In this SAP HANA cloud tutorial, we will discuss how to manage roles and privileges for users in SAP Hana Cloud. Basically, we will create new roles and assign some privileges to these roles, and also create users in the aspect of the SAP Hana cloud database.
What are the privileges and roles in SAP HANA Cloud?
A role-based security model is used to describe user privileged and permissions in SAP HANA Cloud and SAP HANA database. Users can be given roles and privileges, or those can be taken away from users.
An individual user may be given a role, which is a collection of privileges. Then, as the privileges of the role alter, so do the privileges of the user. Following is a breakdown of roles:
- System roles: System roles are pre-built and generated automatically when a new database is created.
- User-defined roles: A custom collection called “User-Defined Roles” is frequently created to combine the tasks and privileges.
A privilege grants access to carry out a system action. On the other side, permission is an ability within the boundaries of the environment. if a user has the privileges, but not on the object being acted upon, they might not be allowed to perform an action.
The following is a breakdown of privileges:
- Object-level privileges: These limits the set of specified objects for which you are allowed to execute an action.
- System privileges: The right to take the action is granted to you by system privileges.
An object’s owner can be specified when it is created, otherwise, the creator takes ownership. This allows other database users to receive additional privileges and change the table’s structure.
It takes more than just owning a table to load it with data. Additionally, the user needs to have INSERT access to the database.
Managing Privileges and Creating Users and Roles in SAP Hana Cloud
User roles should be created that meet your requirements before adding users to an instance. A few of the default user roles can be used, and you can also alter or created new ones that are entirely unique.
You should be familiar with these two methods for creating roles, you can create and change roles using the SAP HANA cockpit’s user interface or SAP HANA Database Explorer’s SQL console allows you to make roles.
Using SAP HANA cockpit’s user interface
Click on three do in front of your instance, and open the SAP HANA cockpit for your instance by clicking Open in SAP HANA cockpit.
You must enter both the instance password and the initial database username if you are entering the SAP HANA cockpit for the first time.
- Choose the Security and User Management option from the top left-hand corner of the SAP HANA cockpit.
- To begin, click on Role Management under User & Role Management
A page opens for managing the roles, on the left side of the screen, you will see the list of every user role that is currently in use.
- The information about this role will appear on the right side of the screen if you click on one of them. You can edit a role by clicking on it.
- To add a new role, click the + sign in the top left corner of the screen.
- On the right side of the screen, the role creation wizard appears, Once you specify all the new role details, click on Create in the bottom right of the screen.
It’s time to give privileges to the role ( name of the role is Hana_Roled) that we created, When you are viewing your new role, click Edit in the top right corner as shown in the below picture.
Click on Add button, and add the roles that already exist as shown in the below picture.
Click on Select at the bottom, and then click on the Save button to save the selected roles.
Next, you can choose certain privileges such as object, analytic, and system. Simply select one of these categories as shown in the below picture.
For the above categories, To add something first select Edit from the menu on the right side of the screen. Then select the privileges by clicking on Add.
These are the step to create roles and assign privileges using SAP HANA cockpit’s user interface.
Using SAP HANA Database Explorer’s SQL
In order to use SQL statements to create users, roles, and grant rights in SAP HANA Database Explorer. Your current user must possess the USERGROUP OPERATOR privilege for the user group they belong to.
- If you have logged on as a DBADMIN user, then this privilege is already assigned to you.
Using the SAP BTP cockpit or SAP HANA Cloud Central, launch the instance of SAP HANA Database Explorer.
In the catalog, right-click on your database connection and choose Open SQL Console.
So, to create a user, follow type the blow statement into the SQL console.
CREATE USER hana PASSWORD "Hana5657@";
In the above statement, you can replace the username ‘hana’ and pssword ‘Hana5657@’ with your desired username and password.
- The password must include lowercase, uppercase, digit, and special characters, and the username must be distinct inside the database.
The GRANT statement can be used to assign user privileges and roles. You must possess the necessary rights and privileges in order to apply this statement to grant a specific privilege.
Privileges can also be granted to roles using the GRANT statement. The GRANT statement should be used with the following general structure to grant a user access to a certain object or schema.
GRANT privilege ON OBJECT_OR_SCHEMA object_or_schema_name to user_name;
For instance, you might modify the statement as follows to grant a user privilege SELECT for the schema SFLIGHT.
GRANT SELECT ON SCHEMA SFLIGHT TO hana;
It is necessary to change the statement to grant roles to the users as follows.
GRANT <role_name> to <username>
You must include WITH GRANT OPTION at the end of the statement to allow a user to grant permission to another user themselves.
You must include WITH ADMIN OPTION to the statement in order to account for roles and system privileges.
You now understand how to utilize the SAP HANA Database Explorer and SAP HANA cockpit to create users, grant roles and privileges, and manage access permissions in your instance.
Conclusion
In this SAP HANA Cloud tutorial, we have discussed the terms roles, privileges, and users, and also learn how to create roles, and users and assigned some privileges to these roles in SAP HANA Cloud.
You may like the following SAP Hana cloud tutorials:
I am Chris Waldron, working as a Senior SAP HANA Consultant at Halliburton, Houston, Texas, United States. I have been working in SAP for more than 15 years, especially in SAP IT consulting and business consulting. I worked in various industries in Sales & Distribution, Customer Relationship Management, banking, Risk Management, etc. And I am an SAP Certified Development Specialist – ABAP for SAP HANA 2.0 and SAP HANA Modeling Certified consultant. Read more