Hi All,
We are currently facing a challenge in our project around security. We are working on HANA 1.0 SP07 rev73 and using tableau for visualisation.
There is content that need to be secured and at a package and schema level is fine (we've created a separate schema for this data). The roles we've created do their job with some gaps. The users that don't have these roles can't query the tables in the secure schema and they can't see the information models created in the secure package. however, the challenge is when building information models around this data, all these views get activated under the _SYS_BIC schema and users that don't hold the role for this secure data can still execute them and see them because of their select privilege on _SYS_BIC. Tableau's connector is done by selecting the column view from the _SYS_BIC schema which makes these views visible.
I understand that this happens because of having SELECT access on _SYS_BIC for all users. As far as I know there is no star (*) functionality to segregate access per models in each package and that we'll need to give select access to each separate model to do so. This, as you can see, is not very efficient from a maintenance point of view because for every model that developers build security will have to add it to their role for them to test it.
Other alternative we've thought of was to write a stored procedure to manage this granular granting every 5 minutes which will assign the latest models created to the corresponding role.
So, has anyone out there had a similar scenario and worked out an effective solution to it?
all suggestions are welcome.
Best regards,
Christian.