HANA Studio Authorization for Administration Tasks

Question 1

Required Authorization for task: Open the SAP HANA Administration Console perspective with read-only access to the system tables and monitoring views.

Answer 1

System privilege CATALOG READ

Question 2

Required Authorization for task: View alert information

Answer 2

Object privilege SELECT on the schema _SYS_STATISTICS

Question 3

Required Authorization for task: View system information in the System Monitor

Answer 3

System privilege CATALOG READ and object privilege SELECT on the schema _SYS_STATISTICS

Question 4

Required Authorization for task: Open the Web-browser-based Monitoring Dashboard

Answer 4

Role sap.hana.admin.roles::Monitoring

Question 5

Required Authorization for task: Monitor table distribution in the Table Distribution editor

Answer 5

System privilege CATALOG READ

Question 6

Required Authorization for task: Open the Web-browser-based editors Resource Utilization, Memory Overview, and Memory Allocation Statistics

Answer 6

Role sap.hana.admin.roles::Monitoring

Question 7

Required Authorization for task: Stop, start, restart system

Answer 7

Operating system user (adm) credentials

Question 8

Required Authorization for task: Stop and start database services

Answer 8

System privilege SERVICE ADMIN

Question 9

Required Authorization for task: Cancel operations

Answer 9

System privilege SESSION ADMIN

Question 10

Required Authorization for task: Mark disk-full events as handled

Answer 10

System privilege MONITOR ADMIN

Question 11

Required Authorization for task: Change the properties of a system as defined in the parameters of the configuration (*.ini) files

Answer 11

System privilege INIFILE ADMIN

Question 12

Required Authorization for task: Configure system checks (e-mail notification, alter thresholds)

Answer 12

System privilege INIFILE ADMIN

Question 13

Required Authorization for task: Execute table redistribution operations

Answer 13

System privilege RESOURCE ADMIN and at least the object privilege ALTER for all schemas involved

Question 14

Required Authorization for task: Configure hosts for auto-failover

Answer 14

RESOURCE ADMIN

Question 15

Perform a delta merge operation on a table (manually)

Answer 15

Object privilege UPDATE for the table

Question 16

Compress a table

Answer 16

Object privilege UPDATE for the table

Question 17

Manually move tables and table partitions to another host in a distributed system

Answer 17

Object privilege ALTER for the table

Question 18

Partition a non-partitioned table

Answer 18

Object privileges ALTER and UPDATE for the table

Question 19

Change a partitioned table into a non-partitioned table by merging all partitions

Answer 19

Object privilege ALTER for the table

Question 20

Import catalog objects

Answer 20

Depending on the import, object privilege INSERT/UPDATE, DROP, and CREATE for the catalog objects in question

Question 21

Export catalog objects

Answer 21

Object privilege SELECT for the catalog objects in question

Question 22

Check license information

Answer 22

System privilege LICENSE ADMIN

Question 23

Install and delete license keys

Answer 23

System privilege LICENSE ADMIN

Question 24

Configure traces (except kernel profiler)

Answer 24

System privilege TRACE ADMIN

Question 25

Configure kernel profiler

Answer 25

Standard role SAP_INTERNAL_HANA_SUPPORT

Question 26

Delete trace files

Answer 26

System privilege TRACE ADMIN

Question 27

Troubleshoot offline system (including access diagnosis files) using Administrator editor diagnosis mode

Answer 27

Operating system user (<sid>adm) credentials</sid>

Question 28

Create, change, and delete users

Answer 28

System privilege USER ADMIN

Question 29

Create, change, and delete roles in runtime

Answer 29

System privilege ROLE ADMIN

Question 30

Grant and revoke privileges/roles to/from users and roles

Answer 30

To grant SQL privileges and roles, you must have the privilege and/or role yourself and be authorized to grant it to others. To grant privileges on activated repository objects, you must be authorized to execute certain stored procedures.

Question 31

Configure the password policy and the password blacklist

Answer 31

System privilege INIFILE ADMIN and object privileges INSERT and DELETE for either the _SYS_PASSWORD_BLACKLIST table or the _SYS_SECURITY schema

Question 32

View procedures and calculation views in the authorization dependency viewer

Answer 32

System privilege CATALOG ADMIN

Question 33

Activate and configure auditing

Answer 33

System privilege AUDIT ADMIN or AUDIT OPERATOR or INIFILE ADMIN

Question 34

Create and manage audit policies

Answer 34

System privilege AUDIT ADMIN or AUDIT OPERATOR

Question 35

Read the audit trail database table SYS.AUDIT_LOG

Answer 35

System privilege AUDIT OPERATOR

Question 36

Delete entries from the audit trail

Answer 36

System privilege AUDIT OPERATOR

Question 37

Enable persistence encryption and access the encryption monitoring views M_PERSISTENCE_ENCRYPTION_STATUS and M_PERSISTENCE_ENCRYPTION_KEYS

Answer 37

System privilege RESOURCE ADMIN

Question 38

Change the page encryption key used for data volume encryption and re-encrypt the data

Answer 38

System privilege RESOURCE ADMIN

Question 39

Perform backups

Answer 39

BACKUP ADMIN and CATALOG READ or BACKUP OPERATOR and CATALOG READ

Question 40

Open the Backup editor

Answer 40

BACKUP ADMIN and CATALOG READ

Question 41

Delete data and log backups from the backup catalog and physically from the backup location

Answer 41

BACKUP ADMIN

Question 42

Recover

Answer 42

Operating system user (<sid>adm) credentials</sid>