This blog explains how to use the SAP HANA Web-Based Development Workbench to grant object privileges with repository roles in SAP HANA.
SAP HANA Web-Based Development Workbench
The SAP HANA Web-Based Development Workbench editor, hosted within the XS engine, provides an interface that you can use to build and test development artifacts. From a security perspective, we can use this interface to create and manage repository-based roles. This interface offers all the advantages of repository-based roles without the need to define those roles using scripts. The interface is not exclusive, meaning that you can edit repository-based roles created using scripts with the GUI interface, and you can edit a repository-based role’s scripts, those created using a GUI, in SAP HANA Studio. This flexibility allows the security administrator to manage the repository role using either interface.
You can access the SAP HANA Web-Based Development Workbench editor via a supported Internet browser. The following URLs can be customized to match the details of your environment:
http://sap-hana.myhost.com:8000/sap/hana/ide/editor
http://<sap_hana_host>:80<instance_number>/sap/hana/ide/editor
Replace <sap_hana_host> with the hostname of the SAP HANA system in your environment and <instance_number> with the two-digit instance number corresponding to your SAP HANA system.
For secure access, the following examples should help you construct the correct URL:
https://<sap_hana_host>:43<instance_number>/sap/hana/ide/editor
https://sap-hana.myhost.com:4300/sap/hana/ide/editor
To use the workbench and define a role, the user account first will need to be granted one of the roles listed below. Users only need one of the two roles to use the workbench.
SAP HANA Web-Based Development Workbench
The SAP HANA Web-Based Development Workbench editor, hosted within the XS engine, provides an interface that you can use to build and test development artifacts. From a security perspective, we can use this interface to create and manage repository-based roles. This interface offers all the advantages of repository-based roles without the need to define those roles using scripts. The interface is not exclusive, meaning that you can edit repository-based roles created using scripts with the GUI interface, and you can edit a repository-based role’s scripts, those created using a GUI, in SAP HANA Studio. This flexibility allows the security administrator to manage the repository role using either interface.
You can access the SAP HANA Web-Based Development Workbench editor via a supported Internet browser. The following URLs can be customized to match the details of your environment:
http://sap-hana.myhost.com:8000/sap/hana/ide/editor
http://<sap_hana_host>:80<instance_number>/sap/hana/ide/editor
Replace <sap_hana_host> with the hostname of the SAP HANA system in your environment and <instance_number> with the two-digit instance number corresponding to your SAP HANA system.
For secure access, the following examples should help you construct the correct URL:
https://<sap_hana_host>:43<instance_number>/sap/hana/ide/editor
https://sap-hana.myhost.com:4300/sap/hana/ide/editor
To use the workbench and define a role, the user account first will need to be granted one of the roles listed below. Users only need one of the two roles to use the workbench.
The SAP HANA Web-Based Development Workbench editor interface is very similar to the development areas within the Repositories tab of SAP HANA studio. The figure below shows the editor; on the left side, you’ll see a Content folder with the package hierarchy below it.
As you expand the package hierarchy nodes, you’ll likely begin seeing development artifacts, depending on what’s available within your environment. To create a repository role, right-click the package where you want to store it and choose New > Role. A small window will appear asking for the Role Name. After entering the name, click OK and a new tab-based window will appear on the right. Click the Object Packages tab to manage object privileges. Select or add a catalog object to manage its privileges.
To grant catalog object privileges, on the right side of the tab under the section labeled Privileges, select the checkbox next to each privilege name. Items that are checked will be granted; those unchecked won’t be granted. When finished, click the Save All icon to save and activate the repository role. Security administrators won’t be able to grant this repository role to other user or roles.
Users that want to avoid using SQL to grant catalog privileges or scripts to define catalog privileges in a repository role will find the workbench very useful. The GUI is very easy to use and decouples the security developer from the need to memorize SQL statements or script syntax. As you might know, there’s an option in SAP HANA Studio for granting standard roles and user privileges, but SAP HANA Web-Based Development Workbench offers options to define repository-based roles.
No comments:
Post a Comment