Skip to Content
Technical Articles
Author's profile photo Jay Malla

How to access an SAP HANA XSA Container schema from external applications such as NodeJS

My Licensed To Code colleague Roland Schulz and I have been working on SAP HANA XSA development for the past few years.  We have been doing lots of NodeJS development on both SAP HANA XSA and also outside of HANA.  We have a scenario which we are developing of a NodeJS application and needed to write data from the external NodeJS application into an SAP HANA Container schema but we could not connect to the schema from the outside.

So how do we do this?

So here’s the problem.  I am logged into SAP HANA Express on the Google Cloud XSA as the SYSTEM user and I am not able to see the contents in the container schema SAP_AD_HDB_1.  Yes – you may have guessed it from the tables…. we are doing SAP and Active Directory integration using NodeJS.  Actually, we are integrating with Azure Active Directory and using NodeJS is ideal since Microsoft provides the Graph API and NodeJS libraries for that functionality.

Here are the steps we implemented that allows us to access the schema data from the outside.  I had help from Thomas Jung at TechEd 2018 in Las Vegas to show how I can achieve this and I told him that I would write a blog to do so…. but I only got around to it after a few months after being super busy with other SAP UI5 and HANA XSA projects.

Here we go…


Step 1 – Create another user which we will use to grant the SYSTEM user the necessary privileges to see the data in the container schemas.



Step 2 – create the privileges temporary table to load in the privileges we want to assign the user above


Step 3 – insert the admin user from above with the privileges into this temporary table with the values from the _SYS_DI.T_DEFAULT_CONTAINER_USER_PRIVILEGES container table



Step 4 – Run the procedure to grant the schema privileges for the SAP_AD_HDB_1 schema to the user



Step 5 – Drop the temporary table since we do not need it anymore:



Step 6 – Create a role for the HDB container that we can then grant: sap_ad_hdb_admin:


        "name": "sap_ad_hdb_admin”,
        "schema_privileges": [{
           "privileges": ["SELECT METADATA", 
                          "SELECT CDS METADATA", 
                          "CREATE TEMPORARY TABLE"

Activate this:

Step 7 –  With the SYSTEM user, grant the ROLE ADMIN system privilege to the user created above:


Step 8 – log in as the new HDI container user created above in Eclipse:

Step 9 – assign the roles to the SYSTEM user (or any other user you want to access the HDI container generated schema)



Then add the role we create – sap_ad_hdb_admin.  I did notice that there are two other roles automatically created – SAP_AD_HDB_1::access_role and SAP_AD_HDB_1::external_privileges_role – so it looks like SAP may have added these roles in the newest support pack which may do the same thing as the role we created – i will need to find out more about that:

Activate this:


Step 10 – moment of truth….. now see if you can get view the contents of the HDI container schema through the SYSTEM user (or another user that you may want to use)

And here it is….


I hope this is useful for you.  If you have read this far, I am assuming it has been.  Feel free to connect with me on interesting SAP HANA XSA projects.  I think SAP HANA XSA with the NodeJS and other runtimes really opens up the SAP platform and we can use best of both worlds… SAP and non-SAP to do some amazing development and integration…




You can connect with me at – Jay Malla on LinkedIn



Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Sreehari V Pillai
      Sreehari V Pillai

      Hi there. Thanks for the blog.

      I am confused - The first set of granting schema access to JAY_HDI_ADMIN - From where I must execute these statements  ? From SYSTEM user from the tenant level ? or SQL console from container .