Insufficient Privileges in HANA DB

What are System Privileges?

When a user accesses the SAP HANA database using a client interface (for example, ODBC, JDBC, or HTTP), his or her ability to perform database operations on database objects is determined by the privileges that he or she has been granted.

All the privileges granted to a user, either directly or indirectly through roles, are combined. This means that whenever a user tries to access an object, the system performs an authorization check on the user, the user's roles, and directly granted privileges. It is not possible to explicitly deny privileges. This means that the system does not need to check all the user's privileges. As soon as all requested privileges have been found, the system skips further checks and grants access.

How many times it happened with you that , you as an administrator used a command which should have worked perfect but ended with a error as

insufficient privilege: Detailed info for this error can be found with guid <guid>

To identify the missing privilege using a GUID, you need execute following :

SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS('<GUID>', ?)

The missing privilege is displayed with the session user name and the checked user name.

Optionally the object name, schema name, and object type are displayed.

If the missing privilege is contained in one or more roles, the roles are displayed.

After deciding and having the approval from management , you can assign the missing role or privilege.

Though it is not a tough task to add the required privileges and we can easily perform it read the mentioned blog for granting the privilege , but it is kind of easy and handy to have some privileges checked before executing the command , especially in the case when you are working with automations.

For e.g. :-

Commands	Privilege Required
Change Database parameters using the configuration editor [Hana Studio]	CATALOG READ & INFILE ADMIN
To stop, kill, or restart a service	SERVICE ADMIN
To open the administrator Editor in HANA Studio	CATALOG READ
View the alerts of the statistic service	SELECT PRIVILEGE ON _SYS_STATISTICS to customize the service INFILE ADMIN is also required
To Manage Database Snapshot	BACKUP ADMIN or BACKUP OPERATOR , for using the SNAPSHOT WIZARD you need CATALOG READ
ALTER SYSTEM RECLAIM LOG	LOG ADMIN
ALTER SYSTEM RECLAIM DATAVOLUME ‘[host:port]’ <perc> DEFRAGMENT	RESOURCE ADMIN
ALTER SYSTEM SET EVENT HANDLED ‘[host:port]’ <id>;	MONITOR ADMIN

Comments

You might find these interesting

Notes for Build Resilient Applications on SAP BTP with Amazon Web Services [ Week 1]

Welcome back to the next chapter in our ongoing series dedicated to unraveling the dynamic interplay between SAP Business Technology Platform (BTP) and Amazon Web Services (AWS). For those just joining us, this blog serves as an invaluable resource for individuals delving into the world of SAP BTP or seeking a comprehensive reference guide. SAP BTP, or SAP Business Technology Platform, is a comprehensive platform that brings together various essential capabilities for application development, automation, data management, analytics, planning, integration, and AI. These features are all integrated into a unified environment, making it user-friendly for both professional IT developers and citizen developers. Image Credit Key Features of SAP BTP: Application Development: SAP BTP offers a range of tools for development. For instance, SAP Build enables low-code development, while the SAP Business Application Studio caters to core developers, providing services like document management a...

8 Must-Know Questions About Object Store on SAP Business Technology Platform

What is the problem that Object Store solves ? Modern enterprise systems increasingly deal with massive volumes of unstructured data such as documents, logs, media files, and backups. Traditional relational databases are not optimized for such workloads. What is Object Store ? Object storage—commonly referred to as blob storage—addresses this gap by providing scalable, durable, and cost-efficient storage for unstructured data. Object storage is a storage architecture designed to manage unstructured data as discrete units called objects. Each object consists of: Binary data (file content) : Image , File etc Metadata (descriptive attributes) : File size, Content type, Last modified timestamp, Storage class (hot, cool, archive) Unique identifier (key or URL) : unique path-like string used to locate a blob inside a bucket Unlike file systems or relational databases, object storage does not rely on hierarchical file structures or schemas. The SAP BTP Object Store service is a managed, ...

Understanding SAP BTP Global Accounts, Directories, Subaccounts, and Entitlements

In SAP Business Technology Platform (BTP), organizing your resources effectively is crucial for efficient management and scalability. This blog provides a comprehensive overview of global accounts, directories, subaccounts, and entitlements within SAP BTP. What is a Global Account in SAP BTP? A global account in SAP BTP represents the contractual agreement you have with SAP. It serves as the top-level container for managing various resources, including directories, subaccounts, members, entitlements, and quotas. Within a global account, you receive entitlements and quotas for platform resources, which can be allocated to subaccounts for actual consumption. How Do Directories Function in SAP BTP? Directories in SAP BTP allow you to organize and manage your subaccounts based on your technical and business requirements. A directory can contain other directories and subaccounts, enabling you to create a hierarchical structure. This hierarchy can be up to 7 levels deep, with the global ac...

How to properly Start/Stop SAP system through command line ?

Starting/stopping an SAP system is not a critical task, but the method that most of us follow to achieve this is sometimes wrong. A common mistake that most of the SAP admins do is, making use of the 'startsap' and 'stopsap' commands for starting/stopping the system. These commands got deprecated in 2015 because the scripts were not being maintained anymore and SAP recommends not to use them as many people have faced errors while executing those scripts. For more info and the bugs in scripts, you can check the sap note 809477. These scripts are not available in kernel version 7.73 and later. So if these are not the correct commands, then how to start/stop the sap system? In this post, we will see how to do it in the correct way. SAP SYSTEM VS INSTANCE In SAP, an instance is a group of resources such as memory, work processes and so on, usually in support of a single application server or database server with...

KPIs for Recovery in HANA Database Administration

Introduction: In the dynamic landscape of database administration, ensuring the robustness of a system is paramount. One crucial aspect that demands meticulous attention is the recovery process following a system failure. Two key performance indicators (KPIs) stand out in this realm – Recovery Point Objective (RPO) and Recovery Time Objective (RTO) . In this technical blog, we will delve into the significance of these KPIs for HANA database administrators and explore strategies to optimize them. Recovery Point Objective (RPO): RPO is a critical metric that defines the maximum acceptable data loss in the event of a system failure . For HANA database administrators, establishing an RPO involves a careful balance between data consistency and the overhead of continuous data replication. Continuous Data Backups: To meet stringent RPO requirements, implementing continuous data backups is imperative. Utilizing HANA's native backup capabilities and integrating them with a robust backup s...

Huge Multiversion Concurrency Control (MVCC) Versions in HANA

What is MVCC? MVCC is a database concurrency control method that allows multiple transactions to occur concurrently without conflicting with each other. In a nutshell, it ensures that each transaction sees a snapshot of the database at a specific point in time, even if other transactions are making changes concurrently. MVCC in SAP HANA: SAP HANA uses MVCC to manage concurrent access to data. Each transaction in HANA sees a consistent snapshot of the data at the time the transaction began. This is achieved by maintaining multiple versions of a data row, each associated with a specific transaction or point in time. The Issue of Huge MVCC Versions: Now, the term "Huge MVCC Versions" indicates a situation where there is a significant number of these versions for a particular set of data. Here's why this might become a problem: Increased Memory Usage: Each version of a data row consumes memory. As the number of versions increases, the overall memory consumption by the databas...

Execute HANASitter for hang situation analysis

The SAP HANAsitter is configured to perform default checks once every hour to ascertain the online and primary status of SAP HANA. Upon confirmation, it initiates tracking procedures, which involve regular responsiveness assessments (typically every minute). If SAP HANA becomes unresponsive, the HANAsitter commences recording activities, potentially capturing call stacks of active threads, run-time dumps, index server gstacks, and/or kernel profiler traces, although, by default, no recording occurs. When SAP HANA is responsive, the script scrutinizes critical features, including a standard check for more than 30 active threads. If this threshold is exceeded, the script triggers recording. Upon completing the recording process, the script exits, with an option to be configured for restart using the command line. Setup Steps Overview: Begin by creating an SAP HANA user with the desired name (e.g., HANASITTER) and assign the CATALOG READ privilege to it. Establish a user key in the hdbuse...

Deploying SAP on Google Cloud : Part 1

Connect to Google Connection Method To be Used for Speed Explanation Example Uses Cloud VPN Proof of Concept Variable, up to 3 Gbps Connects on-premises network to Google Cloud securely over the internet using IPsec VPN tunnels. Creating a Cloud VPN tunnel between on-premises and Google Cloud. Encrypted IPsec tunnels Dedicated Interconnect For Enterprise level connect 10 Gbps to 100 Gbps Provides a dedicated, private connection between on-premises and Google Cloud through Google's network. Provisioning a dedicated interconnect connection. Direct physical connection between on-premises and Google Cloud network infrastructure Partner Connect If you have a data center which cannot be reached to Dedicated Google facility. Variable, up to 100 Gbps Allows connecting to Google Cloud through supported service providers. Establishing a connection with a supported service provider. Utilizes service provider's network infrastructure. Configure Tunnels with Google Cloud Platform IPsec

Building the Foundation of the PO System: Architecture and some terminologies

1. Loosely Coupled and Tightly Coupled Services : Loosely Coupled Services : These services interact with each other with minimal dependencies. Changes in one service don't significantly impact others. Pros include flexibility, easier updates, and better scalability. A common example in PO is when a shipping service communicates with an inventory service. Changes in the inventory service won't necessarily disrupt shipping. Tightly Coupled Services : These services are interdependent, so changes in one service can affect others. While they might provide faster communication, they can be less flexible and harder to maintain. For example, tightly coupling an order processing service with a payment service means any change in payment could ripple to order processing. 2. SOA - Service-Oriented Architecture : SOA is an architectural approach where everything is treated as a service, encapsulating specific functionality. Service Orchestration Example (Banking Transaction) : Consider ...

Work Process and Memory Management in SAP

Let’s talk about the entire concepts that are related to memory when we talk about SAP Application. Starting with few basic terminologies, Local Memory : Local process memory, the operating system keeps the two allocation steps transparent. The operating system does the other tasks, such as reserving physical memory, loading and unloading virtual memory into and out of the main memory. Shared Memory : If several processes are to access the same memory area, the two allocation steps are not transparent. One object is created that represents the physical memory and can be used by various processes. The processes can map the object fully or partially into the address space. The way this is done varies from platform to platform. Memory mapped files, unnamed mapped files, and shared memory are used. Extended Memory : SAP extended memory is the core of the SAP memory management system. Each SAP work process has a part reserved in its virtual address space for extended memory...

EIENTRA

Search This Blog