on 05-23-2017 7:09 AM
Hi,
Want to restrict end user (for example, AFO users) access to a group of HANA views.
A known method is to create a role like following, which gets SELECT access to views by granting it view by view (view CTS_TEST.BILLING/ZORBL101 in the example below).
And then assign this role together with role RESTRICTED_USER_JDBC_ACCESS to a user.
role wow.security.roles.reporting::AFO_role {
catalog sql object "_SYS_BIC"."CTS_TEST.BILLING/ZORBL101": SELECT;
catalog schema "_SYS_BI": SELECT;
analytic privilege: Project_AFO:AP_AFO.analyticprivilege;
}
The downside of this approach is that you need to modify the role every time a new view to be exposed to end users.
Based on my check, a wildcard for privilege assignment is not supported, which means we can NOT have something like
catalog sql object "_SYS_BIC"."CTS_TEST.BILLING/ZORBL*": SELECT;
in a role definition.
Besides, package privilege is only about design time objects for modellers in HANA Studio, which can’t give access to runtime objects for end users.
Any other option, make this process easier and avoid changing the role when you get new views to expose to end users?
Thanks!
Matt
Have you found a solution to your problem?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
25 | |
12 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.