cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

General Analytic Privilege to display generated HANA views in bw2hana

Former Member

on ‎06-30-2015 1:50 PM

0 Kudos

Hi,

In a BW on HANA development environment I have created a user in SU01 with a technical name "BW_HANA_AUTH" and given him full access to SAP BW (SAP_ALL profile). Also, in SU01 tab DBMS I have created a corresponding HANA DB user and assigned the pre-delivered MODELING role in HANA to this user.

One of the InfoCubes in SAP BW (0FIGL_C10) has been generated as an "External SAP HANA view for reporting", and can therefore be found as an Analytic View "FIGL_10" in HANA Studio in package "system-local.bw.bw2hana.0".

Also, during the view generation, HANA created a new catalog role "bw2hana/SAPABAP1_0FIGL_C10_REPORTING" specifically for accessing this analytic view. The role contains 3 catalog objects with "SELECT" and "EXECUTE" rights, as well as an analytic privilege.

When user "BW_HANA_AUTH" logs on to SAP HANA Studio and tries to preview data in analytic view FIGL_C10, he gets an authentication error SAP DBTech JDBC: [258] insufficient priveledge.

The reason for this error is that user "BW_HANA_AUTH" have not been assigned role "bw2hana/SAPABAP1_0FIGL_C10_REPORTING", or more specifically the analytic privilege "bw2hana/SAPABAP1_0FIGL_C10_REPORTING". If I add either the entire role or solely the missing analytic privilege to user "BW_HANA_AUTH", he can see the entire data set of the analytic view FIGL_C10.

If you look at the pre-delivered role "MODELING", it contains SELECT and EXECUTE rights on the entire _SYS_BIC schema as well as an analytic privilege "_SYS_BI_CP_ALL", which is supposed to overrule all other restrictions in analytic privileges and give the user full access to data models in HANA.

To solve the authorization issue, I could certainly start assigning "bw2hana/SAPABAP1_...." roles for every generated HANA view to every HANA user in the system who needs to see the data in that view. However, is there a way to define a general role in HANA which includes all "bw2hana/SAPABAP1..." analytic privileges and assign this role to developer users who need  full rights to see all HANA views in package "system-local.bw.bw2hana.0"?

Thanks in advance!

Regards. Arseny

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

niteshgupta87
Active Participant
‎10-12-2015 8:33 AM
0 Kudos

Hi Arseny,

You don't have to assign this HANA role (bw2hana...) manually. HANA Authorizations can be generated from BW and are automatically assigned to users in HANA. Though you need to make sure of certain things:

  • In tcode RS2HANA_VIEW, select Assignment Type = R. Its easier to maintain with this option.
  • If you are in BW 7.4 SP8 or above, you will find one more option "SAP HANA User Mapping" in RS2HANA_VIEW tcode. Better to select option "C" here. If you select "D", then you will have to ensure that your BW user has a DBMS user mapping (in SU01 tcode -> DBMS tab).

          In SP7 or earlier SP, system by default works as Option "C".

  • The BW user should be assigned to analysis authorization for your info provider. This analysis authorization should contain all necessary characteristics/nav attributes for your info provider.
  • After that you need to generate HANA authorizations for this user, for the info provider. For this use tcode RS2HANA_CHECK. With this tcode, the user would get bw2hana/.... role assigned in HANA automatically. You can run RS2HANA_CHECK tcode for multiple (or all) info providers / users for mass updates.

          Authorizations for Generating SAP HANA Views - Using the SAP HANA Database - SAP Library

Please note that understand that MODELING role or _SYS_BI_CP_ALL is not needed for a user to see data from HANA views. You can create your own custom role and include only required privileges in it, i.e. SELECT on _SYS_BI, _SYS_BIC, etc. Also you don't have to include generated HANA roles bw2hana.... in this custom role.

Regards,

Nitesh Gupta

Show replies
Show replies
former_member194957
Active Participant
‎09-16-2015 11:38 AM
0 Kudos

Hi Arseny,

     The content.admin role can serve the purpose i guess. Please give a try .

Regards,

Tharun.

Show replies
Show replies
Torsten_
Advisor
Advisor
‎09-15-2015 2:39 PM
0 Kudos

Hi,

did you've checked transaction RS2HANA_CHECK?

or check

http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/d07fd29b-2ba2-3210-cc84-dd4147f2d120&override...

Regards

Torsten

Show replies
Show replies
Ask a Question