With the SAP HANA Live Authorization Assistant, you can also update analytic privileges generated earlier using SAP HANA Live Analytics Authorization Assistant. When you make changes in the ABAP authorizations, the changes are reflected in the HANA authorization tables through replication. The update analytic privilege tool identifies the changes in the ABAP authorizations and new restrictions are created when you run the tool. The valid analytic privileges are retained in the role and newly created analytic privileges are added. If the analytic privilege is not valid, it is removed from the role and if analytic privilege is not assigned to any role, it is deleted. The tool only checks if the analytic privilege is assigned to the role.
You have assigned the role sap.hba.tools.auth.roles::AnalyticsAuthorizationAdministrator
to the user executing Analytics Authorization Assistant for generating HANA privileges.
You have granted select privilege for the replicated tables USRBF2,
UST12,
and AGR_1016
to the user executing Analytics Authorization Assistant.
In the SAP HANA Studio, click
The Update Analytic Privileges wizard opens.
Select the Select System
button to select the SAP HANA system where you want to check for the update of authorizations.
The System Details wizard opens.
Select the system in which you want to update analytic privileges for query views.
Select the schema and SAP client for the SAP ABAP system.
By default, the selected package is the last selected package to generate analytic privilege. Click Change
to select the required package for updation of analytic privilege.
In the left panel, the system displays the respective ABAP users or ABAP roles for which analytic privileges with given client and schema are already generated. Use the Add
, Remove
, and Remove All
buttons to update the analytic privileges of ABAP roles and users if there is any change in the authorization data.
Note
Two radio buttons are available: User
and Role
. Click User
to view the list of users. When you click the Role
radio button, a list of roles display.
Click Next
to open the Plan Generation Wizard.
If you select the ABAP user, a summary of analytic privileges required to be updated or removed from the selected ABAP user is displayed. The role displayed in the format ROLE_<abapuser name >
is updated. You can view the status details of the new and existing analytic privilege of the selected query views.
If you select the ABAP role, a summary of analytic privileges required to be updated or removed from the selected ABAP role is displayed. The role displayed in the format ROLE_< abaprole name >
is updated. You can view the status details of the new and existing analytic privilege of the selected query views.
Note
Both the runtime and transportable roles (if any) are updated for the selected ABAP roles or users.
Click Finish
to generate analytic privileges and update the roles. The generated analytic privilege is stored in the selected package. The existing analytic privileges are removed from the role and deleted if they are not used in other objects.
When the activation is complete, you can view the results from the job log view. To view the job log, navigate to
Caution
Do not manually modify any analytic privilege or roles generated by the tool.
Note
The generates roles are re-used, updated, or enhanced when a new generation run is started for the same user. For the roles to be effective, it has to be assigned to a user.