Hi,
In a BW on HANA development environment I have created a user in SU01 with a technical name "BW_HANA_AUTH" and given him full access to SAP BW (SAP_ALL profile). Also, in SU01 tab DBMS I have created a corresponding HANA DB user and assigned the pre-delivered MODELING role in HANA to this user.
One of the InfoCubes in SAP BW (0FIGL_C10) has been generated as an "External SAP HANA view for reporting", and can therefore be found as an Analytic View "FIGL_10" in HANA Studio in package "system-local.bw.bw2hana.0".
Also, during the view generation, HANA created a new catalog role "bw2hana/SAPABAP1_0FIGL_C10_REPORTING" specifically for accessing this analytic view. The role contains 3 catalog objects with "SELECT" and "EXECUTE" rights, as well as an analytic privilege.
When user "BW_HANA_AUTH" logs on to SAP HANA Studio and tries to preview data in analytic view FIGL_C10, he gets an authentication error SAP DBTech JDBC: [258] insufficient priveledge.
The reason for this error is that user "BW_HANA_AUTH" have not been assigned role "bw2hana/SAPABAP1_0FIGL_C10_REPORTING", or more specifically the analytic privilege "bw2hana/SAPABAP1_0FIGL_C10_REPORTING". If I add either the entire role or solely the missing analytic privilege to user "BW_HANA_AUTH", he can see the entire data set of the analytic view FIGL_C10.
If you look at the pre-delivered role "MODELING", it contains SELECT and EXECUTE rights on the entire _SYS_BIC schema as well as an analytic privilege "_SYS_BI_CP_ALL", which is supposed to overrule all other restrictions in analytic privileges and give the user full access to data models in HANA.
To solve the authorization issue, I could certainly start assigning "bw2hana/SAPABAP1_...." roles for every generated HANA view to every HANA user in the system who needs to see the data in that view. However, is there a way to define a general role in HANA which includes all "bw2hana/SAPABAP1..." analytic privileges and assign this role to developer users who need full rights to see all HANA views in package "system-local.bw.bw2hana.0"?
Thanks in advance!
Regards. Arseny