Developing and managing HANA database roles is one of the key activities to control what the users can do and their access to critical data in the system.
Before the arrival of SAP HANA extended application services, advance model (XSA) there were two types of roles in HANA. Catalog roles, which are created directly in the catalog and, repository roles, which are created using the HANA Repository.
With the introduction of XSA, it was also introduced a new type of roles known as HDI-based roles. Like repository roles, HDI-based roles provide role versioning and can be transported between systems.
As the HANA Repository and the SAP HANA extended application services, classic model (XSC) have been deprecated and are planned to be removed from the next major HANA release, HDI-based roles are now the recommended type of roles to be used, and thus, the successors of the repository roles.
The HDI-based roles and repository roles have fundamental differences in the way they are developed or are assigned. To explain these differences, we have prepared the Best practices and recommendations for developing roles in SAP® HANA document, where is described what are the most important changes related to role development process and to provide you additional information and recommendations on how to address the common challenges when developing HDI-based roles.
Additionally, in the document, we deliver and describe HDI-based role templates for administrative tasks in the HANA database. You can use this role templates as a starting point for the creation of their own HDI-based roles.
For further information about the deprecation of the HANA Repository and XSC, you can check:
- SAP Note 2465027 – Deprecation of SAP HANA extended application services, classic model and SAP HANA Repository (logon required)