SAP HANA User Management

SAP IMC Studio (In-Memory Computing studio) Authorizations

SAP In-Memory Computing studio is also used for user provisioning. It allows you to create users, roles, role hierarchy and more. There are 3 Types of privileges you can create in SAP In-Memory Computing studio.

1. System privileges

– It allowes you to do user management (Create, Restrict, Drop users, etc..)
– USER ADMIN, ROLE ADMIN, DATA ADMIN, ALTER SYSTEM, ALTER DATABASE, CREATE SCHEMA
– You can assign/revoke system privileges using the administration console of IMC Studio

2. SQL privileges

Use Administration Console Perspective to assigned/revoked SQL privileges. It allows you to modify and restrict access to database objects such as tables.

Schema privileges: DROP, CREATE [ANY], INSERT, SELECT, UPDATE, DELETE, EXECUTE
Data Object privileges: INSERT, SELECT, UPDATE, DELETE, EXECUTE, INDEX, ALTER, DROP

3. Analytic privileges

– You can restrict user access to business data based on Attributes.
“country = USA, year = 2012”

– It cannot be defined on hierarchies or measures

Few Important Things to remember.
– The SAP in-memory computing engine provides Direct login to studio using name and password and also authentication using third-party authentication providers (ex: Kerberos).
– Roles are assigned to users, and roles can also be assigned to roles (role hierarchy)

Process Flow

Define and Create Roles -> Assign Privileges to Roles -> Create Users -> Assign Users to Roles

Leave a Reply