Skip to Content
avatar image
Former Member

Applying User Security in HANA

Hi Experts,

Need some help in security implementation via HANA.

We are trying to applying data restrictions at BOBJ reports via HANA.

1. We had a custom table in BW/HANA which has the user access details.

2. We developed a procedure to pull the authorizations based on the session user.

3. Created an analytic privilege, added all the needed and their dependent views to this analytic privilege.

4. Assigned the attribute restrictions on the views by passing the input from above created catalog procedure.

5. Created a role and assigned this analytic privilege to that role.

6. Assigned this role to a user ID.

Now when we are trying to do a Data Preview on the views with that User ID after the role assignment, we are not able to see the data. However, the back-end tables has data.

Procedure is also giving the data the user is authorized to see.

However, the views are not giving any data.

Are we missing anything? Please advise.

Thanks!

Mahendra Pederedla

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Apr 05 at 09:13 PM

    Hi Mahendra,

    Out put the procedure( used in analytical privilege ) act as WHERE condition to SELECT on the view.

    To debug the issue, run select statement on the view(remove Analytical privilege restriction on the view) by using out put of the procedure as WHERE condition.

    Regards,

    Nagaraj

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Nagaraj,

      Yes, I debugged in the same manner

      Removed the Analytic Privilege restriction, ran a select statement on the view and applied out of the Procedure as where condition.This doesn't gave me any output till the newly created role is assigned to my ID.

      As soon as the role is removed, the view as well as select statement started giving output.

      FYI, view has data for the procedure output. I have validated this with different ID which does not have this role assigned.

      Thanks,
      Mahendra.

  • Apr 05 at 09:48 PM

    Hi Mahendra,

    Here's a simple solution that I follow to identify missing privileges.

    Execute this statement - alter system alter configuration ('indexserver.ini','SYSTEM') SET ('trace','authorization')='info' with reconfigure;

    and then do the action which you want to investigate. The look at the index server trace. You should see the missing privileges listed in the log.

    You can switch off the trace using - alter system alter configuration ('indexserver.ini','SYSTEM') unset ('trace','authorization') with reconfigure;


    Benedict

    Add comment
    10|10000 characters needed characters exceeded