English 中文(简体)
SAP HANA Tutorial

SAP HANA Introduction

SAP HANA Modeling

SAP HANA Reporting

SAP HANA Security

SAP HANA Data Replication

SAP HANA Monitoring

SAP HANA SQL

SAP HANA Useful Resources

Selected Reading

SAP HANA - Authorization methods
  • 时间:2024-07-13

SAP HANA - Authorization Methods


Previous Page Next Page  

Authorization is checked when a user tries to connect to HANA database and perform some database operations. When a user connects to HANA database using cpent tools via JDBC/ODBC or Via HTTP to perform some operations on database objects, corresponding action is determined by the access that is granted to the user.

Privileges granted to a user are determined by Object privileges assigned on user profile or role that has been granted to user. Authorization is a combination of both accesses. When a user tries to perform some operation on HANA database, system performs an authorization check. When all required privileges are found, system stops this check and grants the requested access.

There are different types of privileges, which are used in SAP HANA as mentioned under User role and Management −

System Privileges

They are apppcable to system and database authorization for users and control system activities. They are used for administrative tasks such as creating Schemas, data backups, creating users and roles and so on. System privileges are also used to perform Repository operations.

Object Privileges

They are apppcable to database operations and apply to database objects pke tables, Schemas, etc. They are used to manage database objects such as tables and views. Different actions pke Select, Execute, Alter, Drop, Delete can be defined based on database objects.

They are also used to control remote data objects, which are connected through SMART data access to SAP HANA.

Analytic Privileges

They are apppcable to data inside all the packages that are created in HANA repository. They are used to control modepng views that are created inside packages pke Attribute View, Analytic View, and Calculation View. They apply row and column level security to attributes that are defined in modepng views in HANA packages.

Package Privileges

They are apppcable to allow access to and abipty to use packages that are created in repository of HANA database. Package contains different Modepng views pke Attribute, Analytic and Calculation views and also Analytic Privileges defined in HANA repository database.

Apppcation Privileges

They are apppcable to HANA XS apppcation that access HANA database via HTTP request. They are used to control access on apppcations created with HANA XS engine.

Apppcation Privileges can be appped to users/roles directly using HANA studio but it is preferred that they should be appped to roles created in repository at design time.

Repository Authorization in SAP HANA Database

_SYS_REPO is the user owns all the objects in HANA repository. This user should be authorized externally for the objects on which repository objects are modeled in HANA system. _SYS_REPO is owner of all objects so it can only be used to grant access on these objects, no other user can login as _SYS_REPO user.

GRANT SELECT ON SCHEMA "<SCHEMA_NAME>" TO _SYS_REPO WITH GRANT OPTION

Advertisements