- SAP HANA Tutorial
- SAP HANA - Home
- SAP HANA Introduction
- SAP HANA - Overview
- In-Memory Computing Engine
- SAP HANA - Studio
- Studio Administration View
- SAP HANA - System Monitor
- SAP HANA - Information Modeler
- SAP HANA - Core Architecture
- SAP HANA Modeling
- SAP HANA - Modeling
- SAP HANA - Data Warehouse
- SAP HANA - Tables
- SAP HANA - Packages
- SAP HANA - Attribute View
- SAP HANA - Analytic View
- SAP HANA - Calculation View
- SAP HANA - Analytic Privileges
- SAP HANA - Information Composer
- SAP HANA - Export and Import
- SAP HANA Reporting
- SAP HANA - Reporting View
- Bi 4.0 Connectivity to HANA Views
- SAP HANA - Crystal Reports
- SAP HANA - Excel Integration
- SAP HANA Security
- SAP HANA - Security Overview
- User Administration & Management
- SAP HANA - Authentications
- SAP HANA - Authorization methods
- SAP HANA - License Management
- SAP HANA - Auditing
- SAP HANA Data Replication
- SAP HANA - Data Replication Overview
- SAP HANA - ETL Based Replication
- SAP HANA - Log Based Replication
- SAP HANA - DXC Method
- SAP HANA - CTL Method
- SAP HANA - MDX Provider
- SAP HANA Monitoring
- SAP HANA - Monitoring and Alerting
- SAP HANA - Persistent Layer
- SAP HANA - Backup & Recovery
- SAP HANA - High Availability
- SAP HANA - Log Configuration
- SAP HANA SQL
- SAP HANA - SQL Overview
- SAP HANA - Data Types
- SAP HANA - SQL Operators
- SAP HANA - SQL Functions
- SAP HANA - SQL Expressions
- SAP HANA - SQL Stored Procedures
- SAP HANA - SQL Sequences
- SAP HANA - SQL Triggers
- SAP HANA - SQL Synonym
- SAP HANA - SQL Explain Plans
- SAP HANA - SQL Data Profiling
- SAP HANA - SQL Script
- SAP HANA Useful Resources
- SAP HANA - Questions and Answers
- SAP HANA - Quick Guide
- SAP HANA - Useful Resources
- SAP HANA - Discussion
SAP HANA - Authorization Methods
Authorization is checked when a user tries to connect to HANA database and perform some database operations. When a user connects to HANA database using client tools via JDBC/ODBC or Via HTTP to perform some operations on database objects, corresponding action is determined by the access that is granted to the user.
Privileges granted to a user are determined by Object privileges assigned on user profile or role that has been granted to user. Authorization is a combination of both accesses. When a user tries to perform some operation on HANA database, system performs an authorization check. When all required privileges are found, system stops this check and grants the requested access.
There are different types of privileges, which are used in SAP HANA as mentioned under User role and Management −
System Privileges
They are applicable to system and database authorization for users and control system activities. They are used for administrative tasks such as creating Schemas, data backups, creating users and roles and so on. System privileges are also used to perform Repository operations.
Object Privileges
They are applicable to database operations and apply to database objects like tables, Schemas, etc. They are used to manage database objects such as tables and views. Different actions like Select, Execute, Alter, Drop, Delete can be defined based on database objects.
They are also used to control remote data objects, which are connected through SMART data access to SAP HANA.
Analytic Privileges
They are applicable to data inside all the packages that are created in HANA repository. They are used to control modeling views that are created inside packages like Attribute View, Analytic View, and Calculation View. They apply row and column level security to attributes that are defined in modeling views in HANA packages.
Package Privileges
They are applicable to allow access to and ability to use packages that are created in repository of HANA database. Package contains different Modeling views like Attribute, Analytic and Calculation views and also Analytic Privileges defined in HANA repository database.
Application Privileges
They are applicable to HANA XS application that access HANA database via HTTP request. They are used to control access on applications created with HANA XS engine.
Application Privileges can be applied to users/roles directly using HANA studio but it is preferred that they should be applied to roles created in repository at design time.
Repository Authorization in SAP HANA Database
_SYS_REPO is the user owns all the objects in HANA repository. This user should be authorized externally for the objects on which repository objects are modeled in HANA system. _SYS_REPO is owner of all objects so it can only be used to grant access on these objects, no other user can login as _SYS_REPO user.
GRANT SELECT ON SCHEMA "<SCHEMA_NAME>" TO _SYS_REPO WITH GRANT OPTION