Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert
The HANA CORS (Cross Origin Resource Sharing) configuration is straight forward but as the old saying goes, a picture paints a thousand words.  Such a shame that the SAP documentation policy does not allow screenshots.  I have captured the configuration steps here.

SAP Analytics Cloud Version 2018.1.0
SAP HANA Version 1.00.111 (SPS 11).

The official SAP Analytics Cloud documentation is good and could be found here.
Live Data Connection to SAP HANA

This CORS setup is pretty simple.

  1. Configure HANA HTTPS (SSL)

  2. InA (Information Access)

  3. CORS Configuration

  4. XS Timeout

  5. SameSite Cookie Settings

1. Configure HANA HTTPS (SSL)

The Configuration of the SSL certificate is within the Web Dispatcher at the URL below.
The following role is required.


For me that is

Once completed you must be able to access XS classic urls via HTTPS, without any security pop-ups or certificate errors. Usually this is port 4300, if your SAP HANA instance number is 00, but 24 in my case, therefore port 4324.

The full configuration steps for HTTPS are outlined within the SAP HANA help documentation so I won't repeat those here.

Configure HTTPS (SSL) for Client Application Access


2. Information Access (InA) using EPM-MDS

Verify InA is installed and you have rights to access this service.


For me that is

The response from InA is in JSON, using a JSON browser extension makes the response more readable.

If InA is not working it may not be installed (as below).  Errors such as

"InformationAccess Service GetServerInfo is not available. Install the SAP HANA EPM-MDS plugin."

You will need to download the the HANA EPM-MDS package from SWDC.

Check that your user has access to this package via the sap.bc.ina.service.v2.userRole::INA_USER role.

Verify that you can access Metadata via InA


For me that is{%22Metadata%22:{%22Exp...]}}

3. CORS Configuration

Be aware the CORS config below needs to be repeated after each and every HANA update, e.g moving from revision 122.12 to 122.15.

To access the XS admin site your user requires the following roles.

sap.hana.xs.admin.roles::RuntimeConfAdministrator  sap.hana.xs.admin.roles::SAMLViewer

Login to your XS (classic) admin site, the URL would be something like


For me that becomes

Verify that Basic Authentication is allowed as below

Configure CORS, with the Allowed Origins, Allowed Headers and Exposed Headers as specified below.

# Allowed Headers

# Exposed Headers

As an alternative, or if you experience any issues with the XS user interface, SQL can be used.
An example SQL statement is show, that can apply this configuration. The SQL needs to be modified with your appropriate SAP Analytics Cloud URL.
SET "CONFIGURATION" = ' {"cors":{"enabled":true,"allowOrigin":["https://<url_address>"],"exposeHeaders":["x-csrf-token"],"allowHeaders":["accept-language","x-sap-cid","x-request-with","x-csrf-token","content-type","authorization","accept"],"allowMethods":["GET","HEAD","POST","OPTIONS"],"maxAge":3600}}'
WHERE "PACKAGE_ID" = 'sap.bc.ina.service.v2';

This is also described in the SAP Note 2655556

4. XS Timeout

We should also increase the XS timeout from the default of 900 seconds (15 minutes) to 43200 (12 hours). Below is the SQL to do this.
alter system alter configuration ('xsengine.ini','SYSTEM') set ('httpserver','sessiontimeout')='43200' with reconfigure;

This can also be changed in HANA Studio.

5. SameSite Cookies Settings

I have captured these steps in a separate blogpost that can be found here

SAP Analytics Cloud

With the CORS configuration now completed we can establish the Live Direct HANA connection within SAP Analytics Cloud.


Recently (during 2020 and early 2021) Google Chrome has included additional privacy settings for blocking third-party cookies. The impact of this is that live HANA connections can fail due to the site being seen as a third-party.

You can check for third-party cookies being blocked.

With Chrome Site Settings, you can allow the blocked Cookies


If SAC refuses to connect, then further information can be seen in the web browser Developer  Console (F12) or (View/Tools -> Web Developer -> Console)