Hello friends/experts,
I am a Hana Studio SYSTEM user (we have created a SAP Certified Solution in HANA but all production work was done in SYSTEM User till now) and for new trainees I have created an exercise of -
- Creating a new Schema with tables inside it .
- Creating Columnar views inside a new package(eg. TRAINEE1_PACK created by me) from the tables of their schema only.
For this after studying Modelling Role and other basic admin roles I have created a Role named HANA_TRAINEE and a assigned it to a new trainee user HANA_TRAINEE_U1 with the following privilege set:
SYSTEM PRIVILEGES
- CREATE SCENARIO
- CREATE SCHEMA
- CREATE STRUCTURED PRIVILEGE
- STRUCTUREDPRIVILEGE ADMIN
OBJECT PRIVILEGES
- _SYS_BI (all privileges selected)
- _SYS_BIC(create any;alter;drop;execute;select;insert;update;delete)
- REPOSITORY_REST(execute only)
PACKAGE PRIVILEGES
- TRAINEE1_PACK(all privileges)
I want the trainee user to access Data of only views created by them in their own package and no other packages(in our HDB)
The issue which I facing is if I add _SYS_BI_CP_ALL "analytical privilege" to HANA_TRAINEE role then:
- The trainee user is able to access data of his own package " columnar views " using "Data Preview" (which is required)
- Also able to access data of our "Production columnar views" from _SYS_BIC schema (which is needs to be prevented)
But if remove _SYS_BI_CP_ALL from this role then trainee_user is not able to do a data preview of his own package " columnar views " but is able to only activate the columnar view.
Thanx all for your help.