on 11-20-2020 4:10 PM
Hi ,
I have created a hdbrole in mta project which creates a role in the system . The role provides a SELECT access to the classic schema. We used to run the below procedure and the _SYS_REPO assigns the role to user in XS Classic.
CALL _SYS_REPO.GRANT_ACTIVATED_ROLE('Role_name','USER')
Can we also do something similar for the roles created via MTA project . I mean assigning to any particular user via technical user. We do not want to assign a role to a user in production by one of the normal users or we should always use SYSTEM user?.
Yes for HDI managed roles there are similar procedures that can be used to grant access by a user with HDI container/group admin rights.
But you can also consider using the HANA Cockpit and user with Role Admin.
It is not possible to grant and revoke deployed HDI roles using the GRANT and REVOKE SQL statements. Roles deployed to an HDI container are granted and revoked through the execution of the GRANT_CONTAINER_SCHEMA_ROLES and REVOKE_CONTAINER_SCHEMA_ROLES procedures of either the container's or the container group's API schema. The container administrator and the container group administrator are authorized to execute these procedures. For more information about these procedures and administrator roles, see the SAP HANA Administration Guide.
A role administrator (user with system privilege ROLE ADMIN) can also grant and revoke HDI roles, for example as follows: GRANT <role_schema_name>.<role_name> TO <user_name>, where <role_schema_name> is the HDI container name where the role was created.
Roles can be granted and revoked using the SAP HANA cockpit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.