following blog post:
https://blogs.saphana.com/2017/04/12/whats-new-sap-hana-2-0-sps-01/
In this blog, we would like to point out some of the highlights of the new features for developers who use the SAP HANA native application development capabilities. It should be noted that most of the major architectural changes in the development topic area were recently introduced in SAP HANA 1.0 SPS 11. This is when we first shipped the SAP HANA extended application services, advanced model (XSA), SAP HANA deployment infrastructure (HDI), and the SAP Web IDE for SAP HANA. If you are new to these topics in general, you might first want to review the what’s new details from SPS 11, SPS 12, HANA 2.0 SPS 0 and the openSAP course on this topic.
https://open.sap.com/courses/hana5/
We will also be hosting a webinar for the What’s New Developer topic:
| April 18 | What’s New – SAP HANA Native Application Development | Tom Slee, Volker Saggau, Tae Suk Son, Lucas Kiesow, Rich Heilman, Thomas Jung | 7 a.m. PST 10 a.m. EST 4 p.m. CET |
60 | Download |
We have also updated the exercises from the latest openSAP course to include a version that showcases how to build the same using HANA 2.0 SPS 01:
https://github.com/SAP/com.sap.openSAP.hana5.example/tree/hana2_sps01
Also the HANA Express version has now been updated to HANA 2.0 SPS 01 as well: https://blogs.sap.com/2017/04/20/sap-hana-express-edition-2.0-sps-01-now-available-to-download./
Database Development
In order to keep this blog from being too large, Rich Heilman posted about the database development features in a separate blog here: https://blogs.sap.com/2017/04/18/sap-hana-2.0-sps-01-new-developer-features-database-development/
SAP HANA Extended Application Services, Advanced Model
One of the biggest changes to the SAP HANA architecture was the introduction of XS advanced in SPS 11. SAP HANA extended application services in SPS 11 represents an evolution of the application server architecture building upon the previous strengths while expanding the technical scope. While I don’t want to repeat all the architectural features which came with XS advanced in SPS 11, you can review them in this blog: SAP HANA SPS 11: New Developer Features; XS Advanced
With HANA 2.0 SPS 01 we continue to round out the general feature set of XS Advanced; filling in one of the major remaining features from the XS Classic environment while also improving support for audit logging and multi-tenancy.
A few of the various new and enhanced features are:
Java Spring Boot Support
Spring is a popular open source application framework for Java. In particular it is focused on web applications in the Java EE space. This addition ensures that Spring Boot is usable from both the Java runtime in XSA but also is added as an option in the Java module wizard in the SAP Web IDE for SAP HANA.
This addition broadens the offering of Java EE applications and makes it easier to port existing Spring based Java applications to XSA.
Parallel Deployment of Apps
As a performance feature we will now support parallel deployment of applications within the deploy service.
This will improve performance in situations which rely upon a large number of deployments: for example new system installation or system upgrade times.
Fiori Launchpad
One of the few remaining feature gaps to XS classic, was the absence of ability to easily create Fiori Launchpad applications in XSA. With HANA 2.0 SPS 01, SAP fills this gaps with a full featured implementation of the Fiori Launchpad based in XSA’s micro-service approach and integrated with the SAP Web IDE for SAP HANA. For more details on this XSA specific implementation of the Fiori Launchpad please refer to this separate blog post here: https://blogs.sap.com/2017/04/24/fiori-launchpad-in-sap-hana-2.0-sp01/
Instance Manager
Service instances, for example HDI containers, are statically bound to an application at deployment time. But multi-tenancy capable applications that leverage service instances for tenant separation (e.g. each tenant stores its data in a separate HDI container) need to create additional instances at runtime whenever a new tenant is added and they also need to connect to any one of these instances when processing a request for a specific tenant. To support this requirement, Application Managed Service Instances are made available by the new Instance Manager (Instance Broker) In HANA 2.0 SPS 01.
This is a key technology for building and delivering multi-tenant applications. This functionality supports the automated on-boarding and upgrade capabilities required in a true multi-tenant environment. This capability is delivered on premise in the XSA Runtime, but will also soon be available in the SAP Cloud Platform as well.
So normally you would create an HDI service instance and bind it your application with the following commands (or this happens automatically upon MTAR deployment/installation).
xs create-service hdi hdi-shared tenant-hdi-container
xs bind-service <app-name> tenant-hdi-containerThis works perfectly fine when you have a static, single container instance, but if start to use HDI container instances as tenants then the application needs to be restaged and restarted for each new service instance binding. This is prohibitively disruptive in a productive environment when you could be on-boarding new tenants at any time. It also requires that the application user have SpaceDeveloepr authorization if your application does the dynamic on-borading at runtime.
But with HANA 2.0 SPS 01 we now have a special Instance Manager that can perform the provisioning and dynamic binding to your application for you.
Your application, at installation type, now creates a special type of HDI service called managed-hana and bind this centrally to your application. This really gives you a connection to the Instance Manager instead.
xs create-service managed-hana hdi-shared tenant-hdi-container
xs bind-service <app-name> tenant-hdi-container
Your application now makes HTTP requests to the Instance Manager to create, delete, or get access to specific HDI container instances for a particular tenant. The following is an example written in Node.js for creating a tenant instance named my-tenant, getting access to the instance, and then deleting it.
/*eslint no-console: 0, no-shadow: 0*/
"use strict";
var http = require("http");
var port = process.env.PORT || 3000;
http.createServer(function(req, res) {
var xsenv = require("@sap/xsenv");
var createInstanceManager = require("@sap/instance-manager").create;
var options = xsenv.getServices({
hana: {
tag: "managed-hana"
}
});
console.log(JSON.stringify(options.hana) );
createInstanceManager(options.hana, function(err, instanceManager) {
if (err) {
return console.log("Create instance manager error: ", err.message);
}
instanceManager.create("my-tenant", function(err, instance) {
if (err) {
return console.log("Create error: ", err.message);
}
// consume instance.credentials
console.log(instance);
instanceManager.get("my-tenant", function(err, instance) {
if (err) {
return console.log("Get error: ", err.message);
}
// same instance
console.log(instance);
instanceManager.delete("my-tenant", function(err) {
if (err) {
return console.log("Delete error: ", err.message);
}
console.log("Instance deleted");
});
});
});
});
res.writeHead(200, {
"Content-Type": "text/plain"
});
res.end("Instance Test\n");
}).listen(port);
console.log("Server listening on port %d", port);Limitations:
Using Instance Manager also has some drawbacks:
-Apps have to trigger service instance creation on their own (there are APIs to assist)
-Managed service instances are not visible for the cloud/xsa controller yet for direct administration (but only the shared underlying service instance)
Audit Log
Central Audit logging for XSA was added in HANA 2.0 SPS 0 but the APIs for writing to the log were only available in Java modules. This addition extends the audit logging APIs to Node.js based modules as well.
Customers expect centralized audit logging capabilities for their applications and we can now provide this feature for both Java and Node.js based applications in XSA.
XSA provides both centralized Audit logging APIs but also central storage of the audit entries in the HANA database, an OData service for reading the Audit Log, and an interactive user interface for querying and displaying Audit Log entries.
The Audit Log is provided by an XSA service broker much like the UAA or HDI services.
xs create-service auditlog free <my-service-instance>Then this audit log service instance needs to be added as a resource in your project’s mta.yaml file:
Finally the resource must be bound to your application (Java or Node.js) that wishes to write Audit Log entries:
For Java modules, you would use the following steps to use the Audit Log:
- Include the Audit Log API in your Maven Project
<dependency> <groupId>com.sap.xs.auditlog</groupId> <artifactId>audit-java-client-api</artifactId> <version>0.2.0</version> <scope>provided</scope> </dependency> - Declare the resource
- If you are using Tomcat as your runtime, add a new resource in META-INF/context.xml
<?xml version='1.0' encoding='utf-8'?> <Context> <Resource name="audit" auth="Container" type="com.sap.xs.audit.api.AuditLogMessageFactory" factory="com.sap.xs.XSObjectFactory" singleton="true" /> </Context> - If you are using TomEE, then add a new resource in WEB-INF/resources.xml
<?xml version='1.0' encoding='utf-8'?> <resources> <Resource id="audit" type="com.sap.xs.audit.api.AuditLogMessageFactory" provider="xs.openejb:XS Audit Log Message Factory Provider"/> </resources>
- If you are using Tomcat as your runtime, add a new resource in META-INF/context.xml
- Access the AuditLogMessageFactory. This could be done in one of two ways:
- Via JNDI lookup
Context ctx = new InitialContext(); AuditLogMessageFactory auditlogMesageFactory = (AuditLogMessageFactory); ctx.lookup("java:comp/env/audit"); - Via Resource Injection
@Resource(name="audit") private AuditLogMessageFactory mesageFactoryInj;
- Via JNDI lookup
- Finally, the Java coding itself
ConfigurationChangeAuditMessage message = mesageFactory.createConfigurationChangeAuditMessage(); message.setUser("<user>"); message.setObjectId("logger.com.sap.xs.test"); message.addValue("severity", "error", "warn"); message.logSuccess();
Or for Node.js this example shows loading the Audit Log instance resource via the @sap/xsenv module and then using the APIs to write a log entry from within an Express handler.
/*eslint no-console: 0, no-unused-vars: 0, no-shadow: 0, quotes: 0, no-use-before-define: 0, new-cap:0 */
"use strict";
var express = require("express");
module.exports = function() {
var app = express.Router();
var xsenv = require("@sap/xsenv");
xsenv.loadEnv();
var credentials = xsenv.getServices({
auditlog: 'openSAP5-ex-log'
}).auditlog;
var auditLog = require('@sap/audit-logging')(credentials);
//Simple AuditLog Example
app.get("/example1", function(req, res) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
if (req.headers['x-forwarded-for']) {
ip = req.headers['x-forwarded-for'].split(",")[0];
} else if (req.connection && req.connection.remoteAddress) {
ip = req.connection.remoteAddress;
} else {
ip = req.ip;
}
auditLog.securityMessage('%d unsuccessful login attempts', 3).by(req.user.id).externalIP(ip).log(function(err, id) {
// Place all of the remaining logic here
if (err) {
res.type("text/plain").status(500).send("ERROR: " + err.toString());
return;
}
res.type("application/json").status(200).send(JSON.stringify('Log Entry Saved as: ' + id));
});
});
return app;
};Finally there is the central Audit Log UI provided by the XSA runtime itself that can be used to search and display the entries:
Scoped NPM Packages
Before HANA 2.0 SPS 01, the SAP provided Node.js modules were simply separated out by the fact that their names generally began with the text “SAP”. This could potentially cause conflicts with customer or other public NPM modules. This will especially become a problem once SAP launches the planned public NPM repository for SAP modules. Scoping provides a safe, enforceable namespace for NPM modules/packages.
The use of scoped packages better identifies SAP provided Node.js modules but most importantly allows for the integration of SAP modules with customer or open source specific modules. It is a key feature necessarily for the launch of the SAP owned public NPM repository.
With HANA 2.0 SPS 01, customers should switch all the references in their package.json files in their projects to the new scoped module names. Only the scoped modules will continue to be updated.
Development Tools
SAP Web IDE for SAP HANA provides a comprehensive web-based end-to-end development experience for creating SAP HANA native applications:
- Development of SAP HANA content and models
- UI development with SAPUI5
- Node.js or XSJS business code
- Git integration
Therefore it provides a complete workflow for all of your new HANA Deployment Infrastructure (HDI) and XS advanced model (XSA) based development.
SAP Web IDE for SAP HANA comprises capabilities of SAP HANA Studio and SAP HANA Web-based Development Workbench. It represents the long term replacement tool for both of these previous offerings. It consolidates technologies, follows industry trends, and leverages industry standards where possible, while retaining a competitive innovation focus of SAP’s current offering.
With SAP HANA 2.0 SPS 1, we continue to enhance and expand the capabilities of the SAP Web IDE for SAP HANA and close the few remain feature gaps compared to the old HANA studio.
Backwards Compatibility
Previously the version of the SAP Web IDE for SAP HANA had to match exactly the version of the underlying HANA database. With the HANA 2.0 SPS 01 version of SAP Web IDE for SAP HANA, we introduce the ability to target older releases of HANA for HDB modules. Upon module creation, the developer choose the lowest HANA release they want to target. Then all source code editors adjust their syntax checks and other features to enforce the development at the target older release.
This means that customers running HANA databases at 1.0 SPS 12, can now upgrade both their XSA Runtime and the SAP Web IDE for SAP HANA to HANA 2.0 SPS 01 (and later) versions and gain new features that previously were only available with a full HANA DB upgrade.
Fiori Template Enhancements
We’ve enhanced the Data Connection step of the Master/Detail modules. In SPS 01, it now allow you to connect to OData services in the current project and allows you to see all endpoints in multiple modules of your project.
mta.yaml Editor
The mta.yaml file is the core project configuration file in the SAP Web IDE for SAP HANA. Although it is based upon the open standard of YAML; we’ve received feedback from customers that both the YAML specification and the technical complexity of the mta file are difficult to understand and edit. This leads to a higher learning curve and more development errors. With SPS 01 we introduce a new form based editor in addition to the existing source code based editor for the mta.yaml file.
This new error reduces the overwhelming initial complexity of project creation and maintenance experience in SAP Web IDE for SAP HANA. It structures the flow that developers need to follow and enforces checks upon the values they provide. It also provides better overall navigation than a traditional source code based editor can provide. Overall this new editor should work to greatly reduce the barier to entry that many developers face when first working with the SAP Web IDE for SAP HANA.
Application Lifecycle Management
Product installation for XSA in SAP HANA 2.0 SPS 0 and lower is only possible via the XS command line tool. With HANA 2.0 SPS 01 we introduce a web-based user interface alternative for installing XSA products and customer owned application MTA archives.
This new UI offers more options for installation tooling as well as better administrative user experience. This also better unifies the administrative and devops user experience around web-based tooling.
Closing
With SAP HANA 1.0 SPS 11, SAP introduced a considerable change in the architecture of application development. Much of the development for the past few years has been focused on just delivering the first version of that new architecture and then only closing gaps between the old and new architecture. With SAP HANA 2.0 SPS 1, you are beginning to see that we can finally innovate based upon this new architecture. The general improvements combined with tools and programming model changes you see here are laying the foundation to allow you to build new kinds of applications easier and faster than you ever have before.
Hello, Thomas.
Thanks for the great blog.
Now I can download SAP HANA 2.0 express edition from sap.com for learning SAP HANA.
And when can I download SAP HANA 2.0 express edition SPS 01 ? It will be soon?
>And when can I download SAP HANA 2.0 express edition SPS 01 ?
Soon. The HXE team needs a few days after the final release is available to do testing and prepare the new download. I believe back in December with HANA 2.0 SPS 0, it took a little less than two weeks.
Thanks, Thomas.
I will wait.
HANA 2.0 SPS 01 Express Edition is now available for download
Thanks Ayman very much .
I'll download today.
Hello.
I have a problem when i installing Hana express edition sp 01 at VMWARE. Two applications did not start. How can i resolve that problem?
Hello
Thank you for this blog.
Great blog as usual.
Regards
Emmanuel
Hello Thomas, thanks for your great post. ! I have a question about SAP Web IDE.
Since SAP introduced support for java spring boot framework, I wonder if now one can use SAP Web IDE for the full development cycle with java other than with XSJS and Node.js artifacts. With 'full development' I mean that Sap Web IDE supports features like code completion, code check, build / run / debug even when developing Java Modules. This question, more generally, would apply to all 'buildpack' SAP will introduce (soon or later), since Web IDE is the "long-term replacement for SAP Hana Studio" and similar developer tools.
Documentation isn't so clear on this point, could you clarify please ?
> I wonder if now one can use SAP Web IDE for the full development cycle with java other than with XSJS and Node.js artifacts
You could already do the full Java development cycle in HANA 2.0 SPS 0. We added build/run support in SPS 0.
>With ‘full development’ I mean that Sap Web IDE supports features like code completion, code check, build / run / debug even when developing Java Modules
Everything you listed there is supported for Java Modules in the SAP Web IDE for SAP HANA.
>This question, more generally, would apply to all ‘buildpack’ SAP will introduce (soon or later)
The SAP Web IDE for SAP HANA won't necessarily support the Bring Your Own Language build packs, but will support the primary SAP supported build packs (which right now is Java and Node.js).
Thanks Thomas for your kind answer !
Thanks for the update Thomas. Any news on when this release will be available on SCP?
The new Cloud Foundry based version of SAP Cloud Platform will come with HANA 2.0. For more details on the availability of this, I suggest you keep a close eye on the announcements that will come out of SAPPHIRE next month.
Is it possible to transport node.js XSA applications using SAP netweaver change requests? Maybe using CTS+ like XS Classic..
Yes this is possible as of HANA 2.0 SPS 0: https://www.sap.com/documents/2016/12/98ccd65a-9c7c-0010-82c7-eda71af511fa.html
Nice job guys! Now that does look like a production-ready release to me. Keep going.
Application Lifecycle Management
"we introduce a web-based user interface alternative for installing XSA products and customer owned application MTA archives"
Are we really able to use it for our own MTA archives? Is there more documentation how we have to do it?
I can be used for your own, but you need to put your mtar file inside a zip and create folder called META-INF and add a SL_MANIFEST.XML to that folder. I would suggest looking at one of the SAP product zip files as an example.
Thanks, 'll give it a try.
Scoped NPM Packages
I could not find that much information on that.
Is the idea in using that functionality that traditional ABAP-namespaces will be administered for NPM/node.js in the future as well? I mean, having that one folder level approach is nice - but even scoped names like "@booking/analyze" obviously might not be unique.
I mean administered by SAP.
Documentation on scoped packages here: https://docs.npmjs.com/misc/scope
Thanks for swift reply, however, I know that.
I was trying to get info from you if SAP plans to get SAP ABAP Namespaces onto that npm structure / scope, mybe under a private, ie SAP owned, registry server or so.
But most likely - as that obviously is not implemented right now - you would not be allowed to elaborate on such possibly planned features...
We can't change how a scope works. That's defined by NPM itself. We will publish all of our modules in the @SAP scope to avoid potential conflicts and to allow layered NPM repositories. And yes we are launching our own SAP owned private registry for our modules. That private registry is actually live on the internet already, but we've not advertised it yet as not all of our modules are published yet. In another few days, hopefully all teams will have their publishing done and we can begin to promote it.
Hi,
I can't find the documentation for changing the URL/Domain for different applications/ports. I think I read about this feature but can't find it.
Is there something possible? Thanks a lot!
There are a few different ways. If you are using hostname based routing, by default the URL will be Organization-Space-Service Name-base hostname
However in your mta.yaml for the module definition in the parameters section you can override the default behavior and supply your own host part that gets added to the base hostname
Another approach is to use path based routing instead of hostname based. This was a new feature in HANA 2.0 SPS 0.
https://blogs.sap.com/2016/12/01/sap-hana-2.0-sps-0-new-developer-features/
CREATE-ROUTE is the keyword you need for this.
With HANA 2.0 SPS 0, XSA introduces the option of context path based routing. This allows the developer or admin to assign nice URLs with recognizable path names. It also avoids the same origin policy issue (CORS/Cross-Site-Scripting). Instead of the port access you can assign a path that will route to your application. This can be assigned during push or more likely direct assigned to a running application via the new create-route command.
https://help.sap.com/viewer/4505d0bdaf4948449b7f7379d24d0f0d/2.0.01/en-US/7b24c9d9284643e49554e2eeeaad7be7.html
Hi Thomas,
I tried to change the host, but it didn’t work for me. Did I miss a step?
properties:
host: test
register-service-url: true
service-name: web
service-url: ‘${default-url}’
Thanks!
What exactly is happening? Do you already have the service deployed? If changing these values in the MTA and the service already exists, you might have to delete it manually and then re-run. Also are you using hostname based routing? This approach only works with hostname based routing.
“Do you already have the service deployed?” –>Yes, I tried it more times.
“If changing these values in the MTA and the service already exists, you might have to delete it manually and then re-run.” –> How?
xs unregister-service-url https://host.domain.de:port!? The docu is to small at this point.
“Also are you using hostname based routing?” –> yes.
I was suggesting deleting the service with XS DELETE. There is also the XS DELETE-ROUTE command for completely removing the existing route.
Hi Thomas,
is Instance Manager the right keyword for my problem:
https://answers.sap.com/questions/203544/sap-web-ide-after-installation-two-container-for-t.html
Thanks!
No I don't think that will help. Its probably just new logic in the Web IDE for naming of the container instance. Is there a reason why the new container is a big problem in development? Nothing from the build/run of the Web IDE should really ever be considered permanent.
Is there a reason why the new container is a big problem in development?
--> Yes, because we are working on our "test"-data, which we have loaded before for each of us in our development environment.
But the bigger problem for me is, what will happen, if we bring the app in the production world. And after an WebIDE update, the customer will have a new container and isn't able to see and work on his "old" data?
>But the bigger problem for me is, what will happen, if we bring the app in the production world. And after an WebIDE update, the customer will have a new container and isn’t able to see and work on his “old” data?
You don't install a productive app via the Web IDE. You build the MTAR and then deploy that. YOu won't have the same issue at all. The Web IDE post-fixes the container names to keep them unique in a development environment when multiple developers might build the same container in the same space. The deployer does no such thing.
Ok, thanks! That sounds reassuring!
But once more.
From developer view I don’t understand why the objects (hdi-container, and so on) are created again. The old objects wouldn’t be used anymore.
And the problem is further while I try to start the new deployed app, I get the error msg “that already a route exists” and stops the running. To fix it, I’ve to delete the old objects…
We never we had this behavior in the past and I wouldn’t miss it.
Hi Thomas,
After XSA runtime upgrade, is HANA system restart required?
We are thinking about if we should host XSA separately from HANA database in order to get frequent XSA upgrades without needs of system downtime.
Thank you!
Bill
No. A HANA DB restart is not required for just an XSA Runtime update even if they are both installed on the same host machine.
Thomas Jung
Hi Thomas, having visited your OpenSAP course HANA5, I am too eager to try the Github exercise you pointed out above.
Unfortunately I still cannot pass through the installation issue "Timed out while waiting for apps: cockpit-adminui-svc, cockpit-admin-web-app", for which I have posted a question:
https://answers.sap.com/questions/208586/index.html
User "Alexander K" also posted the same issue in this blog above on April 26, 2017 at 5:19 am, but without getting any answer.
It would be great if you could share some of your thoughts about this issue.
Thanks.
Sunny
Blog comments are not the location to get installation support issues. I can answer questions about the functionality described here, but it shouldn't become a support destination.
Hi Thomas, thank for your quick reply and my apology if I have asked the question in the wrong forum here.
Can you confirm that the question I posted on https://answers.sap.com/questions/208586/index.html is the correct official forum?
Sunny
Yes that is the correct place for it.
Hi Thomas,
I'd like to know if announced Sap Web Ide Multicloud version will be available even on premise Hana installation or not.
Moreover, is Web Ide Multicloud a replacement for Web Ide ?
SAP Web IDE Multicloud is the Cloud deployed version and SAP Web IDE for SAP HANA is the on premise version. They come from the same core code base and will share many of the same features.
Hi Thomas,
is there also also an updated version of XSA CodeJAM exercises availabe (First ever CodeJAM on XSA (based on SPS11)). Which ideally fit to the now availabe HANA 2.0 SPS01 Express edition?
Thanks in advance,
HP
We have updated versions of the openSAP course exercises for HANA 2.0.
https://open.sap.com/courses/hana5/items/edjLJOYlvU7cH6q6bLpLM
We also continue to update the github repo for the openSAP course. There are different branches for each HANA release. There is one for SPS 01:
https://github.com/SAP/com.sap.openSAP.hana5.example/tree/hana2_sps01
Hi Thomas,
I'm currently looking at the v4 OData via Java App and found some issues:
Do you have any suggestions? I'm on HXE SP2 but I also have access to the Software Download Center... are these issues known limitations or is there a newer version of the SAP Gateway Runtime (looks like I'm currently on 1.0.6) or the OData jars (4.3.0-sap-02)?
Thanks for your help,
Fabian
Admittedly my knowledge on the Java module is limited. I spend most of my time covering the Node.js side. On the first item, are you not getting the auth token or is that the wizard generated code just isn't setting the DB session variables. If you aren't getting the auth token at all, make sure you have a web module in front of your Java module and are using the forwardAuthToken option in the xs-app.json. If its the later, you might have to set the DB session variables manually in the OData exit framework.
As far as the latest version of SAP Gateway Runtime, I just updated one of my projects yesterday based upon SPS 02 and its version 1.2.3. This is SPS 02 Patch 1 of the Web IDE for SAP HANA (4.2.18)
https://github.com/SAP/com.sap.openSAP.hana5.example/blob/hana2_sps02/user_java/pom.xml
So yes 1.0.6 seems quite old.
I've updated the Gateway Runtime to 1.2.4 from the Software Download Center (XS_JAVA Package). Still the same problem:
The JWT seems to be forwarded to the java app. I enabled the security constraint in web.xml to test this, now when I don't activate forwardAuthToken in the .yaml, I get 401 forbidden, when I set it to true I can see the results again. I guess you meant the .yaml and not the xs-app.json, right? The xs-app.json only has the entry "authenticationType": "xsuaa"...
But this means the JWT is processed by the java app... Otherwise the result would be the same in both scenarios (with and without auth token). Only the session variables are not set automatically 🙁
Is there any information about the "you might have to set the DB session variables manually in the OData exit framework"? Basically I went through the tutorial https://help.sap.com/viewer/4505d0bdaf4948449b7f7379d24d0f0d/2.0.02/en-US/e09f5225d61b40bb8761c756f138f2b0.html
The tutorial has some inconsistencies as well:
Step 8c sets up the route, but it should be ^/java/odata/(.*)$ instead. With /java/odata/v4 you cannot reach the clearCache endpoint for example, which is not prefixed by v4. Also the URLs in Step 12 for clearCache seem to be wrong, since I was able to call /java/odata/clearCache directly but calling /java/odata/clearCache/<context> as explained here is returning a 404...
Besides these problems... do you already know when the nodejs based OData v4 implementation will be ready? I was about to use the nodejs odata v2 anyway, but seems like it can't handle cds views with parameters as well. So I would need to use calculation views to expose those views. But I have the feeling that cds will be the go-forward solution vs calc views. Similar to how S/4HANA embedded analytics based on cds now makes HANA Live based on calc views obsolete...
I really can't help you further on this item. I suggest you either enter a question in the Q&A section or if you have found incorrect information in the online help which is leading you astray you can consider entering a support ticket.
>do you already know when the nodejs based OData v4 implementation will be ready
Not anytime soon. It is in the roadmap and will hopefully be at least partially delivered in SPS 03 in April 2018.
Hi Thomas,
I have been following your blogs and open sap sessions on HANA 2.0 and XSA developments.
I have a scenario.
I have an existing XS Classic Schema (MY_XS_CLASSIC_SCHEMA) created via a .hdbschema file in my HANA system.
I need to access the tables in this existing XS Classic schema from a new XS Advanced HDI container (MYHDI)
I defined a user provided service for this purpose. This service was created using a HANA database user (XS_CLASSIC_USER) that has SELECT access to the existing XS classic Schema.
The mta.yaml file was modified to add the user provided service and a .hdbgrant file is defined in the HDI container.
Now when i build the HDI container i get the below error.
Error: Error executing: GRANT "SELECT" ON SCHEMA "MY_XS_CLASSIC_SCHEMA" TO "MYHDI_HDI_MYHDIDBMODULE_1#OO";(nested message: insufficient privilege: Not authorized)
The user I used to create the User Provided Service has the SELECT access for the XS classic schema but don't have the GRANTABLE option. Is that the issue?
If yes then how can I create a HANA data base user in XS Classic which has a SELECT object privilege to a hdbschema with GRANTABLE option? I tried logging in with the SYSTEM user and running the below command but it fails with an authorization issue.
GRANT SELECT on schema MY_XS_CLASSIC_SCHEMA to XS_CLASSIC_USER WITH GRANT OPTION.
Thanks for your help,
Lijo John
>The user I used to create the User Provided Service has the SELECT access for the XS classic schema but don’t have the GRANTABLE option. Is that the issue?
Yes that is exactly the problem. The user in the User Provided Service must have the authorization with GRANTABLE option as they will be the ones performing the Grant at the SQL level.
You will need to create an HDBROLE in the repository for the XSC Schema. This role can contain the grant with grantable option.
Hi Thomas,
Thanks for your reply.
How do I add a grant with grantable option in HDBROLE?
Do you have an example of the syntax?
Your right, I thought there had been an option for the grantable in hdbrole but I guess I was confusing that with the new feature in the HDI hdbrole. I think the long term solution is certainly that such schemas must be converted to HDI. I did find in the 3.0 version of the HDI deployer documentation these details. It looks like your user provided service can call a stored procedure which in turn can grant the access (by calling the GRANT_ACTIVATED_ROLE).
If the technical database user does not have GRANT privileges by its own, but only EXECUTE privileges on a stored procedure which can grant the privileges, then the following settings are required:
"procedure"field, e.g."procedure": "GRANT"."procedure_schema"field, e.g."procedure_schema": "A_SCHEMA"."type"field with the value"procedure".Hi Thomas,
Thanks for the quick response.
I have a problem converting these XS classic Schemas into HDI.
We have a BW system sitting on the same HANA Box. The classic schemas have multiple HANA procedures that are consumed via AMDP by the BW system.
Can you tell me if AMDP is supported on procedures created via HDI containers ?Are the generated schemas of the HDI container visible to ABAP via AMDP? Even if it's visible how do you grant access to the BW ABAP user to the HDI container procedures.
I hope you would cover the integration of AMDP/ABAP and XSA in one of the future blogs or the upcoming open sap session.
Thanks,
Lijo John
>Can you tell me if AMDP is supported on procedures created via HDI containers
Yes AMDP can certainly call HDI-based procedures. You just need to create HDBROLES within the container and grant those roles to the ABAP technical user.
Absolutely, once they have the correct authorizations (as described above),.
Its not really any different than the old repository. You create HDBROLE within the container. It deploys a container-specific role. However this role looks like any other in the User Admin/Role Assignment tools. You just see the container name prefixed on the role name. You can grant them using the Studio or HANA Cockpit user admin tools.
Thanks Thomas,
I will try out the solutions you provided.
Hi Thomas,
I tried the solution you provided but I could not make it work 🙁
Can you please guide me where I am going wrong?
It would be a nice if SAP can do a blog on this topic as accessing XS classic Schema from XSA HDI container is a common scenario customers encounter when XS classic applications are too complex to migrate and still you need to access those SCHEMAS in XSA.
Step 1:
I created a .hdbrole in my existing XS Classic Schema as shown below.
This role contains all authorizations that are required to access my XS classic Schema from the new HDI container.
role global.security.roles.development::gbw_dev
{
catalog schema "MY_XS_CLASSIC_SCHEMA" : CREATE ANY, SELECT, INSERT, UPDATE, DELETE, EXECUTE, DEBUG, ALTER, DROP;
}
Step 2:
Next I created a database procedure in the XS Classic schema. This procedure is a wrapper and just includes the CALL for granting the role defined above.
Question: To which user should I grant the roles here? Is it to the generated users of the HDI container? If yes how do I find those user ids ? If i hardcode the user ids dont they change while moving the solution to Quality or production systems?
PROCEDURE "GRANTSCHEMA"."gbw.model.procs::PROC_GRANT_GBW_DEV_ROLE" ( )
LANGUAGE SQLSCRIPT
SQL SECURITY definer as
BEGIN
CALL GRANT_ACTIVATED_ROLE
('global.security.roles.development::gbw_dev' , '');
END
Step 3
Next I created a user provided service like you suggested.
xs cups CROSS_SCHEMA_SERVICE_ GRANT_PROC -p "{\"host\":\"10.41.20.21\",\"port\":\"30015\",\"user\":\"COMM_USR\",\"password\":\"ABCDEFG\",\"driver\":\"com.sap.db.jdbc.Driver\",\"tags\":[\"hana\"],\"type\":[\"procedure\"],\"procedure_schema\":\" GRANTSCHEMA\" ,\"procedure\":\" global.security.roles.development::gbw_dev\" }"
Step 4
Modified the mta.yaml to include the new user provided service as a resource and defined the dependencies to the hdi module
Step 5 (I am a bit lost from this step onwards)
Question: Do I have to create a .hdbgrants file just like in a normal cross schema scenario? if yes what access I give there? Do you have an example? I tried the below and it fails saying the user dont have the grant privilege.
{{ "hdi-test-service": { "object_owner": { "schema_privileges":[ { "reference":"MY_XS_CLASSIC_SCHEMA", "privileges":[ "SELECT", "EXECUTE" ] } ] }, "application_user" : { "schema_privileges":[ { "reference":"MY_XS_CLASSIC_SCHEMA", "privileges":[ "SELECT", "EXECUTE" ] } ] } }}
Step 6
Question: Assuming Step 5 is fixed, what do I do next? Create a synonym for the remote schema tables?
Thanks,
Lijo John
Your procedure doesn't have any interface on it. Please refer to the online help for the hdideploy module. It lists the needed interface and a sample of how to write the granting procedure. One of the things passed into the interface is the target users to grant to. So no you certainly don't hard code the technical users names as you couldn't possibly know them in advance anyway.
Thanks Thomas.
Can you give me the link to this documentation on the sample code how to write the granting procedure? I am unable to find it.
The documentation is in the readme.md file of the @sap/hdi-deploy module itself. Best way to access it is via npm and just install the module on your local machine. However here is the section in question:
For the different types of privileges, the following fields are passed to the GRANT procedure:
Example of a GRANT procedure:
Hi Thomas,
Thanks for the reply.
I installed the module @sap/hdi-deploy but the installation does not come with a README.MD file.
Is this module in the sap npm registry missing the README.MD file?
All the modules in the SAP NPM repo should have a readme.md, but unfortunately this one does not. I put the relevant section in my earlier posting. I've also spoken to the documentation lead and development manager for this module and they will work to get the readme.md included in the next release.
Hi Thomas,
Thanks.
Can you then please share the section on subsequent step of creation of user provided service of type procedure also? I did the below but not sure if the syntax is correct.
xs cups CROSS_SCHEMA_SERVICE_CCO_CE_GRANT_NEW -p "{\"host\":\"10.41.20.21\",\"port\":\"30015\",\"user\":\"CCO_CR_SCH_USR\",\"password\":\"ABCDE\",\"driver\":\"com.sap.db.jdbc.Driver\",\"tags\":[\"hana\"],\"type\":\"procedure\",\"procedure_schema\":\"LKUMBLOL\" ,\"procedure\":\" hgrs.cco.fc_ce_grp.model.procs::GRANT\" }"
As per my understanding, Once the user provided service is created, I need to create a .hdbgrants file (like below) and then create synonyms. Please correct if I am wrong.
{{ "hdi-hccocelive-service": { "object_owner": { "schema_privileges":[ { "reference":"MY_SCHEMA", "privileges":[ "SELECT" ] } ] }, "application_user" : { "schema_privileges":[ { "reference":"MY_SCHEMA", "privileges":[ "SELECT" ] } ] } }}
Thanks,
Lijo John
There is no subsequent steps. Just the section I posted earlier:
"procedure"field, e.g."procedure": "GRANT"."procedure_schema"field, e.g."procedure_schema": "A_SCHEMA"."type"field with the value"procedure".Hi Thomas,
What is the best set-up for running a NetWeaver App together with a custom HANA Datamart using XSA on one HANA 2.0 system? Would you suggest to use 2 separate tenants, one for NetWeaver and one for XSA? I think cross-tenant data access is possible but is it now fast enough?
I think one can install XSA and NetWeaver together on one Tenant but when we installed NW on the HANA Server it forced us to create a separate tenant.
I my opinion 2 tenants would have advantages for production as one can allocate resources per tenant.
many thanks
best regards
Ralph
I'm sorry but system installation with NetWeaver just isn't a topic I cover in general nor within the scope of this blog. I couldn't provide you with an answer that has an experience with it.
Hi Thomas,
Pardon me it is about out of topics but I am desperate how to contact you.
I am enrolling open SAP HANA course Software Development on SAP HANA (Update Q4/2017)
I'm going through the hands-on excercises and I'm up to 2.5. I'm trying to determine the URL for SAP HANA XS Advanced Cockpit Manager. I couldn't find the url and port for this. I'm using HANA Express in CAL.
Use the xs command line and issue the xs apps command to get a listing of all applications and their URLs
Could you please tell me which one?
Thanks.
It doesn't appear as though you have the XSA Admin Cockpit installed on your system. You can instead use the command line xs CUPS to perform the same task. The disadvantage of the command line is that the JSON has to be properly escaped.
Hi Thomas,
the first thing I wanna say is a huge "Thank you!" to you and your team for all your efforts into this awesome product. Just love it!!! Spending most of my spare time with my own HANA Express instance checking out all the latest features : )
Today I've tried myself in using the instance manager feature and also succeeded in creating several "tenants" which I can access using @sap/hana-client. Now I'm trying to find out, how I can deploy my HDB module definitions into several of these containers while or after having created them. Can you maybe give me a hint how to solve this issue or am I thinking the wrong way here?
Thank you very much in advance!
Martin
Hi Thomas,
I am unable to view the node features available in the web ide of Hana express edition.
Please find attached the screenshot of the error.
Thanks in advance.
Best Regards
Vignesh Jeyabalan
Something seems very wrong with your installation. Unnamed.feature.0 and unnamed.feature.1? I've never seen anything like that.
Hi Former Member ,
Thanks a lot for the response.
I also get plugin error message when I load the web ide but its not frequent. Is there any way I can debug it or can you please suggest some alternate options which I can try.
Could it be due to the fact that I have installed the express edition behind a company firewall , that is not able to download the required plugins from web ? I have set the proxy details in the cockpit though.
Thanks
Vignesh Jeyabalan
If you are behind a firewall you should also set the proxy settings in the mtaext before the installation of the Web IDE.
https://help.sap.com/viewer/1a8e7ab05a2e4119b02b702f211422f5/2.0.03/en-US/5fd9473b7e994e2aa66092da5a10c75a.html
Is this SPS 03 version? Normally the Web IDE installation should be self contained and not need to get modules from the Internet. However there was a problem in the patch 0 and patch 1 of SPS 03 where the node_modules was missing. This is corrected in Patch 2. But I would have expected this to cause your installation to fail, not act like what you are seeing.
Hi Thomas Jung
thanks for the response.
I am using SPS02 version of Express edition . Yes I am behind a firewall and we have our own cloned version of npm registry.
I tried following your above steps but I was not able to figure out on how to set the npm registry.
Please let me known the commands if any which I can run to set the registry in the Linux terminal.
I tried to login to the app URL but the login was not possible because I didn't have a email id which I can use for login.
Below are the app details when I query from the Linux command line.
also I get the below error when I try to set the proxy from the cockpit:
Thanks & Regards
Vignesh Jeyabalan
If you didn’t set the proxy during installation you can set it from the command line using the xs env command. Web IDE doesn’t use the Cockpit proxy setting and must be set independently. Also it’s perfectly normal that you don’t have a username/password to the web interface of the local NPM registry cache. It doesn’t require any. The search interface isn’t supported, but you can just build the url to a module manually to test it. However if you are behind a firewall it isn’t going to work until you get that proxy setting corrected.
Hi Thomas Jung ,
Thanks for the response.
I tried reinstalling the image and this time set the proxy details , but when I access my webide still I get the below error.
Thanks
Vignesh Jeyabalan
Blog comments aren't really the correct place to troubleshoot your installation problems. You still seem to have issues with your Web IDE in general. I can't support you on its installation. I can only suggest that you make sure you've cleared your browser cache. Make sure the installation was successful and that all dependent services are running. Otherwise you should really post this as its own Q&A entry as HANA Express only comes with community support.
Hi Thomas Jung
Ya sure , no problem .. I will post a separate Q&A for the same.
We are currently facing lots of issues in development of MTA application on cloudfoundry due to unavailability of a dedicated IDE from SAP. Even the SAP Web IDE Full Stack on Neo stack doesn't have support to build node module. We have constantly raised the concern to SAP but have received no concrete solution as of now on the development approach that is suitable in a corporate network machines.
It would be very helpful if could share some documents that can be helpful in the express edition installations.
Thanks
Vignesh Jeyabalan
Hi Thomas Jung
First of all, thank you for a great blog. It is really helpful.
Second of all, maybe this is not a correct place for posting this question, but it is related to features that are described in this blog.
I recently discovered one bug in my XSA application (MTA including one HDB module and several Java modules) that ended up on Production system so before applying the fix I needed to test the fix of that bug on Test system.
Testing the bug fix had to be done on exact same data that was present on Production system.
We are currently on:
SAP HANA version 2.00.010.00.1491294693
XSA version 1.0.63.292045
Therefore I used the Export/Import HANA functionality to create CSV files.
The Export/Import option was successful, but it was both time and resource consuming. On top of that, transferring CSV files from one Linux server to another took too much time.
If another bug arises, I will probably need to copy the data again and the duration of this process will take even more time since the data continues to grow on Production system.
Other option that I had in mind is to perform the System copy using Backup/Restore.
I have created a full data backup of Production system and I restored it on a Test system.
The restore itself was successful, and I could see my schema, schema user, schema#OO, schema#DI and all technical and application users that were created during service-application binding.
I also granted myself a necessary role so I can examine the data using SAP Web IDE for SAP HANA database explorer.
I must emphasize that the schema name is strictly specified in mta.yaml file.
The problem I could not solve is that on Test system, my XSA applications have its own service-application binding users, and they do not match the ones that will be restored from Production backup.
Therefore, when I try to deploy my MTA, i receive error similar to this:
Error creating application "db": Could not bind application "db" to service "db_container" : Asynchronous job 'Creating service binding between app "db" [orgname...space...] and service instance "db_container" [service: 'hana', plan:'hdi-shared'] of [org...space...] failed.
And at the end --- Because of: [10] authentication failed.
If I try to undeploy my current MTA, error that I receive during deploy on clean XSA side (no services, apps nor mta deployed) is similar to this:
Error creating services: Controller operation failed: 400 Could not create service "db_container": Asynchronous job 'Creating service instance 'db_container' [service: 'hana', plan:'hdi-shared'] of [Org...,Space...].' failed
And at the end --- Because of: [10] authentication failed.
We tried to specify which users to use during the deploy time but this was not possible.
If my understanding is correct <VCAP_SERVICES> are System Provided services responsible for application credentials and changing those parameters is not allowed.
I had couple of other system copy ideas:
Is this case that I need supported/recommended?
If this is possible, could you please share your opinion on this topic?
Maybe I could not find it in the SAP HANA/XSA documentation.
Best regards,
Ivan Despotovic
Please post as its own independent question. The topic has nothing directly to do with the topic of this blog.
Thank you for taking time to answer. I will posted a question.
You can find it on this link: https://answers.sap.com/questions/702099/sap-hana-system-copy-including-xsa.html
Best regards.