Viewing and Maintaining Metadata to Generate Analytic Privileges
The conversion of users’ ABAP PFCG authorizations into HANA permissions are based on view specific metadata. This metadata defines the mapping between the authorization fields of authorization objects and respective attributes of views. SAP delivers the required metadata for all the relevant query views of the virtual data model. For customer created views, the metadata is defined with the view as specific properties. To view the SAP delivered metadata, open the respective query view and navigate to 
Properties
Analytics Metadata
Maintain Metadata.
In addition, you can use this tool to maintain metadata for views created using tables from the ERP system.
Note
When the calculation view is copied, the assigned analytics metadata is not copied
Do not modify SAP delivered metadata as this metadata is overwritten with the next SP implementation
To maintain analytics metadata, the user require the assigned role
sap.hba.tools.auth.roles::AnalyticsAuthorizationDeveloper
Prerequisites
To maintain Analytics Metadata:
You have assigned the role
sap.hba.tools.auth.roles::AnalyticsAuthorizationDeveloper
You have access to the schema of view
Features
Storing Metadata
You can create analytic metadata for each views. You can open the view definition of a calculation view in the SAP HANA Studio and select Analytics Metadata
in the Properties
view. You store metadata of the query views in analytics metadata. You should select the schema from the drop-down list. The selected schema is used to generate analytic privileges and also as a data source for tables USRBF2
and UST12
. You can add a row and then enter the authorization object. Select the field type. If you select field type as Activity
, the Field Name
and Activity Value
field is enabled and you can enter the value. You specify the activity field and value to define the subset of the users’s PFCG authorization for the selected authorization object with read access. If you select field type as Attribute
, the Field Name
and Attribute Name
fields are enabled and you can enter the value that signify mapping between an authorization field of the selected object and an attribute of the view.
The fields Authorization Object
and Field Name
have an autocomplete feature.
You can use the various options to create, copy, delete, and save the metadata.
Maintain Identical Fields
If authorization fields of various authorization objects should be mapped to the same attribute of the view, and field values in user authorizations in the ABAP based system should be identical, this should be specified in the Maintain Identical Fields
tab.
The identical fields should be available on the Analytics Metadata
tab page. If the identical field is selected, the number of analytic privileges generated is the intersection of restricted values within different authorizations.
Click Add row
to maintain the identical field. If identical fields are available for a particular query view, the identical field is displayed in the Identical Field Attribute Name
drop-down. Select the identical field and click the Save
button.
Note
It is not mandatory to enter the identical field.
Additional Privileges
You can specify additional HANA privileges for a role, schema, procedure, view, and table. This is in addition to the generated analytic select privilege and the analytic privileges for accessing the view that is added to the generated role by the Analytics Authorization Assistant. These privileges are also updated when the update privilege plug-in runs.
Click Add row
. In the pop-up, search for the object privilege, role, or system privilege that must be added. Select the required privilege and click OK
. The selected privileges display in the Additional Privileges
tab page. For each of the selected privilege, the respective privileges display in the right panel. Click the Save
button to save the privileges.
Note
It is not mandatory to enter additional privileges.