Create Users and Manage Roles and Privileges
- The basics about the role-based security model in SAP HANA Cloud, SAP HANA database
- How to create users in SAP HANA cockpit
- How to assign roles in SAP HANA cockpit
- How to create users, and assign roles and privileges using SQL statements in SAP HANA Database Explorer
- Sign up for the SAP HANA Cloud trial.
- Provision an instance of SAP HANA Cloud, SAP HANA database.
- If you have a production environment of SAP HANA Cloud, SAP HANA database, you may also follow the steps described in this tutorial.
Reminder: This tutorial is part of a mission, in which you will help Alex, the CEO of Best Run Travel, to answer a concrete business question with SAP HANA Cloud, SAP HANA database.
Alex needs to know the top 5 partners of their agency and wants to find out the days with maximum booking of each partner.
This mission consists of 9 modules that contain the necessary steps you need to follow in your mission to help Alex:
Start using an SAP HANA Cloud trial in SAP BTP Cockpit
Provision an instance of SAP HANA Cloud, SAP HANA database
Tools to manage and access the SAP HANA Cloud, SAP HANA Database
You are here
Import data into SAP HANA Cloud, SAP HANA Database
Query the database using SQL statements
Create a development project in SAP Business Application Studio
Create a calculation view
Grant access to Calculation Views
In this tutorial, you will learn how to create users and assign roles and privileges in SAP HANA Cloud, SAP HANA database using SAP HANA Cockpit or SQL statements.
- Step 1
SAP HANA Cloud, SAP HANA database defines user permissions and privileges using a role-based security model.
Roles and privileges can be granted to users or revoked from users. A role is a set of privileges that can, as a group, be assigned to a user. Then, as the role’s privileges change, the user’s privileges change accordingly. Roles can be broken down as follows:
- User-Defined Roles are a custom collection, often created to group privileges and tasks
- System Roles are build-in and automatically created with a new database
A privilege provides the ability to perform an operation on the system. A permission, on the other hand, is that ability in the given environment. A user may not have permission to perform a task if they have the privilege, but not on the currently acted on object. Privileges are broken down as follows:
- System privileges give you the right to perform the action
- Object-level privileges restrict your right to perform the action to the specified objects, on which the privilege is granted.
When a new object is created, the owner can be defined, otherwise, the creator becomes the owner. This gives privileges to modify the structure of the table and grant other privileges to other database users.
Ownership of a table is not sufficient to load the table with data. The user must also have
INSERTpermission on the table.
- Step 2
Before you add users to an instance, you should create user roles that fit your needs. You can leverage some of the default user roles, edit them, or create completely customized ones.
There are two ways of creating roles you need to know: First, you can use the SAP HANA cockpit and use the user interface there to create and edit roles. Secondly, you can create roles in the SQL console of the SAP HANA Database Explorer.
In this step, you can find instructions on both of these options. Click on SAP HANA Cockpit or SAP HANA Database Explorer under the headline of this step to select the option you prefer.
Create users and roles in SAP HANA Cockpit
Open SAP HANA cockpit for your instance from SAP BTP cockpit or SAP HANA Cloud Central.
If this is the first time you are opening the SAP HANA cockpit, you will need to insert the initial database username and the instance password.
In SAP HANA cockpit, select the Security menu item on the top left-hand side of the screen.
Next, under User & Role Management, click on Role Management to get started.
On this screen, you can see a list of all existing user roles on the left-hand side of the screen. If you click on one of them, you will see the details of this role on the right-hand side of the screen. Clicking on one of the roles allows you to edit them, for example, you can assign System, Object and Analytic Privileges and more.
To create a new user role, however, click on the plus icon on the top left-hand side of the screen.
This opens the role creation wizard on the right-hand side of the screen. After specifying your new role, click on Create at the bottom right corner of the screen.
Now that you created the role, it’s time to assign privileges to it. Click on Edit at the top right corner when viewing your new role. You have a few options here. First, you can add some of the existing roles into this one, combining the privileges into one single role.
Next, you can select individual privileges, be it system, object, or analytic privileges. For more technical details on creating roles and deciding on privileges, please see our technical documentation here.
Just click on each of these categories. If you want to add anything, first click on Edit on the right-hand side of the screen. Next, click on Add and select the privileges.
On this screen, you can also see which users already are assigned to this role or whether this role is being used by any other roles.
Your first big step is done! Now it’s time to create individual users.
To get started, click on Role Management on the very top center of the screen.
Select User Management from the pop-up.
This screen works just like the previous one, so click on the plus icon to add a new user.
Next, you can choose between creating a user or creating a restricted user. To know more about what that means, please click here.
You can follow the steps on our technical documentation to create each user and make decisions about the roles, privileges and authorizations to give them: Creating a Database User.
You have completed the fourth tutorial of this mission! Now you know how you can manage access rights in your instance by creating users, and granting roles and privileges using SAP HANA cockpit and the SAP HANA Database Explorer.
You now know all the basics to start working with our sample data and help Alex gain business insights about their company Best Run Travel.
Learn in the next tutorial how to import sample data to your SAP HANA Cloud, SAP HANA database.
- Step 3
Select the SQL command that allows you to assign privileges or roles to users.