SAP HANA Technical User and Security Model on Remote System

We recommend that you create a new technical user for model metadata generation. The technical user must have the following InA role assigned – sap.bc.ina.service.v2.userRole::INA_USER.

The technical user authentication is only basic authentication i.e. username and password. Basic authentication needs to be enabled on the HANA XS administration side.

The SAP HANA security model always applies.

Analytic privileges grant different users access to different portions of data in the same view based on their business role. Within the definition of an analytic privilege, the conditions that control which data users see is either contained in an XML document or defined using SQL.

SAP HANA analytic privileges enable the access control to SAP HANA modeling views at the data level, for example, by filtering out certain values in a column. If the SAP HANA modeling view has the Apply Analytic Privileges property set, then analytic privileges can also be used to restrict data points (i.e. dimensions or dimension members).

To collect statistics across all data points the SAP HANA technical user can be assigned the special analytical privilege _SYS_BIC_CP_ALL. This means analytic privileges that filter data would not be applied to that user. It is not recommended to do this in production, and use more detailed analytic privileges instead.

For more information, see the chapter called Analytic Privileges in the SAP HANA Administration Guide for SAP HANA Platform on the SAP Help Portal at https://help.sap.com/viewer/index.

The technical user must have the appropriate object level privileges to be able to read the data from a view.