cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HANA Authorization for _SYS_REPO User

Go to solution
Former Member

on ‎03-29-2012 9:52 PM

0 Kudos

Hi All

In HANA system there are some per-delivered users such as SYS, SYSTEM _SYS_REPO,_SYS_STATICS.

I understand SYSTEM user is administration user for all administration related activities in HANA via the studio.but I could not understand the importance of _SYS_REPO and _SYS_STATISTICS, in _SYS_REPO under schema privileges all the schemas created needs to be added as a best practice , and I could not find the usage of _SYS_STATISTICS,can any body explain the usage of the users _SYS_REPO and _SYS_STATISTICS.

Thanks

Santosh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

lbreddemann
Active Contributor
‎03-29-2012 9:57 PM
0 Kudos

Hi there,

_SYS_REPO is there to be used by the designer repository. Basically it's the data store for the designer part of the HANA studio.

_SYS_STATISTICS contains the tables/views to consume the data collected by the statisticserver.

regards,

Lars

Show replies
Show replies
Former Member
‎03-29-2012 10:31 PM
0 Kudos

Hello Lars

But who will these User Ids , Admin user Login with "SYSTEM" user and a Non-Admin user log with their own ids .I could not understand how the user acts as data store for designer part of studio.

Thanks

Santosh.

former_member182277
Contributor
‎03-30-2012 6:37 AM
0 Kudos

Hello Santosh,

Some points from my side..

1. _sys_repo is having all the information about the developed objects like package, active views, inactive views, etc.

2. _sys_statistics is having all the information regarding the monitoring or mostly admin details like sever memory, tables sizes, etc

Hope it is helpful.

Regards,Neha

lbreddemann
Active Contributor
‎03-30-2012 9:28 AM
0 Kudos

I don't fully understand your question here, sorry Santosh.

The data has been put into seperate users/schemas to make sure that they are in their own security and naming context.

The _SYS_STATISTICS user is also used by the statisticsserver itself to gather data.

In general please consider the pre-configured users (SYSTEM, SYS,  _SYS_*) as part of the HANA database software. They are not to be used by users, developers or administrators but only serve as 'seeding' setup to facilitate the setup of your own security and authorization scheme.

regards,

Lars

Former Member
‎03-30-2012 9:53 AM
0 Kudos

Hi Lars

No Problem,hope the below one would bring clarity on my question.

  So these users are defined for internal component usage of HANA not to be touched by any users , now I understand the _SYS_STATSTICS is being used by statistics server , can you site an example for _SYS_REPO where is it being used and which component of HANA is using it .Also all these users updated automatically.suppose if I create a new schema that should be updated under SQL privileges of _SYS_REPO section right ? is it done manually or system updates automatically necessary things for these system users.

Thanks

Santosh

former_member182277
Contributor
‎03-30-2012 10:09 AM
0 Kudos

Hello Santosh,

In _sys_repo you will be able to see all the objects that you have been created or other users like package, views etc. the table under the _sys_repo updated automatically.

But if you created a new achema that you need to be add manually in the _sys_repo or SQL priviledge under the auhorization taht will not update automatically.

Hope it is useful.

Regards,neha

lbreddemann
Active Contributor
‎03-30-2012 12:46 PM
0 Kudos

Hi again,

_SYS_REPO is used by the designer component of the HANA studio during the activation of objects.

And the user needs to have SELECT ON SCHEMA … WITH GRANT OPTION to grant the access to base tables to the end users of the activated views.

Regards,

Lars

Former Member
‎03-31-2012 5:18 AM
0 Kudos

Hi Lars

  Thanks for that info ,so if the respective schema is not there under_SYS_REPO, the modelling users and reporting users would not be able to view it am I right?

also as I mentioned in earlier post if a new schema is created is it automatically updated under SQL privileges section of _SYS_REPO  user or any administration user needs to manually update it.In case if it is automatic updation is it true for all *SYS* users.

Thanks

Santosh

hai_murali_here
Advisor
Advisor
‎03-31-2012 7:05 AM
0 Kudos

Hi Santosh,

Yes,if the respective schema is not there under _SYS_REPO->SQL Priv,then data preview will throw an error.

Hence,If any new schema created,it has to be added manually under _SYS_REPO user with Select,grant option to view the data.

Rgds,Murali

lbreddemann
Active Contributor
‎03-31-2012 4:01 PM
0 Kudos

Santosh,

_SYS_REPO is a system user. Its schema is a system schema. You don't touch any of those.

When you create new application schemas in your security context, e.g. under your user, then it's necessary to grant _SYS_REPO the SELECT WITH GRANT privilege on your schema, if you want to build and activate models that read from your schema.

Think of _SYS_REPO as "the activation guy". It takes your models and creates the necessary runtime objects from them (_SYS_BIC schema, several BIMC_*-tables and other places keep these runtime information). Now, after having activated all your models that access data in your schemas, _SYS_REPO wants to give you (and probably other users) read access to the activated models. Part of that is allowing read access to your data.

That's what _SYS_REPO needs the privilege for your schema for. Allowing others the access to your schema.

Since not all schemas in the database will be used in models, there is no automatic assignment of this privilege to _SYS_REPO.
As part of your security strategy you need to actively assing _SYS_REPO the permission to every schema you want to build models on.

Cheers, Lars

Former Member
‎04-01-2012 2:53 AM
0 Kudos

Hi Lars ,Murali and Neha

  Thanks a lot  for all your helpful contribution, it resolved my doubts.

Regards

Santosh

former_member186273
Participant
‎10-23-2012 4:04 AM
0 Kudos

One tiny mistake I found in your answer is that, the runtime objects were actually stored in schema _SYS_BI instead of _SYS_BIC.


Under the schema _SYS_BIC, there is only one table exists named as MDX_CACHE, by the way, my hana server were newly installed based on weekstore 39.

Regards

Ethan

Former Member
‎10-23-2012 5:44 AM
0 Kudos

Hi Ethan

    I don't know which run time objects you are talking about , but if it is about run time objects of respective Attribute,Analytic and calculation Views as said above you can find them under _SYS_BIC schema you can find them under column views section ,they are not under Tables section.

Thanks

Santosh Varada

former_member186273
Participant
‎10-23-2012 6:19 AM
0 Kudos

Hi Santosh

I'm referring @Lars Breddemann answer.

     "Think of _SYS_REPO as "the activation guy". It takes your models and creates the necessary runtime objects from them (

_SYS_BIC schema, several BIMC_*-tables and other places keep these runtime information
)"

I found those BIMC_* tables that store runtime information actually under _SYS_BI schema instead of _SYS_BIC.

And you are right, activated views were stored in _SYS_BIC/Column views. Sorry to make you confused.

Thanks

Ethan

Answers (1)

Answers (1)

Former Member
‎05-13-2016 11:02 PM
0 Kudos

This message was moderated.

Show replies
Show replies
Ask a Question