Prerequisites:
To create a role, you must have the privilege ROLE ADMIN.
To grant a privilege to a role, you must have the privilege yourself and be authorized to grant it to other users and roles.
Procedure:
In the navigator, expand the system, then the Catalog folder and the Authorization folder. Right-click the Roles folder and choose New Role.
Create the role by specifying a unique role name and assigning the required privileges (SQL privileges, analytical privileges, system privileges).
Choose Deploy to create the role.
Note: You can delete a role by right-clicking it in the navigator and choosing Delete.
SAP HANA Role Modeling:
You can model roles in the following ways:
● As runtime objects on the basis of SQL statements
● As design-time objects in the repository of the SAP HANA database
Recommended that you model roles as design-time objects (Information Modeler)
Possibility to transport them between different systems allowing complex access control avoiding unnecessary duplicate effort.
Roles created at design time are not directly associated with a database user, but belong to _SYS_REPO
The design-time version of a role in the repository and its activated counterpart should always contain the same privileges. Privileges should not be granted or revoked to or from the activated version of the role. The role will be otherwise completely overwritten once it is activated again from its repository version.
To create a role, you must have the privilege ROLE ADMIN.
To grant a privilege to a role, you must have the privilege yourself and be authorized to grant it to other users and roles.
Procedure:
In the navigator, expand the system, then the Catalog folder and the Authorization folder. Right-click the Roles folder and choose New Role.
Create the role by specifying a unique role name and assigning the required privileges (SQL privileges, analytical privileges, system privileges).
Choose Deploy to create the role.
Note: You can delete a role by right-clicking it in the navigator and choosing Delete.
SAP HANA Role Modeling:
You can model roles in the following ways:
● As runtime objects on the basis of SQL statements
● As design-time objects in the repository of the SAP HANA database
Recommended that you model roles as design-time objects (Information Modeler)
Possibility to transport them between different systems allowing complex access control avoiding unnecessary duplicate effort.
Roles created at design time are not directly associated with a database user, but belong to _SYS_REPO
The design-time version of a role in the repository and its activated counterpart should always contain the same privileges. Privileges should not be granted or revoked to or from the activated version of the role. The role will be otherwise completely overwritten once it is activated again from its repository version.
No comments:
Post a Comment