SAP HANA - Analytic Privileges
Analytic Privileges are used to limit access on HANA Information views. You can assign different types of right to different users on different component of a View in Analytic Privileges.
Sometimes, it is required that data in the same view should not be accessible to other users who do not have any relevant requirement for that data.
Suppose you have an Analytic view EmpDetails that has details about employees of a company- Emp name, Emp Id, Dept, Salary, Date of Joining, Emp logon, etc. Now if you do not want your Report developer to see Salary details or Emp logon details of all employees, you can hide this by using Analytic privileges option.
Analytic Privileges are only applied to attributes in an Information View. We cannot add measures to restrict access in Analytic privileges.
Analytic Privileges are used to control read access on SAP HANA Information views.
So we can restrict data by Empname, EmpId, Emp logon or by Emp Dept and not by numerical values like salary, bonus.
Creating Analytic Privileges
Right Click on Package name and go to new Analytic Privilege or you can open using HANA Modeler quick launch.
Enter name and Description of Analytic Privilege → Finish. New window will open.
You can click on Next button and add Modeling view in this window before you click on finish. There is also an option to copy an existing Analytic Privilege package.
Once you click on Add button, it will show you all the views under Content tab.
Choose View that you want to add to Analytic Privilege package and click OK. Selected View will be added under reference models.
Now to add attributes from selected view under Analytic Privilege, click on add button with Associated Attributes Restrictions window.
Add objects you want to add to Analytic privileges from select object option and click on OK.
In Assign Restriction option, it allows you to add values you want to hide in Modeling View from specific user. You can add Object value that will not reflect in Data Preview of Modeling View.
We have to activate Analytic Privilege now, by clicking on Green round icon at top. Status message – completed successfully confirms activation successfully under job log and we can use this view now by adding to a role.
Now to add this role to a user, go to security tab → User → Select User on which you want to apply these Analytic privileges.
Search Analytic Privilege you want to apply with the name and click on OK. That view will be added to user role under Analytic Privileges.
To delete Analytic Privileges from specific user, select view under tab and use Red delete option. Use Deploy (arrow mark at top or F8 to apply this to user profile).