on 02-04-2021 4:57 AM
Note that GRC is supporting HDI roles. See 2879587 - SAP GRC AC, enable HANA schema roles provisioning for the GRC Access Request
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HANA does not allow for per-schema roles.
So, what you are seeing in the screenshot are not "roles in different schemas".
Unless we know what data the two columns contain and where this information is sourced from, it will be difficult to explain what the screenshot shows.
However, I suspect it may show roles that have been granted (maybe directly and indirectly) and are owned by a specific user. E.g. that role "zmv_test" may be part of other roles and one of those roles is owned by the SYSTEM user while the others are owned by the SYS user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
All right, I have to revise my answer - in fact, I learned something new here.
Always a win, when that happens 🙂
So, HANA does indeed support per-schema roles. That's how HDI container-specific roles work.
The role-evaluation is based on the current schema, similar to name resolution for DB objects.
So, two roles with the same name but one in the current schema and one global, then the current schema role will be considered.
Other schema roles (i.e. with schemas different than the current schema) won't be considered.
There you go, now we know.
So that explains why schema name is not displayed in SAP SU01 DBMS Tab, Which is why roles with the same name in different schema only make sense in the case of HDI roles. As HDI roles cannot be assigned/removed using Grant/Revoke statement which is used by SAP in case DBMS role is added/removed using SU01 DBMS tab.
Any Idea if SAP plans to support HDI Roles in SU01 DBMS Tab in the coming years?
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.