Sample exercise to maintain user and role in SAP HANA

After completing this exercise, you will be able to

• Create roles
• Assign privileges to role
• Create user
• Assign roles to user
• Create analytic privilege

Task 1: Create a role and assign below privileges to it:

• add the role SELECT_SYS_BI to your role
• add the SQL privilege REPOSITORY_REST with privilege EXECUTE
• add package privilege to give access to repository package and assign authorization REPO.READ
• deploy the role and confirm that the role is created

Task 2: Create a new user, assign the role you created in task 1 to this user. Confirm user is created and user schema is created. Add the user to navigator view of SAP HANA studio.

Task 3: Check if new user is authorized to access the analytic view XYZ

Task 4: Create a new package using the user created in task 2. Add an analytic privilege to this package. This analytic privilege should give access to analytic view XYZ with restriction to attribute year = ‘2008’

Task 5: Add the new analytic privilege to your role created in task 1. Now test the authorization of the new user by selecting analytic view XYZ

Task 6: repeat preview steps for another analytic view and calculation view

Solution

Task 1: 

1. Create a role “ROLE_STUDENT_H2B”

Log on to HANA studio with user user1.

choose administration perspective

Expand the folder-> SAP HANA system -> security -> roles

right click on roles -> new role

give your role the following name ROLE_STUDENT_H2B and a short description.

2. Add the role SELECT_SYS_BI to your role

select granted roles tab and click on +

search for role SELECT_SYS_BI, highlight it and click OK

3. Add the SQL-privilege REPOSITORY_REST with privilege EXECUTE to your role.

Select SQL Privileges tab and Click on +.
Search for a object REPOSITORY_REST, highlight it, and click OK.
Select the object which just has been added.
Assign the privilege EXECUTE to object REPOSITORY_REST.
Your Role should now contain 1 granted role and 1 SQL privilege.

4. Add a Package Privilege to give access to repository package student_h2b and
assign authorization REPO.READ.

On the Package Privileges tab add repository package student_h2b.
Highlight the added package privilege and select REPO.READ on the right pane.

5. Deploy the role and confirm that the role has been created.
Deploy newly created Role, by click on the Deploy button, or click F8.
Confirm the successful deploy on the role view.
Also, confirm it is in the Role Catalog: Expand the content of the SAP HANA system → Security → Roles.
Close the role properties, by clicking on X.

Task 2:

1. Create a user named NEW_USER_H2B
   a) Expand the content of the SAP HANA system → Security → Users.
   b) Right click on Users → New User.
   c) Give the user a name, NEW_USER_H2B, short description and Internal password (eg H2b3456) and confirm the password.
2. Assign the role ROLE_STUDENT_H2B
   a) Select Granted Roles tab and click on +
   b) Search for the role you have created, and select the role, then click OK.
   c) Confirm that the role have been added in the list.
   d) Click Deploy or F8.
3. Confirm that your user has been created.
   a) Confirm the Deploy on the tab NEW_USER_H2B.
   Note: PUBLIC role have been automatically assigned.
   b) Confirm your user under Users Security Catalog.
   c) Now, you can log in as the user created.
4. Add the user to the Navigator View of the HANA studio.
   a) To add the new user NEW_USER_H2B open the context menu of the system node and choose Add Additional User …
   b) Enter user Id and Password and choose Finish.
   c) Confirm your user’s Schema under Catalog.

Task 3:

Check if the user NEW_USER_H2B is authorized to access the Analytic View XYZ

1. Check if the user NEW_USER_H2B is authorized to access the Analytic View XYZ.
a) Change to the Modeler Perspective:
Window → Open Perspective → Other, then select Modeler and OK. In the Navigator Pane open the tree for user NEW_USERXX to view the available packages.
b) Under the tree for user NEW_USER_H2B open Content → student_h2b → Analytic Views
c) Right-Click Analytic View XYZ and choose Data Preview.
d) Then choose the tab Raw Data. An error message indicating that the user is not authorized appears.

Task 4:

1. Create a new package student_h2b using the user STUDENT_H2B.
a) In the Navigator Pane open the tree for user STUDENT_H2B.
b) Right-click the Content folder.
c) Choose New → Package …
d) Enter name and description student_h2b.
e) Choose OK.

2. Create a new Analytic Privilege XYZ_YEAR2008.
a) Right-click on the new package and choose New → Analytic Privilege
b) Enter name and description XYZ_YEAR2008.
c) Choose Next.
d) Select Analytic View student_h2b.XYZ
e) Choose Add.
f) Choose Finish.
g) Click on Add to select Associated Attributes Restrictions.
h) Choose attribute YEAR.
i) Choose OK.
j) Click on Add to Assign Restrictions for YEAR.
k) Click in the Value field.
l) Click the grey button to Open Value Help Dialog.
m) Choose the Find button.
n) Select value 2008 and click OK.
o) Set the general option Applicable to all Content Models to active.
p) Deploy your Analytic Privilege (Save and Activate).

Task 5:

1. Add the new Analytic Privileges to your role ROLE_STUDENT_H2B.
a) Navigate to the role, right-click and choose Open.
b) Select the Analytic Privileges tab.
c) Choose the + to Add new Analytic Privileges.
d) Select your Analytic Privilege student_h2b/XYZ_YEAR2008 and click OK.
e) Deploy the changes.

2. Select the Analytic View XYZ to test the authorizations.

a) Navigate to H00 (NEW_USER_H2B) → Content → student_h2b → Analytic
Views.
b) Right-Click on XYZ (Actual data) and choose Data Preview.
c) In the Available Objects pane, drag the field YEAR and drop it in the Label Axis pane.
d) In the Available Objects pane, drag the field Revenue and drop it in the Values Axis pane.
e) In the Output pane, Select the Table tab.
f) Check the result and only values for YEAR 2008 are available.

Task 6:

1. Repeat the preview steps for XYZ_1 and the Calculation View CE_XYZ (combination of XYZ and XYZ_1)

a) Navigate to H00 (NEW_USER_H2B) → Content → student_h2b → Analytic Views.
b) Right-Click on XYZ and choose Data Preview. Then choose the tab Raw Data. The content of the Analytic View XYZ is shown.
c) In the Available Objects pane, drag the field YEAR and drop it in the Label Axis pane.
d) In the Available Objects pane, drag the field Revenue and drop it in the Values Axis pane.
e) In the Output pane, Select the Table tab.
f) Check the result and only values for YEAR 2008 are available.
g) Navigate to H00 (NEW_USER_H2B) → Content → student_h2b → Analytic Views.
h) Right-Click on CE_XYZ and choose Data Preview.
i) In the Available Objects pane, drag the field YEAR and drop it in the Label Axis pane.
j) In the Available Objects pane, drag the field Revenue and drop it in the Values Axis pane.
k) In the Output pane, Select the Table tab.
l) Check the result and only values for YEAR 2008 are available.