cancel
Showing results for 
Search instead for 
Did you mean: 

Better way to restrict end user access to a group of HANA views?

Former Member
0 Kudos

Hi,

Want to restrict end user (for example, AFO users) access to a group of HANA views.

A known method is to create a role like following, which gets SELECT access to views by granting it view by view (view CTS_TEST.BILLING/ZORBL101 in the example below).

And then assign this role together with role RESTRICTED_USER_JDBC_ACCESS to a user.

role wow.security.roles.reporting::AFO_role {

catalog sql object "_SYS_BIC"."CTS_TEST.BILLING/ZORBL101": SELECT;

catalog schema "_SYS_BI": SELECT;

analytic privilege: Project_AFO:AP_AFO.analyticprivilege;

}

The downside of this approach is that you need to modify the role every time a new view to be exposed to end users.

Based on my check, a wildcard for privilege assignment is not supported, which means we can NOT have something like

catalog sql object "_SYS_BIC"."CTS_TEST.BILLING/ZORBL*": SELECT;

in a role definition.

Besides, package privilege is only about design time objects for modellers in HANA Studio, which can’t give access to runtime objects for end users.

Any other option, make this process easier and avoid changing the role when you get new views to expose to end users?

Thanks!

Matt

Accepted Solutions (0)

Answers (1)

Answers (1)

mrwong05
Participant
0 Kudos

Have you found a solution to your problem?