Skip to Content
avatar image
Former Member

Better way to restrict end user access to a group of HANA views?


Want to restrict end user (for example, AFO users) access to a group of HANA views.

A known method is to create a role like following, which gets SELECT access to views by granting it view by view (view CTS_TEST.BILLING/ZORBL101 in the example below).

And then assign this role together with role RESTRICTED_USER_JDBC_ACCESS to a user.

role {

catalog sql object "_SYS_BIC"."CTS_TEST.BILLING/ZORBL101": SELECT;

catalog schema "_SYS_BI": SELECT;

analytic privilege: Project_AFO:AP_AFO.analyticprivilege;


The downside of this approach is that you need to modify the role every time a new view to be exposed to end users.

Based on my check, a wildcard for privilege assignment is not supported, which means we can NOT have something like

catalog sql object "_SYS_BIC"."CTS_TEST.BILLING/ZORBL*": SELECT;

in a role definition.

Besides, package privilege is only about design time objects for modellers in HANA Studio, which can’t give access to runtime objects for end users.

Any other option, make this process easier and avoid changing the role when you get new views to expose to end users?



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers