SAP BW on HANA - Authorization

When you create SAP HANA views based on BW system, there are certain type of privileges that are required to run the views in HANA. Different level of securities can be applied to objects in SAP HANA and BW system.

In SAP HANA, analytical privileges are used to limit the row level access on modeling views. Analytic privileges are handled as filters for database queries. Users only see the data for which they have an analytic privilege.

You can assign different types of right to different users on different component of a View in Analytic Privileges.

Sometimes, it is required that data in the same view shouldn’t be accessible to other users who do not have any relevant requirement for that data.


Suppose you have an Analytic view EmpDetails that has details about the employees of an organization - Emp name, Emp Id, Dept, Salary, Date of Joining, Emp logon, etc. Now if you don’t want your Report developer to see Salary details or Emp logon details of all employees, you can hide this by using the Analytic privileges option.

Analytic Privileges are only applied to attributes in an Information View. We cannot add measures to restrict access in Analytic Privileges.

Analytic Privileges are used to control read access on SAP HANA Information views. Hence, we can restrict data by Empname, EmpId, Emp logon or by Emp Dept and not by numerical values like salary and bonus.

Create Analytic Privileges in SAP HANA

Right-click on Package name and go to new Analytic Privilege or you can open using HANA Modeler quick launch.

Create Analytic Privileges

Enter the name and Description of Analytic Privilege → Finish. A new window will open.

You can click the Next button and add Modeling view in this window before you click on Finish. There is also an option to copy an existing Analytic Privilege package.

In BW, the users can only execute BEx queries on which they are authorized. In case you don’t have a permission to run a query, an error message is displayed.

To create SAP HANA views from InfoProviders, the following approach can be used: XML- based Analytical Privilege.

When SAP HANA views are created from InfoProviders from SAP HANA, you can use XMLbased analytical privilege to be applied: SQL-based Analytical Privilege.

When SAP HANA views are created from BW InfoProviders from SAP BW, SQL-based analytical privileges are used.

Object Privilege in SAP HANA

To access SAP HANA views that are generated from SAP BW, you need to have the following authorization −

  • Object privilege − SELECT on _SYS_BI

  • Object privilege − EXECUTE on REPOSITORY_REST(SYS)

  • Package privilege − REPO.READ on the content package where generated SAP HANA views are stored.

Object Privilege

Package Privilege