Roles - Creation - Whitepaper - SPS9 and Higher

SAP HANA Enterprise Cloud REPO Roles Creation –
SPS9 and Higher
Version 2.0
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1

HEC Repo Roles Creation
Contents
1 Disclaimer 3
2 Purpose 4
3 Overview 5
3.1 Introduction 5
3.2 Configuration Steps 5
Step 1: Login with CUST_USER_ROLE_ADMIN user 5
Step 2: Create a HANA user for Role creation from HANA IDE. 7
Step 3: Provide the user required authorizations for role creation 8
Step 4: Login to HANA IDE 14
Step 5: Open Editor and Create a Role 16
Step 6: Create a Repository role. 20
Step 7: Add roles to a Repository role. 22
Step8 : Add System Privileges 24
Step9: Add Object Privilege to Repository role. 27
Step 10: Adding the Repository role to a User using CUST_USER_ROLE_ADMIN 29
4 Create Administrative user for XSA using CUST_USER_ROLE_ADMIN 31
4.1 Creation of XSA_ADMIN_CUST using XSClient 31
4.1.1 Download and Install the Xsclient Tool 31
4.1.2 XSA Administrator User Creation 33
5 Glossary 34
6 Legal Disclaimer 35
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 2/35
1 Disclaimer
This document explains the technical procedure for the repo roles creation in SAP HANA Enterprise
Cloud(HEC) environment. It provides technical background information, and is not a legally binding
document. This document is subject to change without prior notice. Due to the nature of the HEC service, the
customer retains full access rights to the managed cloud solution. Consequently, customer users have the
possibility to interfere with responsibilities of SAP which eventually could lead to violations of the SLA. SAP
will not be held liable for incidents and SLA violations caused by accidental or intended misuse of access
rights by the customer.”
2 Purpose
Purpose of User CUST_USER_ROLE_ADMIN
1) CUST_USER_ROLE_ADMIN is a delegation user and the customer should not use it for execution of
the operational tasks.
2) All relevant authorizations are provided for CUST_USER_ROLE_ADMIN and repository roles should
be created as per the business need and assigned.
3) CUST_USER_ROLE_ADMIN is an audit relevant user, NO additional users would be created by SAP
in HANA studio
3 Overview
3.1 Introduction
This document provides technical steps in the Repo roles creation in SAP HANA Enterprise Cloud (HEC)
environment.
3.2 Configuration Steps
Step 1: Login with CUST_USER_ROLE_ADMIN user
You should have received user credentials for HANA user CUST_USER_ROLE_ADMIN from SAP.
Collect below information about the DB to which you need to login

- Hostname (vh<CID><DB SID>DBxx)
- Instance No.
- Password for user “CUST_USER_ROLE_ADMIN”
Login to the DB as below

 Open studio
 Choose “SAP Administration console” and click on “Add System” as shown in the below screenshot
 Provide information that was initially collected about the system as described in the below screenshot
Step 2: Create a HANA user for Role creation from HANA IDE.
 Create a new user as shown in below screenshots
Click on the green arrow to save the changes.
Step 3: Provide the user required authorizations for role creation
 How to add a System privilege to a user
Double click on User to which you need to add the privilege
 How to add a role to user
 Select the user to which privilege to be added
Save the changes
 How to add a package privilege

open the user to which privilege to be added
 To ROLE_CREATOR user that was created previously, please add below privileges/roles
Roles:
sap.hana.ide.roles::CatalogDeveloper
sap.hana.ide.roles::Developer
sap.hana.ide.roles::EditorDeveloper
System Privileges:
ROLE ADMIN
CATALOG READ
Package Privileges:
Root Package
Step 4: Login to HANA IDE
Information required to login to IDE
Hostname
System no.
Password for user ROLE_CREATOR that was created in an earlier section.
URL for logging into HANA IDE: https://vh<CID><SID>dbxx:43<system no>/sap/hana/ide
On opening this page it requests for User name and password. Please use user that was created in
earlier sections. On successful login you get a screen like below, please change the password.
On successful completion, you get a screen like below.
Step 5: Open Editor and Create a Role
Click on Editor Link to open Editor.
On clicking it Editor gets opened which looks like below screenshot
Create a package for storing the roles.
Step 6: Create a Repository role.
Right click on the package you created in earlier section and create a new role
Step 7: Add roles to a Repository role.
 Open the Repository role to which new roles are to be added.
Step8 : Add System Privileges

Step9: Add Object Privilege to Repository role.
Step 10: Adding the Repository role to a User using CUST_USER_ROLE_ADMIN
 Login to HANA Studio as CUST_USER_ROLE_ADMIN

 Open the User/Role to which Repository role you created needs to be added.
4 Create Administrative user for XSA using

CUST_USER_ROLE_ADMIN
CUST_USER_ROLE_ADMIN is enrcihed with XSA Admin privileges and can be used by the customer to
perform the XSA related activities.
XSA_ADMIN is not shared with customer but rather the CUST_USER_ROLE_ADMIN user has been
enriched and this has to be used by the customer to derivate all the required users and roles for XSA and the
XSA related applications (if part setup).
4.1 Creation of XSA_ADMIN_CUST using XSClient
4.1.1 Download and Install the Xsclient Tool
See note 2242468
Navigate to SAP Market Place
1. Select the corresponding Platform edition
2. Select XS RUNTIME 1
3. Based on the OS select the corresponding OS and the latest version
4. Navigate to the folder where „XS“ binary is present.

5. Execute the XS binary to login.
4.1.2 XSA Administrator User Creation
6. Login with cust_user_role_admin.
>xs api https://<xsa-domain-name>:3<instanceno.>30
>xs login cust_user_role_admin
>CREATE USER XSA_ADMIN_CUST PASSWORD "desiredpassword"
>xs assign-role-collection XS_CONTROLLER_ADMIN XSA_ADMIN_CUST
Assigning role collection "XS_CONTROLLER_ADMIN" to user "XSA_ADMIN_CUST"...
OK
>xs assign-role-collection XS_USER_ADMIN XSA_ADMIN_CUST
Assigning role collection "XS_USER_ADMIN" to user "XSA_ADMIN_CUST"...
OK
>xs assign-role-collection XS_AUTHORIZATION_ADMIN XSA_ADMIN_CUST
Assigning role collection "XS_AUTHORIZATION_ADMIN" to user "XSA_ADMIN_CUST"...
OK
This user is equivalent to XSA_ADMIN and can be used by the customers to perform all the admin related
activities.
5 Glossary
Term Definition
OS Operating System
CIFS Common Internet File System
HEC HANA Enterprise Cloud
DBA Database Administration
DR Disaster Recovery
6 Legal Disclaimer
The information provided on this site and in the linked documents is confidential and proprietary to SAP and
may not be disclosed without the permission of SAP. This presentation is not subject to your license
agreement or any other service or subscription agreement with SAP. SAP has no obligation to pursue any
course of business outlined in this document or any related presentation, or to develop or release any
functionality mentioned therein. The documents accessible on this site and any related presentation on SAP's
strategy and possible future developments, products and or platforms directions and functionality are all
subject to change and may be changed by SAP at any time for any reason without notice. The information on
this site and in documents accessible on this site is not a commitment, promise or legal obligation to deliver
any material, code or functionality. The information is provided without a warranty of any kind, either express
or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular
purpose, or non-infringement. The documents serve informational purposes and may not be incorporated into
a contract. SAP assumes no responsibility for errors or omissions, except if such damages were caused by
SAP intentionally or grossly negligent.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to
differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-
looking statements, which speak only as of their dates, and they should not be relied upon in making
purchasing decisions.

Roles - Creation - Whitepaper - SPS9 and Higher

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Roles - Creation - Whitepaper - SPS9 and Higher

Hochgeladen von

Copyright:

Verfügbare Formate

SAP HANA Enterprise Cloud REPO Roles Creation –

SPS9 and Higher

© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1

Purpose of User CUST_USER_ROLE_ADMIN

3.2 Configuration Steps

Step 1: Login with CUST_USER_ROLE_ADMIN user

Collect below information about the DB to which you need to login

Login to the DB as below

 Create a new user as shown in below screenshots

Click on the green arrow to save the changes.

Step 3: Provide the user required authorizations for role creation

 How to add a System privilege to a user

Double click on User to which you need to add the privilege

 How to add a role to user

Double click on User to which you need to add the privilege

 Select the user to which privilege to be added

Save the changes

 How to add a package privilege

open the user to which privilege to be added

Step 4: Login to HANA IDE

Information required to login to IDE

Password for user ROLE_CREATOR that was created in an earlier section.

URL for logging into HANA IDE: https://vh<CID><SID>dbxx:43<system no>/sap/hana/ide

On successful completion, you get a screen like below.

Step 5: Open Editor and Create a Role

Click on Editor Link to open Editor.

On clicking it Editor gets opened which looks like below screenshot

Create a package for storing the roles.

Step 6: Create a Repository role.

Step 7: Add roles to a Repository role.

 Open the Repository role to which new roles are to be added.

Step8 : Add System Privileges

Step9: Add Object Privilege to Repository role.

 Open the Repository role to which new roles are to be added.

Step 10: Adding the Repository role to a User using CUST_USER_ROLE_ADMIN

 Login to HANA Studio as CUST_USER_ROLE_ADMIN

4 Create Administrative user for XSA using

4.1 Creation of XSA_ADMIN_CUST using XSClient

4.1.1 Download and Install the Xsclient Tool

See note 2242468

Navigate to SAP Market Place

1. Select the corresponding Platform edition

3. Based on the OS select the corresponding OS and the latest version

4. Navigate to the folder where „XS“ binary is present.

4.1.2 XSA Administrator User Creation

6. Login with cust_user_role_admin.

>xs api https://<xsa-domain-name>:3<instanceno.>30

>xs login cust_user_role_admin

>CREATE USER XSA_ADMIN_CUST PASSWORD "desiredpassword"

>xs assign-role-collection XS_CONTROLLER_ADMIN XSA_ADMIN_CUST

Assigning role collection "XS_CONTROLLER_ADMIN" to user "XSA_ADMIN_CUST"...

>xs assign-role-collection XS_USER_ADMIN XSA_ADMIN_CUST

Assigning role collection "XS_USER_ADMIN" to user "XSA_ADMIN_CUST"...

>xs assign-role-collection XS_AUTHORIZATION_ADMIN XSA_ADMIN_CUST

Assigning role collection "XS_AUTHORIZATION_ADMIN" to user "XSA_ADMIN_CUST"...

CIFS Common Internet File System

HEC HANA Enterprise Cloud

DBA Database Administration

Das könnte Ihnen auch gefallen