Skip to Content
Sep 23, 2016 at 04:35 PM

HANA Security - Restricting Data Based on Log-in User ID



We have a business scenario where we need to limit the data displayed in our reports, based on the login user.

We're using HANA SPS12, and BOBJ 4.2 SP2.

Since this is at the data level, we're assuming we need to use Analytic Privileges.

The way this is modeled in HANA is as follows:

1. I have a Calculation View of type dimension that contains the USERID which should be compared to the user ID of the person logged in to HANA;

2. This dimension is linked to a Calculation View of type Cube with Star Join, and the link is at the star join.

When I do a data preview, the USERID field shows up correctly.

My question is what's the best/correct way to create the security that we need, which is to only display records for user ABC when that user ABC is logged in to HANA? He should only be able to see that data, and no one else's.

I know I can create multiple Analytic Privileges and do it at the individual user level, and assign those individual APs to the individual users, but that can be a maintenance nightmare if I have 500 users to maintain, so would want it to hopefully be dynamic so I can create a single AP that can be assigned to the users that require the data restriction.

Thanks in advance,