Skip to Content
Jan 17, 2014 at 12:04 PM

Analytical Privileges: Best approach to see all data of a view


Hi all,

Creating an empty analytical privilege with just assigning for example the attribute view, but NO restrictions allows to see all the data.

A bit like _SYS_BI_CP_ALL.

But is this the correct approach for a HANA system where we have implemented full security for many users/roles?

Or should the analytical privilege be explicit? For example the head of finance has access to all the regions data and the regions are set explicitly.

Pro: It's more secure, you define what can be seen.

Con: This means if there is a new region created, he will not be able to see the new region and it has to be added into the privilege manually.

At a more granular level, new employees joining or new product this can be very maintenance intensive.

Opinions welcome :-)