7    System Privileges

In this chapter, we’ll explore the different system privileges that govern a broad spectrum of actions within the SAP HANA platform.

System privileges play an important role in the development of any SAP HANA security model. These privileges govern specific actions within the SAP HANA platform: in some cases, actions specific to administrators; in other cases, actions performed by developers. Throughout this chapter, we’ll explore the various system privileges that SAP HANA provides and the types of activities that they govern. We’ll also review the system privileges included with SAP HANA 2.0 and demonstrate how system privileges are granted using SQL, the SAP HANA cockpit, the SAP HANA Web-Based Development Workbench security manager, and within repository-based roles. We’ll close the chapter with a case study outlining several commonly used administrative roles and their required system privileges.

7.1    What Are System Privileges?

System privileges govern various activities or actions that can be executed within the SAP HANA platform. Administrators must be granted system privileges to perform activities such as backups, license key management, audit management, Secure Sockets Layer (SSL) management, system configuration settings, user creation, and role creation. Developers must be granted system privileges to perform imports and exports of catalog objects and repository objects. Several system privileges also govern access to actions performed within the SAP HANA development repository.

System privileges are predefined and delivered with the SAP HANA system. System privileges can’t be created or customized as of SAP HANA 2.0 SPS 00. To clarify the role that system privileges play in a security model, let’s review each default system privilege and categorize them.