Add comment

  • Hi Jonathon, do you know if there is anyway to wildcard the object privilege for the column view objects? We build Roles in the Project Explorer (rev. 94) as repository objects. We have package/content paths like CMPYNM.RGN.Sales/… and CMPYNM.RGN.Invtry/… I would like to create a role that exposes all column views in CMPYNM.RGN.Sales/* (including any subfolders). The wide open SELECT, EXECUTE for _SYS_BIC is just a little too wide open for us.

    Best Regards

    • Hi Kevin,

      HANA does not support wildcards when assigning object privileges. However, you can easily create a stored procedure that recursively assigns the privileges based on an input parameter containing the starting point of the package hierarchy and a wildcard. The columns view metadata is stored in a table. Therefore you can query the table with a filter and create a cursor to dynamical assign the specific object privileges to a role / user. The trick is to make sure that _SYS_REPO is the grantor using GRANT_PRIVILEGE_ON_ACTIVATED_CONTENT procedure.

      As an alternative, you can utilize repository roles and a similar technique to develop a script to list the individual privileges in the .hdbrole syntax. This will help you maintain the role privileges each time a developer makes a change. Because they are contained in a repository role, _SYS_REPO will always own them.

      Quick Reference:

Your Header Sidebar area is currently empty. Hurry up and add some widgets.