Hi Wenjun,

I have two default schemas (DEV_ and NEO_). But NEO_XXX is the second NEO_ schema in Catalog.

JTG (my user name)

|-- Catalog

    |-- DEV_ (my default dev schema)

    |-- NEO_ (my default neo schema)

|-- NEO_XXXXXXXXXX

     |-- Tables

         |-- p1940044813trial.gadisihanaxs.hello.mytable1

The shema NEO_XXX is definitely not my schema and p1940044813trial is not my HCP account.

I think this is a security problem.

BR

Yujun

Hi Yujun,

Then this is not a security problem... I think the reason you can see the second NEO_XXX schema is due to:

1. First of all HCP trial is a shared SAP HANA instance. All developers share a single SAP HANA system. So, you can find all usernames on this system.

2. You are granted the privilege on the second schema NEO_XXX by p1940044813trial.

Best regards,

Wenjun

Hi Wenjun,

I didn't grant any privileges. I am not administrator.

Yes, all users share a single SAP HANA system. But the users are not administrators. And e.g. they have no privilege to create a new schema. They should only access own objects.

Now I can access (select data) the schema from user p1940044813. Maybe other users can access my schemas too. This is a big big security problem !!!

BR

Yujun

Hi Yujun,

I' sorry you're wrong.

> I didn't grant any privileges.

Definitely. I know you didn't grant any privileges. I said "you are granted the privilege..."

> I am not administrator.

Absolutely not. You should login with DEV_XXX. You cannot login with SYSTEM.

> Yes, all users share a single SAP HANA system. But the users are not administrators. And e.g. they have no privilege to create a new schema. They should only access own objects.

Yes, you're right. No one is admin and thus they cannot create schema. And they can only access their own objects. However, the user can grant the privilege on his/her objects to others. For instance, in your case, another user grant the SELECT privilege on his/her default NEO_XXX to you. And this grant does not require your permission. This is easy to understand. For example, I say "Hey, you can enter my room", so you have the right to enter my room. But it's up to you, you can enter right now or you may never want to enter. So, you can see his/her schema and tables. But he/she cannot see your objects, since you didn't grant the privilege to him/her.

> Now I can access (select data) the schema from user p1940044813. Maybe other users can access my schemas too. This is a big big security problem !!!

As I explained above, you can see the schema from others since others grant you to do so. Believe me no one can see your content in your schema, unless you grant the privileges to others. In short, this is not a security problem.

For better understanding, you can test with two HCP trial developer accounts. For example, you have DEV_A and DEV_B, you can let DEV_A grant the SELECT privilege on his NEO_XXX schema to DEV_B, then DEV_B can see the content of NEO_XXX from DEV_A. But DEV_A cannot see the content of NEO_XXX from DEV_B, since DEV_B didn't grant the privilege to DEV_A.

Best regards,

Wenjun

Hi Wenjun,

Ok, understood. Thank you for your explanation.

BR

Yujun

Hi Yujun,

It's my pleasure.

Best regards,

Wenjun