on 03-30-2016 8:23 PM
Hello all,
I have a question on how are user IDs setup in the production SAP HANA systems.
In HANA every Standard User owns a schema in which they are free to develop any Catalog objects like tables, views, procedures, etc. If a developer or a support user has a user ID in production, nothing prevents them from creating large tables in their schema & consuming memory and impacting the operation of the system. When we setup user IDs in production, how can we prevent these users from creating their own tables in their schema?
I see HANA has the Restricted User type. But the description of this user type sounds like they are meant to be used with XS applications.
How are users setup in a typical HANA datamart/sidecar environment, where the users should not be allowed to create their own custom objects.
Please share any experience / best practices.
Thanks,
Suresh Devarajan
Hello Suresh,
When we create Restricted Database user, the Public role will not be granted.
In addition,
Regards,
Vinoth V
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Suresh,
To your question:
How are users setup in a typical HANA datamart/sidecar environment, where the users should not be allowed to create their own custom objects.
Kindly note that the dev user id's wont be available in production system. If a developer wants to test something in prod then they would be using Generic Id's. I can simplify my statement even further saying that in prod system none of the objects and views depends on dev user id's. The developers would only be given access to view the data that too on the views and objects which they had moved to prod.
We do have catalog roles like CONTENT_ADMIN, MODELLING etc which are also responsible in providing access to the developers to the objects. But, both the CONTENT_ADMIN as well as the
MODELING role which contains the standard analytic privilege _SYS_BI_CP_ALL are not granted to users, particularly in production systems.
We go for "Restricted Database User" when we want to provide access especially to an End user to access a View using reporting tools like BO AAO/Tableau or via Web.
Below are some of the links which you might find it useful:
Object Privileges (Reference) - Important Critical Configurations - SAP Library
http://help.sap.com/saphelp_hanaplatform/helpdata/en/de/421861bb571014846288086be76719/content.htm
Regards,
Vinoth V
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.