What are the
different types of privileges of the HANA Database?
There are several
privilege types are used in SAP HANA (system, object, analytic, package, and
application).
System privileges
Applicable to
è System,
database
Target User
è Administrators,
Developers
System privileges
control general system activities. They are mainly used for administrative
purposes, such as creating schemas, creating and changing users and roles,
performing data backups, managing licenses, and so on. System privileges are
also used to authorize basic repository operations. System privileges granted
to users in a particular tenant database authorize operations in that database
only. The only exception is the system privileges DATABASE ADMIN, DATABASE STOP,
and DATABASE START. These system privileges can only be granted to users of the
system database. They authorize the execution of operations on individual
tenant databases. For example, a user with DATABASE ADMIN can create and drop
tenant databases, change the database-specific properties in configuration
(*.ini) files, and perform database-specific backups.
Object privilege
Applicable To
àDatabase objects
(schemas, tables, views, procedures and so on)
Target User
àEnd users, technical
users
Description
Object privileges are
used to allow access to and modification of database objects, such as tables
and views. Depending on the object type, differ-ent actions can be authorized
(for example, SELECT, CREATE ANY, ALTER, DROP, and so on).
Schema privileges are
object privileges that are used to allow access to and modification of schemas
and the objects that they contain. Source privileges are object privileges that
are used to restrict access to and modification of remote data sources, which
are connected through SAP HANA smart data access. Object privileges granted to
users in a particular database authorize access to and modification of database
objects in that database only. That is, unless cross-database access has been
enabled for the user. This is made possible through the association of the
requesting user with a remote identity on the remote database. For more
information, see Cross-Database Authorization in Tenant Databases in the SAP
HANA Security Guide.
Analytic privilege
Applicable To
Analytic views
Target User
End users
Analytic privileges are used to allow read access to
data in SAP HANA information models (that is, analytic views, attribute views,
and calculation views) depending on certain values or combinations of values.
Analytic privileges are evaluated during query processing. Analytic privileges
granted to users in a particular database authorize access to information
models in that database only.
Package privilege
Applicable To
Packages in the
classic repository of the SAP HANA database
Target User
Application and
content developers working in the classic SAP HANA repository
Package privileges
are used to allow access to and the ability to work in packages in the classic
repository of the SAP HANA database. Packages contain design-time versions
of various objects, such as analytic views, attribute views, calculation views,
and analytic privileges. Package privileges granted to users in a
particular database authorize access to and the ability to work in packages in
the repository of that database only.
Application privilege
Applicable To
Developers of SAP HANA XS classic applications can create application privileges to authorize user and client access to their application. They apply in addition to other privileges, for example, object privileges on tables.
Application privileges can be granted directly to users or roles in runtime in the SAP HANA studio. However, it is recommended that you grant application privileges to roles created in the repository in design time.
Rupesh Chavan