Skip to Content
Technical Articles
Author's profile photo Lucia Subatin

Connecting the SAP HANA Service on Cloud Foundry to SAP Analytics Cloud – The lazy approach, pt3

In the first and second blog posts, you created a user with an external identity the JWT provider and permissions to execute procedures in EPMMDS. You have configured trust between your SAP HANA service and the UAA service in Cloud Foundry. You also have some calculation views in an HDI container. There are roles and privileges protecting access to those views and tables.

You want this database user to have access to the HDI container, either by granting a role in the HDI container or schema privilege.

Grant a privilege or role in the HDI container to the database user

From Web IDE, navigate to the HDI container:

Right-click on it to open the SQL console as Admin:

Get the name of your schema, by right-clicking on a table or view and selecting “Generate SELECT statement”

If you have created a role (for example, using an .hdbrole artifact in Web IDE), here’s the snippet. Append “#DI” to the schema name you got from the previous select statement and replace “DB#DI”. Also replace the user.

set schema "DB#DI";
SELECT * FROM M_ROLES;CREATE LOCAL TEMPORARY TABLE #PRIVILEGES LIKE _SYS_DI.TT_SCHEMA_ROLES;
INSERT INTO #PRIVILEGES (ROLE_NAME, PRINCIPAL_SCHEMA_NAME,  PRINCIPAL_NAME) values ('reporter','','YOUR_USER');
CALL "DB#DI".GRANT_CONTAINER_SCHEMA_ROLES(#PRIVILEGES, _SYS_DI.T_NO_PARAMETERS, ?, ?, ?);DROP TABLE #PRIVILEGES;

If you do not have a role,  below to grant SELECT access for example. Append “#DI” to the schema name you got from the previous select statement and replace “DB#DI”. Also replace the user.

set schema "DB#DI";
CREATE LOCAL TEMPORARY TABLE #PRIVILEGES LIKE _SYS_DI.TT_SCHEMA_PRIVILEGES;
INSERT INTO #PRIVILEGES (PRIVILEGE_NAME, PRINCIPAL_SCHEMA_NAME,  PRINCIPAL_NAME) values ('SELECT','','YOUR_USER');
CALL "DB#DI".GRANT_CONTAINER_SCHEMA_PRIVILEGES(#PRIVILEGES, _SYS_DI.T_NO_PARAMETERS, ?, ?, ?);
DROP TABLE #PRIVILEGES;

 

How do I know this? Because it’s in the HANA Deployment Infrastructure Reference.

Connect from SAP Analytics Cloud

Finally some fun! Log in to your SAP Analytics Cloud instance and create a new connection

The choice is pretty obvious, but I’ll add a circle in case someone is distracted:

The host is the endpoint of xsahaa-entry

A window will pop-up, asking for the credentials for SAP Cloud Platform.

You can now create a model:

And this, my friends, is a happy screen:

 

Troubleshooting

The more the steps, the more chances of something going wrong. Some things I have found (and so the other people testing this — believe it or not, you are not the first to implement this)

  • Stops working after a while with an “Authentication Failed” error: This has been reported and I found that restarting the module solves this.
  • You get an authentication error when connecting: Press F12 to find out what the problem is. It could either be the CORS configuration or SYS.EXECUTE_MDS_DEV missing.
  • You can create the connection but cannot see the models: Review the roles above (no, you don’t need to set the _SYS_BIC select access or the ina role).

Remember, you can trace authorization with:

alter system alter configuration ('indexserver.ini','SYSTEM') SET ('trace','authorization')='info' with reconfigure 

and Unset it with:

alter system alter configuration ('indexserver.ini','SYSTEM') UNSET ('trace','authorization') with reconfigure

 

Hope this helps! See you on Twitter or LinkedIn!

 

Assigned tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ditthanan Phoncharoensri
      Ditthanan Phoncharoensri

      Hi Lucia,

      l setting follow form your instruction but is still pop up to fill in Username and Password (not single sign-on) as below.

      Could you please help guiding this issue (not single sign-on)? Thank you

       

       

      Best regards,

      Phattarachai Inthapanya

      Author's profile photo Lucia Subatin
      Lucia Subatin
      Blog Post Author

      Hi,

      Single sign on is not part of the configuration done in these steps, not sure what the question is.

      You also seem to be sharing the community log in?

      Lucia.

      Author's profile photo Ditthanan Phoncharoensri
      Ditthanan Phoncharoensri

      Dear Lucia ,

       

      Thanks for your reply.

      Currently I would like to set up the single sign-on for SAP HANA Service on Cloud Foundry to SAP Analytics Cloud.

       

      Do you have any instruction for that configuration?

       

      Best regards,

      Phattarachai Inthapanya

      Author's profile photo Lucia Subatin
      Lucia Subatin
      Blog Post Author

      That's described on step 7 here: https://www.sapanalytics.cloud/guided_playlists/sap-hana-hdi-in-sap-cloud-platform-cloud-foundry-live/

       

      Author's profile photo Ditthanan Phoncharoensri
      Ditthanan Phoncharoensri

      Thank you very much.

      Author's profile photo Nivetha .
      Nivetha .

      Hi, have you established sinlge sign on after following the 7th step in the above mentioned playlist?

      Author's profile photo Nivetha .
      Nivetha .

      Hi,

      The connection was created we were using it. But, now suddenly I am unable to login to the application, Getting internal server error. What might be the possible cause?