Create and assign Analytic Privileges - User Management and Security

Lesson 7 User Management and Security

7.2 Create and assign Analytic Privileges

Create an Analytic Privilege for the Analytic View CEA1_XX, based on Analytic

View CEA1_XX

Please be very careful when working on this part. Analytic Privileges can presently only be activated once. If you need to change the Analytic Privilege after it has been successfully activated, you will have to delete it and re-create it from scratch.

In the following we are going to grant Analytic Privileges to user TESTXX which will finally allow reporting off the Analytic and Calculation Views. We are restricting access to only Material Number P-103 .

In this first step, we will define the restriction directly the MATNR-field of view CEA1_XX. 1. Work as user STUDENTXX

Navigate to the following path HDB (STUDENTXX)

Content studentxx

Analytic Privileges

Right-click the folder name Analytic Privileges

Select New Analytic Privilege from the context menu.

2. In the creation wizard, type the name: AP_CEA1_P103_XX

(replacing XX appropriately)

Enter a description : Analytic Privilege for view CEA1_XX - restricting to MATNR - P-103

116

3. In the second step of the wizard, select your view studentXX/CEA1_XX Highlight that view in the Content tree on the left.

Click Add this will add the view to the right-hand part of the display. Click Finish .

4. Implementing the privilege is now done in three steps:

1) Select further views for which this privilege should be valid (optional) We will not add further views in this step.

2) Select attributes on which a restriction shall be defined (All fields of all views selected in 1) will be offered)

3) Define value restrictions for the attributes selected in 2)

5. Add the field MATNR to the list of Associated Attributes Restrictions . Click the corresponding Add button Select field MATNR from the presented field list

Click OK

3

2

117

6. Define the value restriction for field MATNR

Highlight the MATNR field under Associated Attributes Restrictions Click the Add button for Assign Restrictions (this increases the counter for the number of restrictions for MATNR)

Click into the Value field in Assign Restrictions . Click the -icon. In the search window, search for Material P-103

Select the material from the search list Click OK

(Note: you could also have typed in the value directly, without opening the search window).

7. Save the Analytic Privilege: Either click the Save icon or hit

Ctrl+S .

Then activate the Analytic Privilege

118 Assign Analytic Privilege AP_CEA1_P103_XX to user TESTXX

8. For granting Analytic Privileges, there are two possibilities: via the User Editor in SAP HANA Studio; or via SQL statements.

We first show how to use the User Editor:

Work as user STUDENTXX

Open the User Editor for user TESTXX In that Editor, switch to tab Analytic Privileges

9. Click the green -icon In the search dialog, start typing

studentXX/AP_CEA1_P103_XX (replacing XX appropriately)

From the list of Matching items , select privilege

studentXX/AP_CEA1_P103_XX Click OK

10. Save the user profile: Either click the Save icon Or hit Ctrl+S

User who opened the editor

119 Verify that the user can read from Analytic View CEA1_XX

11. Work as user TESTXX Navigate to the following path HDB (TESTXX)

Content studentxx Analytic Views

Right-click the Analytic View CEA1_XX Select Data Preview from the context menu.

12. Data Preview should now return a list of 474 output values.

Verify that the list contains only records with MATNR = P-103.

You may verify that preview still does not work for Analytic View CEP1_XX nor for the Calculation View.

120 Create an Analytic Privilege for the Analytic View CEP1_XX and the Calculation

View CE_PLAN_ACTUAL_XX, based on Attribute View PRODUCT_XX

13. Finally, we define an Analytic Privilege that will allow reading from the second Analytic View and from the Calculation View.

Work as user STUDENTXX

Create a new Analytic Privilege inside of package studentXX

Name this privilege AP_CEP1_P103_XX

Description : Analytic Privilege for view CEP1_XX - restricting to MATNR - P- 103

14. In the second step of the creation wizard, select the Plan Data Analytic View studentXX CEP1_XX Click Finish

121

15. We want this privilege to also apply to the Calculation View

CE_PLAN_ACTUAL_XX and to Attribute View PRODUCT_XX

For the list of Reference Models , click the Add button

Choose Calculation View: package studentXX

view CE_PLAN_ACTUAL_XX And choose Attribute View package studentXX view PRODUCT_XX Click OK

16. In order to provide an Attribute Restriction on MATNR for the Analytic View, we can choose the corresponding field from Attribute View PRODUCT_XX: Click the Add button for Associated Attribute Restrictions

Select view

PRODUCT_XX (studentXX) Choose field MATNR of that view Click OK

17. Assign the restriction value for field MATNR of the PRODUCT_XX Attribute View:

Highlight Attribute PRODUCT_XX MATNR in the list of Associated Attribute Restrictions

Click Add in screen area Assign Restrictions

Enter value P-103 (directly or via the input dialog).

At this point, we have defined a restriction based on the Attribute View which is also going to be applicable for the Analytic Views in the list of Reference Models as long as these Analytic Views make use of the Attribute View.

122

This restriction does not apply to the Calculation View although the Calculation View is also in the list of reference models. We have to define an attribute restriction explicitly for a field from the Calculation View.

This restriction can be added to the same Analytic Privilege.

18. So add an Attribute Restriction for field MATNR of the Calculation View Click the Add button for Associated Attribute Restrictions

Select view

CE_PLAN_ACTUAL_XX (studentXX) Choose field MATNR of that view Click OK

There is no need to define a restriction value for the Calculation View. The restriction to MATNR = P-103 is already enforced on the two Analytic Views. So we can assign a wildcard restriction on the Calculation View.

Wildcard restrictions can be defined by just selecting a field, without assigning a restriction value. Thus, we are already finished building the Analytic Privilege.

19. Save the Analytic Privilege: Either click the Save icon or hit

Ctrl+S .

Then activate the Analytic Privilege

123 Assign Analytic Privilege AP_CEA1_P103_XX to user TESTXX

20. This time we are assigning the Analytic Privilege using SQL statements: Work as user STUDENTXX Highlight the system entry for

HDB (STUDENTXX) In the Navigator tree.

Click the Icon for the SQL editor

21. In the SQL editor, enter the following statement:

Take care to replace all three occurrences of XX appropriately. Execute the statement by clicking the green arrow or hitting the F8 -key.

User Privilege

124 Verify that the user can read from all Views

22. Work as user TESTXX Navigate to the following path HDB (TESTXX)

Content studentxx Analytic Views

Right-click the Analytic View CEA1_XX Select Data Preview from the context menu.

(and accordingly for Analytic View CEP1_XX and for Calculation View CE_PLAN_ACTUAL_XX)

23. Data Preview should now return a list of output values.

Verify that the list contains only records with MATNR = P-103

The number of records to expect is: CEA1_XX 474 records

CEP1_XX 130 records

125 Appendix

SQL Script Example (UNION)

128

All rights reserved. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In document 05 HANA_Student Exercise (Page 117-130)