cancel
Showing results for 
Search instead for 
Did you mean: 

Restricting Views(?) When Using HANA HTTP Connection and Analysis for Office 2.2

Former Member
0 Kudos

Hi,

We are implementing reporting directly against HANA Analytic Views (AVs) using Analysis for Office (Excel).  I would like to build an organizational structure and security model where the user only sees the AVs relevant to their areas. 

The links below explain / talk about this process using an OLAP connection, and I have been successful getting this working with a BIP OLAP connection to HANA (SP9) and AO 1.4.  I have not been able to replicate this functionality using AO 2.2 and the HTTP connection to HANA, the only HANA connection available for AO 2.2. 

Using HTTP / AO 2.2 ,when attempting to use the same roles which properly restrict the AVs using OLAP / AO1.4, the user is able to see all the AVs in the HANA system.  When the user tries to open a view which they do not have access to based on the role the AV will not return any data.  Ideally we would like the users to not even see these AVs.

Has anyone tried to restrict the visibility of AVs using HTTP / AO2.2?  Is this even possible? 

Thanks in advance for any feedback.

Mel


http://scn.sap.com/message/14413938

http://scn.sap.com/message/14428836

Accepted Solutions (1)

Accepted Solutions (1)

rindia
Active Contributor
0 Kudos

Check whether the object privilege "_SYS_BIC" is assigned to user? This gives the visibility to all information views.

Former Member
0 Kudos

Hi Raj,


Thank you for your response.  It turns out that this was the issue, a very "rookie" miss on my part.  I created a new role to use with my Restricted test user and it only contained the views from _SYS_BIC required for the AVs that I wanted visible, the same views secured by the Analytic Privilege.

However, what I did not notice was that the repository view provided by SAP for HTTP connection access, "sap.bc.ina.service.v2.UserRole::INA_USER", contained _SYS_BIC with the "References" privilege.  I created a new role with all the objects / access that the delivered role contained except for _SYS_BIC and assigned the new role to the test user in place of the delivered role and now only the required AVs as visible.

If anyone is interested is what the minimum privileges required for this functionality please let me know and I can post screenshots of the roles that I have created.

Thanks,

Mel

rindia
Active Contributor
0 Kudos

Hi Mel,

You are welcome to share your knowledge if your time permits to do so

Regards

Raj

gopibuz
Explorer
0 Kudos

Mel,

Can you share the access privileges  required in HANA  for HTTP connection with BIP CMC.

Thanks in advance.

Gopi

Former Member
0 Kudos

This message was moderated.

Former Member
0 Kudos

Hi Mel,

If you don't mind can you please share a sample of the role you created.

Thanks

AJ

Answers (0)