Creating an empty analytical privilege with just assigning for example the attribute view, but NO restrictions allows to see all the data.
A bit like _SYS_BI_CP_ALL.
But is this the correct approach for a HANA system where we have implemented full security for many users/roles?
Or should the analytical privilege be explicit? For example the head of finance has access to all the regions data and the regions are set explicitly.
Pro: It's more secure, you define what can be seen.
Con: This means if there is a new region created, he will not be able to see the new region and it has to be added into the privilege manually.
At a more granular level, new employees joining or new product this can be very maintenance intensive.
Opinions welcome :-)