SAP HANA User Management
SAP IMC Studio (In-Memory Computing studio) Authorizations
SAP In-Memory Computing studio is also used for user provisioning. It allows you to create users, roles, role hierarchy and more. There are 3 Types of privileges you can create in SAP In-Memory Computing studio.
1. System privileges
– It allowes you to do user management (Create, Restrict, Drop users, etc..)
– USER ADMIN, ROLE ADMIN, DATA ADMIN, ALTER SYSTEM, ALTER DATABASE, CREATE SCHEMA
– You can assign/revoke system privileges using the administration console of IMC Studio
2. SQL privileges
Use Administration Console Perspective to assigned/revoked SQL privileges. It allows you to modify and restrict access to database objects such as tables.
Schema privileges: DROP, CREATE [ANY], INSERT, SELECT, UPDATE, DELETE, EXECUTE
Data Object privileges: INSERT, SELECT, UPDATE, DELETE, EXECUTE, INDEX, ALTER, DROP
3. Analytic privileges
– You can restrict user access to business data based on Attributes.
“country = USA, year = 2012”
– It cannot be defined on hierarchies or measures
Few Important Things to remember.
– The SAP in-memory computing engine provides Direct login to studio using name and password and also authentication using third-party authentication providers (ex: Kerberos).
– Roles are assigned to users, and roles can also be assigned to roles (role hierarchy)
Define and Create Roles -> Assign Privileges to Roles -> Create Users -> Assign Users to Roles