cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HANA Authorization - Basics

Go to solution
Former Member

on ‎03-29-2012 5:43 AM

0 Kudos

Hi All

  As per my understanding each user will be assigned access to the objects via Granted Roles,SQL Priviliges ,System Privileges,Analytical Privileges and package privileges.

when a user creates any analytical view, calculation view , procedure the respective objects  will be stored in _SYS_BIC schema . If user A creates view that would be visible to all the users , if the user wants the data preview to be restricted on the analytical view for a set of users.How can it be achieved , is it through restricting on the object level table or column view level?

Thanks

Santosh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member182277
Contributor
‎03-29-2012 6:02 AM
0 Kudos

Hello Santosh,

Take the following scenerio.

1. Suppose you are logged with admin user. you created a schema and under that you creted a table say table1.

2. you created view on table1.

3. Now you create a user say user1.

4. May the user as public and dont add the schema name under the SQL priviledge of the user which is having the table table1.

4. Save the user.

5. Log in with user1 and if you try to preview the view, it will not be visible to user1 saying insufficient priviledge.

Hope it is helpful.

Regards,Neha

Show replies
Show replies
Former Member
‎03-29-2012 7:03 AM
0 Kudos

Hi Neha

The above scenario  fine, but what my concern is if we take a example scenario as below

User A and User B both are non-admin users , they created analytical views A and B respectively , the corresponding column view will be stored in "_SYS_BIC" schema for both analytical views,as both the users need to access their own analytical views and they should not be able to view or change the others .With reference to the above ,as per my understanding we can't restrict both of the users acceess to _SYS_BIC schema under SQL privileges section , both of them would need access to _SYS_BIC. but at the further level , how can we restrict them is at the column view level or table level.

Above is my assumption, please correct me if I am wrong.

Thanks

Santosh

former_member182277
Contributor
‎03-29-2012 7:26 AM
0 Kudos

Hello Santosh,

I tried your scenerio.

But we can do

1. We can create the analytical privilege and assign to the users

2. We can remove the _sys_bic from the SQL privilege so that both user not able to access the _sys_bic.

Hope it will help.

Regards,Neha

hai_murali_here
Advisor
Advisor
‎03-29-2012 8:35 AM
0 Kudos

Hi,

If you do not want User B to see the models(Views) of User1,then for User B you can restrict the Package Privileges.So add only the Packages he is working with so that he wont be able to see the views of other users.This is restriction of the Views to other users.

But the Column Views created by all the users will sit under SYS_BIC which is common for all the users.If you dont want other users to see the SYS_BIC Column Views of one user,remove the SYS_BIC schema under SQL Privileges.

Rgds,

Murali

Former Member
‎03-29-2012 9:44 PM
0 Kudos

Hello Neha and Murali

Thanks for providing your insights on the solution ,to summarize there are two ways to achieve the above task

1.To restrict the user at package level using package privileges.and not giving them access to _SYS_BIC schema under SQL privileges.

2.Giving them access to analytical views via analytical privileges [even though they have access to both packages] as the respective analytical privilege will have access to their own analytical view they won't be able to view  data in others analytical view and again restrict from giving access to _SYS_BIC schema under SQL privilege section.

Please correct me if I am wrong.

Thanks

Santosh

Answers (0)

Ask a Question