on 12-30-2015 8:26 PM
Hi,
We are implementing reporting directly against HANA Analytic Views (AVs) using Analysis for Office (Excel). I would like to build an organizational structure and security model where the user only sees the AVs relevant to their areas.
The links below explain / talk about this process using an OLAP connection, and I have been successful getting this working with a BIP OLAP connection to HANA (SP9) and AO 1.4. I have not been able to replicate this functionality using AO 2.2 and the HTTP connection to HANA, the only HANA connection available for AO 2.2.
Using HTTP / AO 2.2 ,when attempting to use the same roles which properly restrict the AVs using OLAP / AO1.4, the user is able to see all the AVs in the HANA system. When the user tries to open a view which they do not have access to based on the role the AV will not return any data. Ideally we would like the users to not even see these AVs.
Has anyone tried to restrict the visibility of AVs using HTTP / AO2.2? Is this even possible?
Thanks in advance for any feedback.
Mel
Check whether the object privilege "_SYS_BIC" is assigned to user? This gives the visibility to all information views.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Raj,
Thank you for your response. It turns out that this was the issue, a very "rookie" miss on my part. I created a new role to use with my Restricted test user and it only contained the views from _SYS_BIC required for the AVs that I wanted visible, the same views secured by the Analytic Privilege.
However, what I did not notice was that the repository view provided by SAP for HTTP connection access, "sap.bc.ina.service.v2.UserRole::INA_USER", contained _SYS_BIC with the "References" privilege. I created a new role with all the objects / access that the delivered role contained except for _SYS_BIC and assigned the new role to the test user in place of the delivered role and now only the required AVs as visible.
If anyone is interested is what the minimum privileges required for this functionality please let me know and I can post screenshots of the roles that I have created.
Thanks,
Mel
User | Count |
---|---|
81 | |
24 | |
11 | |
9 | |
7 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.