Hi Guys,

Jonathan Haun has written a blog here in reply to my tweet.

So far I have tested his suggestions (i.e. adding corresponding column views in _SYS_BIC instead of giving _SYS_BIC full access to role) and it works in test environment (rev 60)

Roles - PUBLIC

SQL Privileges - Execute and SELECT on _SYS_BI. SELECT on each associated column view in _SYS_BIC, SELECT on Schema

Analytic Privileges - The one that I created to allow views under package

System - None

Packages - My package that also has a few other analytic, attribute & calc views. It is always good to create sub packages for specific department and move views in there.

We tested it at work (rev 64) and it didn't work for HANA Live content views. We still were able to view the HANA live content views which stays in other package sap.hba.ecc. Kindly, one of the consultant showed us a patch discussed in SAP note 1907697 (released on September 2nd 2013) which at the end fixed our issue. We also learned that after applying that patch _SYS_BIC is not required under SQL privilege.

"SAP note explains with rev 64 the _SYS_BI.BIMC_Cubes view is reverted to its original definition, excluding the feature for selecting only the user authorized views. In revision 60 to 63 the definition of _SYS_BI.BIMC_Cubes included a SQL part of select from SYS.ACCESSIBLE_VIEWS which was showing only the views/cubes for which the user has permissions (analytical Privilege) to select from"

I have also found that views in HANA live content have "Enable Analytic Privilege" un-checked. If we tick that box and create approriate analytic privilege to allow business users to view only their allowed views in package then other views are secured and users cant see them.

However, I still don't understand that should we implement both (above mentioned solution/workaround) or just do one depending upon the version?

Anyway, I hope it will help some one in future.

Regards

Angad