Thank you for the reply jhodel18. I have already successfully completed that tutorial when I had XSA installed on the same tenant as my target database. But my dba decided he wanted XSA installed on a separate tenant from the target database for reasons I won’t go into here. Now that XSA and the target database are on separate tenants, I tried completing the tutorial again. This time it fails because the XSA build creates all the required users on the XSA tenant, not on the target database tenant. So when I attempt to build the .hdbgrants file, it errors saying it cannot find the relevant user in the target database tenant.

Hi Dustin,

I suspect that your issue is with your configuration of the UPS.

xs cups CROSS_SCHEMA_PRODUCTS -p  "host","port","user","password","driver","tags","schema"

• You need to make sure you got the host and port correct.
• Also, you need to make sure that that user is created in the target tenant db
• And that user is given the necessary db object privileges

My host is correct. I tried every other option for my port, and I only get “authentication failed”. The port I am using for my target tenant succeeds with authentication, but doesn’t have the user that the XSA build created in the XSA tenant. So are you saying in need create the “object owner” and “application user” users in my target tenant manually? That step isn’t in the tutorial. The tutorial presents it as an automatic action during the build.

The tutorial mentioned that use of SYSTEM user (just to point out that it is not the HDI user just like what you are saying above):

You will be prompted for each of the values you have listed:- user: SYSTEM- port: 3XX13 or 3XX15 - where XX stands for the instance number. You can confirm the port by running netstat | grep 3xx13 in the command line in your HXE instance.- password : The administration password for SYSTEM- driver: com.sap.db.jdbc.Driver- tags: [ "hana" ]- schema: PLAIN

For a normal use case, you won't use (or you won't be allowed) the SYSTEM user. You have to request your DBA to create a technical user on that target tenant db with the appropriate hana object privileges.

That excerpt you copied is in the section for SP02 and lower. I followed the SP03 section, which mentions this:

Use the following values to complete the wizard- Service name: CROSS_SCHEMA_PRODUCTS- Host: hxehost (or your hostname)- Port: 39013 (default port for SYSTEMDB in SAP HANA, express edition 2.0, use 39015 if your space is mapped to the first tenant database)- User and Password: SYSTEM (or a user with access to the non-container PLAIN schema) and its credentials.

It says “or a user with access to the non-container...schema”. I know I have done this part correctly because:

1. I used the same credentials when I last did this tutorial (when I had both the target schema and XSA installed on the same tenant), and I received no errors. It built the .hdbgrants and .hdbsynonyms files just fine.

2. When I create my .hdbsynonyms file with my current setup, I can connect to the CROSS_SCHEMA_ACCESS user-defined service and select from a list of all the tables in my target schema. I just can’t build the .hdbsynonyms file because I cannot build the .hdbgrants file.

The error I get when trying to build the .hdbgrants file says it cannot find the “object owner (OO)” user in the database. When I look in my XSA tenant, I can see that the XSA build has created that “object owner” user. But it does me no good there, because it needs to be in my target database tenant to achieve appropriate access.

This brings me back to my original question: Does XSA have to be installed on the same tenant as my target database? If so, that seems pointless because what if I want to create multiple user-provided services pointing at, say, my EPM system and my S4 system?

Hi Dustin,

It seems like below thread will answer your question:

You can not use cross container access to cross over tenants.

https://answers.sap.com/questions/13016302/tutorial-on-sap-hana-xs-advanced-need-help.html

Ah, bummer. Thank you for finding that and replying! I appreciate it Jhodel!

You're welcome Dustin!

If you find that the answer you got is satisfactory, please don't forget to mark this answer as "Accepted" to close this thread. Cheers!

jhodel18, I would be happy to mark this as accepted if you can revise your answer to match your comment from above:

Hi Dustin,

It seems like below thread will answer your question:

You can not use cross container access to cross over tenants.

https://answers.sap.com/questions/13016302/tutorial-on-sap-hana-xs-advanced-need-help.htmlf

I like your idea Dustin! Therefore, already updated while preserving the original context of the discussion. Thanks!

Hi Dustin,

Did you find a solution for your scenario?

Asking because I have a similiar scenario on my project. Have XSA installed on PHA tenant which have a CDA user to connect to the S4 tenant (S4P).

I need to read S4P schema (SAPHANADB) to create some calculation views in XSA but I can't create the service user on the S4P tenant (by its port number) I get that invalid user issue.

I had a workaround which was to create a new schema in the PAH tenant and then create views for the S4P tables:

Example:

 create view V_ACDOCA as select * from S4P.SAPHANADB.ACDOCA

With this I could make the synonyms and create the calculation views.

But I`m not sure if this is a good workaround.

Thanks and sorry to bother.

Thiago