on 06-28-2016 10:35 AM
Hello community,
do you know if it's possible to grant SELECT privileges on all tables from a distinct schema (or the whole db) to a role?
It would be nice to have something like a "read only" user for the whole database, just in case you want to look up a data set without accidently editing anything.
All the solutions I found don't match with the possible SQL syntax for HANA and system privileges like catalog_read don't provide the same possibilities.
Thank you.
Hello Nicolai,
you can grant the SELECT object privilege on schema level which allows the user to which the privileges are assigned, to select from all tables within that schema (check the object privilege reference: Object Privileges (Reference) - SAP HANA Security Guide - SAP Library).
Regards,
Florian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you. I've already tried that by executing GRANT SELECT ON SCHEMA XY TO ROLENAME, but the desired user still cannot select any tables from that schema. In the security tab and the role profile the result is an object privilege with SELECT permissions, so that should be good.
Even when I right-click on the schema and perform a find table request it won't find anything.
When I try to select the tables by using SQL it says table not found (but the table is definitely there).
SAP DBTech JDBC: [259]: invalid table Name: Could not find table/view XYZ in schema XY
The error message you get is not related to an authorization problem. If you do not have the privileges, then you get a corresponding error message.
It seems really that the table is not existing (at least in the schema you try). Can you check by a select on system view TABLES, if your table is available (of course you need the corresponding privileges to be able to do so).
Regards,
Florian
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.