cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Created roles are auto-granted to creator by sys (sometimes)

Former Member

on ‎06-17-2014 10:33 PM

0 Kudos

Hello,

this is just another discovery on HANA I do not fully understand.

Sometimes a user who creates a role get's it automatically granted by SYS.

Sometimes a user who creates a role does not get it automatically

granted.

We experience this with HDB's on the same revision (74).

Can anyone explain this behavior?

Thank you

Florian

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

thomas_jung
Developer Advocate
Developer Advocate
‎06-17-2014 10:45 PM
0 Kudos

How are you creating the roles - in the repository (via a project) or directly in the catalog (by clicking New Role under the Security->Roles folder in the Systems view)?

Repository created roles are owned by _SYS_REPO and therefore the creating user has no initial access to them.They must be granted to them by someone who has access to the GRANT_ACTIVATED_ROLE procedure (by calling the procedure directly or from the user management tool).

Catalog roles, on the other hand, are database objects owned by the user who creates them and therefore they are immediately granted to that user.

Show replies
Show replies
Former Member
‎06-18-2014 12:04 AM
0 Kudos

Hello Thomas,

in both cases these are catalog roles owned by the user who created them.

Actually the sample where we experienced this was a SAPINST installation.

We currently roll out multiple SAP suite systems on HANA and e.g. on the BI installation the ABAP* roles that are created during the installation are not directly granted to the user who owns/created them (SAPSID) where the same roles generated on a e.g. SRM system installation are directly granted to SAPSID.

In both cases SAPINST created these roles as catalog roles using the SAPSID user.

Ask a Question