cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue with HANA DB Roles with same name in different Schema

former_member699885
Explorer

on ‎02-04-2021 4:57 AM

Hi,

I have 2 roles in HANA DB with the same name but a different schema. The question is how does SAP Bifercates them while showing it in SU01 ( DBMS Tab ). Is it advisable to have 2 roles with the same name?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Cocquerel
Active Contributor
‎02-04-2021 8:02 PM

Note that GRC is supporting HDI roles. See 2879587 - SAP GRC AC, enable HANA schema roles provisioning for the GRC Access Request

Show replies
Show replies
lbreddemann
Active Contributor
‎02-04-2021 5:42 AM

HANA does not allow for per-schema roles.

So, what you are seeing in the screenshot are not "roles in different schemas".

Unless we know what data the two columns contain and where this information is sourced from, it will be difficult to explain what the screenshot shows.

However, I suspect it may show roles that have been granted (maybe directly and indirectly) and are owned by a specific user. E.g. that role "zmv_test" may be part of other roles and one of those roles is owned by the SYSTEM user while the others are owned by the SYS user.

Show replies
Show replies
former_member699885
Explorer
‎02-04-2021 6:04 AM
0 Kudos

Please check the attached screen shot

lbreddemann
Active Contributor
‎02-04-2021 10:04 AM
0 Kudos

All right, I have to revise my answer - in fact, I learned something new here.

Always a win, when that happens 🙂

So, HANA does indeed support per-schema roles. That's how HDI container-specific roles work.

The role-evaluation is based on the current schema, similar to name resolution for DB objects.

So, two roles with the same name but one in the current schema and one global, then the current schema role will be considered.

Other schema roles (i.e. with schemas different than the current schema) won't be considered.

There you go, now we know.

former_member699885
Explorer
‎02-04-2021 5:18 PM

So that explains why schema name is not displayed in SAP SU01 DBMS Tab, Which is why roles with the same name in different schema only make sense in the case of HDI roles. As HDI roles cannot be assigned/removed using Grant/Revoke statement which is used by SAP in case DBMS role is added/removed using SU01 DBMS tab.

Any Idea if SAP plans to support HDI Roles in SU01 DBMS Tab in the coming years?

Ask a Question