Beruflich Dokumente
Kultur Dokumente
Version 2.0
Contents
1 Disclaimer 3
2 Purpose 4
3 Overview 5
3.1 Introduction 5
3.2 Configuration Steps 5
Step 1: Login with CUST_USER_ROLE_ADMIN user 5
Step 2: Create a HANA user for Role creation from HANA IDE. 7
Step 3: Provide the user required authorizations for role creation 8
Step 4: Login to HANA IDE 14
Step 5: Open Editor and Create a Role 16
Step 6: Create a Repository role. 20
Step 7: Add roles to a Repository role. 22
Step8 : Add System Privileges 24
Step9: Add Object Privilege to Repository role. 27
Step 10: Adding the Repository role to a User using CUST_USER_ROLE_ADMIN 29
4 Create Administrative user for XSA using CUST_USER_ROLE_ADMIN 31
4.1 Creation of XSA_ADMIN_CUST using XSClient 31
4.1.1 Download and Install the Xsclient Tool 31
4.1.2 XSA Administrator User Creation 33
5 Glossary 34
6 Legal Disclaimer 35
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 2/35
HEC Repo Roles Creation
1 Disclaimer
This document explains the technical procedure for the repo roles creation in SAP HANA Enterprise
Cloud(HEC) environment. It provides technical background information, and is not a legally binding
document. This document is subject to change without prior notice. Due to the nature of the HEC service, the
customer retains full access rights to the managed cloud solution. Consequently, customer users have the
possibility to interfere with responsibilities of SAP which eventually could lead to violations of the SLA. SAP
will not be held liable for incidents and SLA violations caused by accidental or intended misuse of access
rights by the customer.”
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 3/35
HEC Repo Roles Creation
2 Purpose
1) CUST_USER_ROLE_ADMIN is a delegation user and the customer should not use it for execution of
the operational tasks.
2) All relevant authorizations are provided for CUST_USER_ROLE_ADMIN and repository roles should
be created as per the business need and assigned.
3) CUST_USER_ROLE_ADMIN is an audit relevant user, NO additional users would be created by SAP
in HANA studio
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 4/35
HEC Repo Roles Creation
3 Overview
3.1 Introduction
This document provides technical steps in the Repo roles creation in SAP HANA Enterprise Cloud (HEC)
environment.
You should have received user credentials for HANA user CUST_USER_ROLE_ADMIN from SAP.
Provide information that was initially collected about the system as described in the below screenshot
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 5/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 6/35
HEC Repo Roles Creation
Step 2: Create a HANA user for Role creation from HANA IDE.
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 7/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 8/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 9/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 10/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 11/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 12/35
HEC Repo Roles Creation
To ROLE_CREATOR user that was created previously, please add below privileges/roles
Roles:
sap.hana.ide.roles::CatalogDeveloper
sap.hana.ide.roles::Developer
sap.hana.ide.roles::EditorDeveloper
System Privileges:
ROLE ADMIN
CATALOG READ
Package Privileges:
Root Package
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 13/35
HEC Repo Roles Creation
Hostname
System no.
On opening this page it requests for User name and password. Please use user that was created in
earlier sections. On successful login you get a screen like below, please change the password.
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 14/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 15/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 16/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 17/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 18/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 19/35
HEC Repo Roles Creation
Right click on the package you created in earlier section and create a new role
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 20/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 21/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 22/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 23/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 24/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 25/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 26/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 27/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 28/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 29/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 30/35
HEC Repo Roles Creation
CUST_USER_ROLE_ADMIN is enrcihed with XSA Admin privileges and can be used by the customer to
perform the XSA related activities.
XSA_ADMIN is not shared with customer but rather the CUST_USER_ROLE_ADMIN user has been
enriched and this has to be used by the customer to derivate all the required users and roles for XSA and the
XSA related applications (if part setup).
2. Select XS RUNTIME 1
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 31/35
HEC Repo Roles Creation
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 32/35
HEC Repo Roles Creation
OK
OK
OK
This user is equivalent to XSA_ADMIN and can be used by the customers to perform all the admin related
activities.
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 33/35
HEC Repo Roles Creation
5 Glossary
Term Definition
OS Operating System
DR Disaster Recovery
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 34/35
HEC Repo Roles Creation
6 Legal Disclaimer
The information provided on this site and in the linked documents is confidential and proprietary to SAP and
may not be disclosed without the permission of SAP. This presentation is not subject to your license
agreement or any other service or subscription agreement with SAP. SAP has no obligation to pursue any
course of business outlined in this document or any related presentation, or to develop or release any
functionality mentioned therein. The documents accessible on this site and any related presentation on SAP's
strategy and possible future developments, products and or platforms directions and functionality are all
subject to change and may be changed by SAP at any time for any reason without notice. The information on
this site and in documents accessible on this site is not a commitment, promise or legal obligation to deliver
any material, code or functionality. The information is provided without a warranty of any kind, either express
or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular
purpose, or non-infringement. The documents serve informational purposes and may not be incorporated into
a contract. SAP assumes no responsibility for errors or omissions, except if such damages were caused by
SAP intentionally or grossly negligent.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to
differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-
looking statements, which speak only as of their dates, and they should not be relied upon in making
purchasing decisions.
© 2018 SAP SE or an SAP affiliate company. All rights reserved. – Document1 Seite 35/35