Skip to Content
avatar image
Former Member

AMDP and HANA analytical privileges

Hi, we have implemented an AMDP class with method to execute HANA views.

In the HANA DB, we have developed Role and Analytical Privileges.

How we can leverage the HANA security : Role and Analytical Pri. during the execution of the AMDP method ?

Reading the discussion:

https://archive.sap.com/discussions/thread/3672630

seems that the connection to the HANA DB is always done with the user SAP<SID>.

Thanks.

Andrea

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jun 14, 2017 at 06:18 AM

    When using a database over the database connections of an AS ABAP, the database user is a work process of the AS ABAP, that implicitly accesses the database schema which is connected to the database connection. The database user name of a workprocess can be determined using the function module DB_DBUSER. The database user name is mostly, but not necessarily SAP<SID>. The ABAP database schema is assigned to this user. The name of the ABAP database schema can be determined using the function module DB_DBSCHEMA_CURRENT. It is also mostly, but not necessarily SAP<SID>. (There is also a function module DB_DBSCHEMA that determines the name of the owner of the ABAP database schema, again mostly, but not necessarily SAP<SID>).

    AMDP is a framework for creating and calling database procedures and functions from the AS ABAP. Creating is always done by the AS ABAP with a work process as a DB user and in the ABAP database schema. Calling an AMDP procedure or function from ABAP (either using an ABAP method call or by accesing a CDS table function in Open SQL) is also carried out by a work process as a DB user. The privileges of the workprocess as the database user are taken into account. In order to call an AMDP procedure or function with another database user and her priviliges, you have to do it natively from inside HANA (not recommended by SAP). Then, you must take care that the AMDP procedures or functions are available. For that you can use the methods of CL_AMDP_RUNTIME_SERVICES.

    Add comment
    10|10000 characters needed characters exceeded