Privileges for using ArcGIS with an SAP HANA database

Privileges determine what a user is authorized to do with the data and the database. Assign privileges based on the type of work the person does within the organization.

Users connecting to SAP HANA from ArcGIS require system access and access to specific user data. As an SAP HANA administrator, you create groups based on what users need to do in the database, grant privileges to the groups, and add the appropriate database users to each group.

SAP HANA grants the SELECT privilege on system metadata tables to PUBLIC by default. If you revoke this privilege, you must grant it to individual groups or users.

The following table lists three groups of users and the minimum privileges they require to query, edit, or create data from ArcGIS. If you create standard SAP HANA users, they already have the privileges to select sys tables and to create and drop tables. If you create restricted users, they require the privileges listed here.

Note that these privileges apply to using ArcGIS with an SAP HANA or SAP HANA Cloud database. If you need to know the privileges required to use a geodatabase, see Privileges for geodatabases in SAP HANA.

Type of userRequired privilegesPurpose

Data viewer

SELECT on sys.st_geometry_columns and sys.st_spatial_reference_systems

These privileges are required to read ST_Geometry metadata for spatial operations.

SELECT on <table1>,<table2>, <tablen>

Data viewers must have the SELECT privilege on specific tables you want them to query.

Data editor*

Data editors require the same privileges as data viewers, plus these additional privileges.

INSERT, UPDATE, DELETE on other users' tables

Grant the editing operations you want editors to perform on specific tables.

You can grant any combination of INSERT, UPDATE, and DELETE privileges depending on what editors need to do. Therefore, you can create multiple editor groups and grant the appropriate privileges to each. For example, you can have a full_edit group that has all three privileges plus SELECT on the tables group members need to edit and an updates_only group that has only SELECT and UPDATE privileges on the tables members need to edit.

Data creator

SELECT on sys.st_geometry_columns and sys.st_spatial_reference_systems

These privileges are required to read ST_Geometry metadata for spatial operations.

  • CREATE TABLE
  • DROP TABLE

These privileges allow data creators to create tables and feature classes in the database.

*To edit data, publish editable web feature layers that reference the data in your SAP HANA database.

If data creators will create views to restrict the amount of data returned from the database to the ArcGIS client, also grant them CREATE VIEW and DROP VIEW privileges.

Tip:

ArcGIS Insights may require additional privileges. See Required database privileges in the ArcGIS Insights help for more information.