MichaelB.
7/28/2018 - 2:03 PM

GRANT a user privileges

You cannot grant privileges to yourself. You need to use the GRANT SELECT ON SCHEMA statement to give another user access to your schema. You can also grant MODIFY or CREATE access.

When activating design time objects that use a catalog object, the SYS REPO user needs to have SELECT privileges on your schema name WITH GRANT OPTION. This is because when activating design time objects, runtime objects are generated in that schema and to do that the SYS_REPO user needs SELECT privileges for that schema. If you use INSERT statements in your stored procedure, you need to grant INSERT access to the _SYS_REPO user. For Data Preview in Flowgraph need to grant SYS_REPO user select and execute privileges for the schema containing the tables you use.

-- Grant the system user select access to your schema
GRANT SELECT ON SCHEMA schema_name TO SYSTEM;


-- Grant a user access to your schema
GRANT SELECT ON SCHEMA schema_name TO user_name;


-- Grant user authorization to create objects in a schema
GRANT CREATE ANY ON SCHEMA TO USER;


-- Grant the _SYS_REPO user access to your schema 
GRANT SELECT ON SCHEMA schema_name TO _SYS_REPO WITH GRANT OPTION;


-- Grant the _SYS_REPO user insert access on your schema 
GRANT INSERT ON SCHEMA schema_name TO _SYS_REPO WITH GRANT OPTION;


-- Grant activated role (Web IDE Developer)
CALL GRANT_ACTIVATED_ROLE('sap.hana.xs.ide.roles::Developer' ,'User');


-- Grant rights to change content in a package (grant via SYSTEM user)
GRANT EXECUTE ON REPOSITORY_REST TO USER;
GRANT EXECUTE ON GRANT_ACTIVATED_ROLE TO USER;
GRANT EXECUTE ON REVOKE_ACTIVATED_ROLE TO USER;
GRANT REPO.READ, REPO.EDIT_NATIVE_OBJECTS, REPO.ACTIVATE_NATIVE_OBJECTS, REPO.MAINTAIN_NATIVE_OBJECTS ON "package" TO 'User';
GRANT REPO.EDIT_IMPORTED_OBJECTS, REPO.ACTIVATE_IMPORTED_OBJECTS, REPO.MAINTAIN_IMPORTED_PACKAGES ON "package" TO 'User';


-- Grant rights to connect to SDI adapter (grant via SYSTEM user)
GRANT CREATE REMOTE SOURCE TO 'User' ;
GRANT ADAPTER ADMIN TO 'User';
GRANT AGENT ADMIN TO 'User';


-- Grant privileges to _SYS_REPO user on schema in one go
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON SCHEMA schema TO _SYS_REPO WITH GRANT OPTION; 

-- Grant rights to user that creates SDI Match/Cleanse transform
GRANT EXECUTE ON "_SYS_REPO"."TEXT_ACCESSOR" TO 'User';
GRANT EXECUTE ON "_SYS_REPO"."MULTI_TEXT_ACCESSOR" TO 'User';