Privileges determine what someone is authorized to do with the data and the database. Privileges should be assigned based on the type of work the person does within the organization. Is this person involved with administration of the geodatabase? Does this person need to edit or create data? Or would this person only need to query the data?
Privileges determine what a user is authorized to do with the data and the database. Assign privileges based on the type of work the person does within the organization.
Privileges are set at the database or dataset level. Use SQL or SAP HANA tools to grant and revoke database privileges or privileges on SAP HANA system metadata tables.
Privileges on datasets in geodatabases must be granted or revoked using ArcGIS, and must be done by the dataset owner.
SAP HANA grants the SELECT privilege on system metadata tables to the PUBLIC role by default. If you revoke these privileges, you must grant privileges to individual groups or users.
The following sections list privileges that apply to databases in SAP HANA and SAP HANA Cloud.
The following table lists the minimum privileges required for the sde user and for other users to query, edit, or create data from ArcGIS. If you create standard SAP HANA users, they already have the privileges to select sys tables and to create and drop tables. If you create restricted users, they require the privileges listed here.
Minimum privileges for geodatabases in SAP HANA
|Type of user
SELECT on sys.st_geometry_columns, sys.st_spatial_reference_systems, and st_units_of_measure SAP HANA system views
These privileges are required to read ST_Geometry metadata for spatial operations.
SELECT on <table1>, <table2>, <tablen>
Data viewers must have the SELECT privilege on specific tables you want them to query.
Data editors require the same privileges as data viewers, plus these additional privileges.
INSERT, UPDATE, DELETE on other users' tables
Grant the editing operations you want editors to perform on specific tables.
Data creators require the same privileges as data viewers, plus these additional privileges.
These privileges allow data creators to create tables and feature classes in the database.
Geodatabase administrator (the sde user)
The sde user requires the same privileges as data creators, plus this additional privilege.
This privilege is required for the sde user to enable a geodatabase in SAP HANA and to view and manage geodatabase connections.
If data creators need to create views to restrict the amount of data returned from the database to the ArcGIS client, also grant them CREATE VIEW and DROP VIEW privileges.
If the sde user needs to remove connections from the geodatabase, grant the sde user SESSION ADMIN permission in the database.
ArcGIS Insights may require additional privileges. See Required database privileges in the ArcGIS Insights help for more information.