Skip to main content

Insufficient Privileges in HANA DB


What are System Privileges?

When a user accesses the SAP HANA database using a client interface (for example, ODBC, JDBC, or HTTP), his or her ability to perform database operations on database objects is determined by the privileges that he or she has been granted.

All the privileges granted to a user, either directly or indirectly through roles, are combined. This means that whenever a user tries to access an object, the system performs an authorization check on the user, the user's roles, and directly granted privileges. It is not possible to explicitly deny privileges. This means that the system does not need to check all the user's privileges. As soon as all requested privileges have been found, the system skips further checks and grants access. 




How many times it happened with you that , you as an administrator used a command which should have worked perfect but ended with a error as 


insufficient privilege: Detailed info for this error can be found with guid <guid>


To identify the missing privilege using a GUID, you need execute following :


SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS('<GUID>', ?)


The missing privilege is displayed with the session user name and the checked user name.


Optionally the object name, schema name, and object type are displayed.


If the missing privilege is contained in one or more roles, the roles are displayed.

After deciding and having the approval from management , you can assign the missing role or privilege.


Though it is not a tough task to add the required privileges and we can easily perform it read the mentioned blog for granting the privilege , but it is kind of easy and handy to have some privileges checked before executing the command , especially in the case when you are working with automations.


For e.g. :- 



Commands

Privilege Required

Change Database parameters using the configuration editor [Hana Studio] 

CATALOG READ & INFILE ADMIN

To stop, kill, or restart a service

SERVICE ADMIN

To open the administrator Editor in HANA Studio

CATALOG READ

View the alerts of the statistic service 

SELECT PRIVILEGE ON _SYS_STATISTICS to customize the service INFILE ADMIN is also required

To Manage Database Snapshot

BACKUP ADMIN or BACKUP OPERATOR , for using the SNAPSHOT WIZARD you need CATALOG READ

ALTER SYSTEM RECLAIM LOG

LOG ADMIN

ALTER SYSTEM RECLAIM DATAVOLUME ‘[host:port]’ <perc> DEFRAGMENT

RESOURCE ADMIN

ALTER SYSTEM SET EVENT HANDLED ‘[host:port]’ <id>;

MONITOR ADMIN



Read More :-
Labels:

Comments

Post a Comment

You might find these interesting

8 Must-Know Questions About Object Store on SAP Business Technology Platform

What is the problem that Object Store solves ? Modern enterprise systems increasingly deal with massive volumes of unstructured data such as documents, logs, media files, and backups. Traditional relational databases are not optimized for such workloads. What is Object Store ? Object storage—commonly referred to as blob storage—addresses this gap by providing scalable, durable, and cost-efficient storage for unstructured data. Object storage is a storage architecture designed to manage unstructured data as discrete units called objects.  Each object consists of: Binary data (file content) : Image , File etc Metadata (descriptive attributes) : File size, Content type, Last modified timestamp, Storage class (hot, cool, archive) Unique identifier (key or URL) : unique path-like string used to locate a blob inside a bucket Unlike file systems or relational databases, object storage does not rely on hierarchical file structures or schemas. The SAP BTP Object Store service is a managed, ...
Post a Comment
Read more