Insufficient Privileges in HANA DB


What are System Privileges?

When a user accesses the SAP HANA database using a client interface (for example, ODBC, JDBC, or HTTP), his or her ability to perform database operations on database objects is determined by the privileges that he or she has been granted.

All the privileges granted to a user, either directly or indirectly through roles, are combined. This means that whenever a user tries to access an object, the system performs an authorization check on the user, the user's roles, and directly granted privileges. It is not possible to explicitly deny privileges. This means that the system does not need to check all the user's privileges. As soon as all requested privileges have been found, the system skips further checks and grants access. 




How many times it happened with you that , you as an administrator used a command which should have worked perfect but ended with a error as 


insufficient privilege: Detailed info for this error can be found with guid <guid>


To identify the missing privilege using a GUID, you need execute following :


SYS.GET_INSUFFICIENT_PRIVILEGE_ERROR_DETAILS('<GUID>', ?)


The missing privilege is displayed with the session user name and the checked user name.


Optionally the object name, schema name, and object type are displayed.


If the missing privilege is contained in one or more roles, the roles are displayed.

After deciding and having the approval from management , you can assign the missing role or privilege.


Though it is not a tough task to add the required privileges and we can easily perform it read the mentioned blog for granting the privilege , but it is kind of easy and handy to have some privileges checked before executing the command , especially in the case when you are working with automations.


For e.g. :- 



Commands

Privilege Required

Change Database parameters using the configuration editor [Hana Studio] 

CATALOG READ & INFILE ADMIN

To stop, kill, or restart a service

SERVICE ADMIN

To open the administrator Editor in HANA Studio

CATALOG READ

View the alerts of the statistic service 

SELECT PRIVILEGE ON _SYS_STATISTICS to customize the service INFILE ADMIN is also required

To Manage Database Snapshot

BACKUP ADMIN or BACKUP OPERATOR , for using the SNAPSHOT WIZARD you need CATALOG READ

ALTER SYSTEM RECLAIM LOG

LOG ADMIN

ALTER SYSTEM RECLAIM DATAVOLUME ‘[host:port]’ <perc> DEFRAGMENT

RESOURCE ADMIN

ALTER SYSTEM SET EVENT HANDLED ‘[host:port]’ <id>;

MONITOR ADMIN



Read More :-





Comments