on 06-17-2014 10:33 PM
Hello,
this is just another discovery on HANA I do not fully understand.
Sometimes a user who creates a role get's it automatically granted by SYS.
Sometimes a user who creates a role does not get it automatically
granted.
We experience this with HDB's on the same revision (74).
Can anyone explain this behavior?
Thank you
Florian
How are you creating the roles - in the repository (via a project) or directly in the catalog (by clicking New Role under the Security->Roles folder in the Systems view)?
Repository created roles are owned by _SYS_REPO and therefore the creating user has no initial access to them.They must be granted to them by someone who has access to the GRANT_ACTIVATED_ROLE procedure (by calling the procedure directly or from the user management tool).
Catalog roles, on the other hand, are database objects owned by the user who creates them and therefore they are immediately granted to that user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Thomas,
in both cases these are catalog roles owned by the user who created them.
Actually the sample where we experienced this was a SAPINST installation.
We currently roll out multiple SAP suite systems on HANA and e.g. on the BI installation the ABAP* roles that are created during the installation are not directly granted to the user who owns/created them (SAPSID) where the same roles generated on a e.g. SRM system installation are directly granted to SAPSID.
In both cases SAPINST created these roles as catalog roles using the SAPSID user.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.