on 01-10-2014 3:31 AM
Hello,
My HANA security guy read something about putting a role inside a package and moving it up the landscape with the object being transported.
How do we get that role in a package?
When I'm on a package and r-click and select 'New' role isn't one of the options.
Do I create a procedure and then code that role inside the procedure?
Mike
Hey Michael, to achieve design time role definition and export ability, you need to be using the developer perspective and the repository concept. You can't create roles in the modeler perspective, only at runtime (as Vijay explained) or at design time in the repository.
For me, the best resource thus far is this free course
https://open.sap.com/course/hana1-1
This explains a lot of this concept. This is not a widely known topic or often used in practice, but SAP is moving towards this instead of continuing the use the modeler perspective in future SP's.
Regards,
Justin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michael Hill,
Roles can be modeled as Repository Objects and as you got from the Open SAP course are known as Design time roles.
Design time roles can be used to grant the following privileges
thus, it includes all the design time objects and if you need to include the runtime objects then you should first grant the same to _SYS_REPO with grantable to others.
Regards,
Anjali Chimnani.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I appreciate the affirmation, Justin, and so I just kept slogging to get that design-time role created. Unfortunately I was hindered by coming into the half-formed HANA development arena (and with half-formed development knowledge.)
So I'll answer Mike's (my own) post --- no points necessary.
Here are the bare bones steps for any other Basis Security folks entering the HANA Security arena.
I'll try and flesh this out further once I get audit policies put together.
Thanks,
Robert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Good Afternoon,
Thanks, Mike, Vijay and Justin.
I'm checking out the OpenSAP course (again) but my suspicion is that role transport is only available for roles associated with an XS application (an area into which we have yet to venture.)
What I would like to do is convert my current batch of run-time roles to design-time versions and transport them. Is this a possibility?
Thanks,
Robert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can absolutely do this. The development perspective is not limited to XS applications, almost all artifact types are moving toward this including modeling artifacts. You can also move table definitions to design time objects too, no need for manual script execution.
At a high level, you link a project in the development view to a systems view package. Since the objects are now contained within a package via this technique, you can subsequently attach to a delivery unit and manually export or transport using CTS+.
I am not actively using this for modeling development, but the security team on our project is perfoming the same work you are asking about right now.
Hope this helps a little,
Justin
And just FYI, this technique also brings you the ability to transport table definitions and debug stored procedures, so it's pretty darn useful.
Regards,
Justin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mike,
There are two ways of creating any object in HANA. One is using the UI approach in HANA studio like how you have mentioned above. And one more is using script based approach. You need to open the sql console and do it.
TO create Roles by script follow the syntax mentioned below.
CREATE ROLE <role_name>
The name of the role to be created. The specified role name must not be identical to the name of an existing user or role. <role_name> ::= <identifier>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.