Determine Authorisation Errors Quickly and Efficiently

From HANA 1.0 up to HANA 2.0 SPS 03, analyses for authorisation errors in the SAP HANA database were only possible through laborious searches in the traces and logs. In order for the authorisation errors to be found in the logs, tracing had to be activated accordingly. As a consequence, performance losses that varied depending on the tracing level had to be taken into account.

Life Made Easier with SAP HANA Version 2.0 SPS 04

Now, with SAP HANA Version 2.0 SPS 04, SAP has made it much easier to analyse database authorisation errors. In the database schema SYS, there is now a procedure “SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS“, which uses the GUID to determine the database objects to be authorised. In the following, we will show you in simple steps how to identify authorisation errors in the SAP HANA database and thus save yourself time and effort.

Now, with SAP HANA Version 2.0 SPS 04, SAP has made it much easier to analyse database authorisation errors. In the database schema SYS there is now a procedure
SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS“, which uses the GUID to determine the database objects to be authorised. In the following, we will show you in simple steps how to identify authorisation errors in the SAP HANA database and thus save yourself time and effort.

Three Simple Steps to Success

The key to success lies in the database object “SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS”.

The key to success lies in the database object “SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS “.

Assigning the Required Database Rights

In order to be able to execute the procedure for error analysis of database permissions, you need the following rights:

  • Privilege: EXECUTE
  • Database object: SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS
  • The procedure is called as follows:“CALL SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS(”, ?)”
  • Input parameters: GUID (displayed in the console)
  • Output parameters: ? (authorisation object)

Source: https://help.sap.com/viewer/bed8c14f9f024763b0777aa72b5436f6/2.0.04/en-US/9a33043bc2c14981a92bf0f09c794789.html

Detect the Authorisation Error that has Occurred

The user tries to select a Calculation View to which he has no access rights and receives the error message “insufficient privilege” with an associated GUID.

Evaluate the Authorisation Error by means of GUID

The GUID is now passed into the procedure as an input parameter and the procedure is executed.

CALL SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS (‘5842EF7AAEA79D408D8C70FA37156F36’, ?);”

As you can see, the user lacks the SELECT privilege for the Calculation View _SYS_BIC.bigcube.app.test.vha/MyCalcView“.

All images on this page © 2021. BIG.Cube GmbH. All rights reserved.

Assigning the Required Database Rights

In order to be able to execute the procedure for error analysis of database permissions, you need the following rights:

  • Privilege: EXECUTE
  • Database object: SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS
  • The procedure is called as follows:“CALL SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS(”, ?)”
  • Input parameters: GUID (displayed in the console)
  • Output parameters: ? (authorisation object)

Source: https://help.sap.com/viewer/bed8c14f9f024763b0777aa72b5436f6/2.0.04/en-US/9a33043bc2c14981a92bf0f09c794789.html

Detect the Authorisation Error that has Occurred

The user tries to select a Calculation View to which he has no access rights and receives the error message “insufficient privilege” with an associated GUID.

Evaluate the Authorisation Error by means of GUID

The GUID is now passed into the procedure as an input parameter and the procedure is executed.

CALL SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS (‘5842EF7AAEA79D408D8C70FA37156F36’, ?);

As you can see, the user lacks the SELECT privilege for the Calculation View _SYS_BIC.bigcube.app.test.vha/MyCalcView“.

All images on this page © 2021. BIG.Cube GmbH. All rights reserved.

Conclusion

With simple steps it is now possible to analyse which authorisation objects are missing for a user. This reduces the effort and performance losses caused by searching the database traces or logs.

Written by Veli Hasanca

Learn More About SAP Basis & HANA Platform
Get In Touch With Us Now

Share Post

More Exciting Topics from our Newsroom

We are one of “Germany’s best employers”

As one of Germany's top 100 employers with renewed 'Great...

Read More

Shortcuts for SAP BW in Eclipse

This blog post explains five simple shortcuts to make working...

Read More

Bavarian Curling with the BIG.Cube

BIG.Cube employees went bavarian curling together after work. Find out...

Read More