on 11-04-2014 7:02 AM
Hi Guys,
Could any one please explain what all roles/privileges are required for a HANA Security Administrator. I am aware of below privileges, but any thing apart from these?
Standard Roles: MODELING , MONITORING
Package Privileges: For Root Package, below privileges:
REPO.READ |
REPO.EDIT_NATIVE_OBJECTS |
REPO.ACTIVATE_NATIVE_OBJECTS |
REPO.MAINTAIN_NATIVE_OBJECTS |
System Privileges: (Some of these might not be needed)
REPO.EXPORT |
REPO.IMPORT |
REPO.MAINTAIN_DELIVERY_UNITS |
REPO.WORK_IN_FOREIGN_WORKSPACE |
REPO.MODIFY_CHANGE |
REPO.MODIFY_OWN_CONTRIBUTION |
REPO.MODIFY_FOREIGN_CONTRIBUTION |
ROLE ADMIN |
USER ADMIN |
TRACE ADMIN |
CREATE STRUCTURED PRIVILEGE |
STRUCTUREDPRIVILEGE ADMIN |
Object Privileges: SELECT, EXECUTE, INSERT and UPDATE for _SYS_BI, _SYS_BIC, _SYS_REPO and for schema where all views are stored.
EXECUTE for procedure REPOSITORY_REST.
Analytic Privilege: _SYS_BI_CP_ALL
Is there anything else I am missing? Actually I already have these privileges but not able to assign privileges like REPO.IMPORT or package privileges to users.
Thanks & Regards,
Nitesh Gupta
Hi Nitesh,
It depends on what all authorizations you want to give to your security administrator.
For example, you will need to give him INFILE ADMIN System privilege so that he is able to make changes to password configuration file.
Similarly, You need to provide SELECT, INSERT, UPDATE privilege on _SYS_PASSWORD_BLACKLIST table present in _SYS_SECURITY schema and there are many such privileges.
Similarly, why you want to give Security Admin - Modeling and Monitoring roles or _SYS_BI_CP_ALL privilege?
So I would advise you to go through the below documents once:
SAP HANA Security Guide - SAP Library
Regards,
Vivek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.