on 06-30-2015 1:50 PM
Hi,
In a BW on HANA development environment I have created a user in SU01 with a technical name "BW_HANA_AUTH" and given him full access to SAP BW (SAP_ALL profile). Also, in SU01 tab DBMS I have created a corresponding HANA DB user and assigned the pre-delivered MODELING role in HANA to this user.
One of the InfoCubes in SAP BW (0FIGL_C10) has been generated as an "External SAP HANA view for reporting", and can therefore be found as an Analytic View "FIGL_10" in HANA Studio in package "system-local.bw.bw2hana.0".
Also, during the view generation, HANA created a new catalog role "bw2hana/SAPABAP1_0FIGL_C10_REPORTING" specifically for accessing this analytic view. The role contains 3 catalog objects with "SELECT" and "EXECUTE" rights, as well as an analytic privilege.
When user "BW_HANA_AUTH" logs on to SAP HANA Studio and tries to preview data in analytic view FIGL_C10, he gets an authentication error SAP DBTech JDBC: [258] insufficient priveledge.
The reason for this error is that user "BW_HANA_AUTH" have not been assigned role "bw2hana/SAPABAP1_0FIGL_C10_REPORTING", or more specifically the analytic privilege "bw2hana/SAPABAP1_0FIGL_C10_REPORTING". If I add either the entire role or solely the missing analytic privilege to user "BW_HANA_AUTH", he can see the entire data set of the analytic view FIGL_C10.
If you look at the pre-delivered role "MODELING", it contains SELECT and EXECUTE rights on the entire _SYS_BIC schema as well as an analytic privilege "_SYS_BI_CP_ALL", which is supposed to overrule all other restrictions in analytic privileges and give the user full access to data models in HANA.
To solve the authorization issue, I could certainly start assigning "bw2hana/SAPABAP1_...." roles for every generated HANA view to every HANA user in the system who needs to see the data in that view. However, is there a way to define a general role in HANA which includes all "bw2hana/SAPABAP1..." analytic privileges and assign this role to developer users who need full rights to see all HANA views in package "system-local.bw.bw2hana.0"?
Thanks in advance!
Regards. Arseny
Hi Arseny,
You don't have to assign this HANA role (bw2hana...) manually. HANA Authorizations can be generated from BW and are automatically assigned to users in HANA. Though you need to make sure of certain things:
In SP7 or earlier SP, system by default works as Option "C".
Authorizations for Generating SAP HANA Views - Using the SAP HANA Database - SAP Library
Please note that understand that MODELING role or _SYS_BI_CP_ALL is not needed for a user to see data from HANA views. You can create your own custom role and include only required privileges in it, i.e. SELECT on _SYS_BI, _SYS_BIC, etc. Also you don't have to include generated HANA roles bw2hana.... in this custom role.
Regards,
Nitesh Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arseny,
The content.admin role can serve the purpose i guess. Please give a try .
Regards,
Tharun.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
did you've checked transaction RS2HANA_CHECK?
or check
Regards
Torsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
9 | |
8 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.