{ "name" : "Execute", "description" : "Basic execution privilege" },
{ "name" : "Admin", "description" : "Administration privilege" }, ]
}
If the .xsprivileges file shown in the example above is located in the package sap.hana.xse, you can assign the Execute privilege for the package to a particular user by calling the GRANT_APPLICATION_PRIVILEGE procedure, as illustrated in the following code:
call "_SYS_REPO"."GRANT_APPLICATION_PRIVILEGE"('"sap.hana.xse::Execute"', '<user>')
5.5.8 Create an SAP HANA XS Application Privileges File
The application-privileges (.xssprivileges) file can be used to define the authorization levels required for access to an application, for example, to start the application or perform administrative actions on an application.
You can then assign the application privileges to the individual users who require them.
The .xssprivileges file must reside in the same application package that you want to define the access privileges for.
Note
If you use the .xsprivileges file to define application-specific privileges, you must also add a corresponding entry to the .xsaccess file, for example, using the authorization keyword.
1. If you have not already done so, create a root package for your new application, for example, MyPackage.
a) In the SAP HANA studio, open the SAP HANA Development perspective.
b) In the Project Explorer view, right-click the folder where you want to create the new (MyPackage) package.
c) In the context-sensitive popup menu, choose New Folder . d) Enter the name MyPackage and choose Finish.
2. If you have not already done so, create an application descriptor for your new application and place it in the root package (MyPackage) you created in the previous step.
The application descriptor is the core file that you use to indicate an application's availability within SAP HANA XS. The application descriptor marks the point in the package hierarchy at which an application's content is available to clients.
Note
The application-descriptor file has no contents and no name; it only has the file extension .xsapp.
3. If you have not already done so, create an application-access file for your new application and place it in the package to which you want to grant access.
The application-access file does not have a name; it only has the file extension .xsaccess.
a) In the SAP HANA studio, open the SAP HANA Development perspective.
b) In the Project Explorer view, right-click the folder where you want to create the new (.xsaccess) file.
c) In the context-sensitive popup menu, choose New File . d) Enter the name .xsaccess and choose Finish.
e) Specify the privileges required for access to the application or application package.
Use the authorization keyword in the .xsaccess file to specify which authorization level is required by a user for access to a particular application package.
Note
If you enable the authorization keyword in the .xsaccess file, you must add a corresponding entry to the .xsprivileges file, too.
4. Create the application-privileges (.xsprivileges) file and place it in the application package whose access privileges you want to define.
The application-privileges file does not have a name; it only has the file extension .xsprivileges. The contents of the .xsprivileges file must be formatted according to JavaScript Object Notation (JSON) rules.
Note
Multiple .xsprivileges files are allowed, but only at different levels in the package hierarchy; you cannot place two .privileges files in the same application package. The privileges defined in a .xsprivileges file are bound to the package to which the file belongs and can only be applied to this package and its subpackages.
a) In the SAP HANA studio and open the SAP HANA Development perspective.
b) In the Project Explorer view, right-click the folder where you want to create the new (.xsprivileges) file.
c) In the context-sensitive popup menu, choose New File . d) Enter the name .xsprivileges and choose Finish.
e) Activate the new (.xsprivileges) file 5. Define the required application privileges.
In the .xsprivileges file, you define a privilege for an application package by specifying an entry name with an optional description. This entry name is then automatically prefixed with the package name in which the .xsprivileges file is located to form a unique privilege name. For example,
com.acme.myapp::Execute would enable execute privileges on the package com.acme.myapp. The privilege name is unique to the package to which it belongs and, as a result, can be used in
multiple .xsprivileges files in different packages.
Note
The .xsprivileges file lists the authorization levels defined for an application package. A corresponding entry is required in the same application's access file .xsaccess file to define which authorization level is assigned to which application package.
{
"privileges" : [
{ "name" : "Execute", "description" : "Basic execution privilege" },
{ "name" : "Admin", "description" : "Adminstration privilege" }, ]
}
6. Save and activate your changes and additions.
The activation of the application privileges creates the corresponding objects, which you can use to assign the specified privileges to an author.
7. Assign the application privilege to the users who require it.
After activation of the .xsprivileges object, the only user who by default has the application privileges specified in the .xsprivileges file is the _SYS_REPO user. To grant the specified privilege to (or revoke them from) other users, use the GRANT_APPLICATION_PRIVILEGE or REVOKE_APPLICATION_PRIVILEGE procedure in the _SYS_REPO schema.
To grant the execute application privilege to a user, run the following command in the SAP HANA studio's SQL Console:
call
"_SYS_REPO"."GRANT_APPLICATION_PRIVILEGE"('"com.acme.myApp::Execute"','<UserName>
')
To revoke the execute application privilege to a user, run the following command in the SAP HANA studio's SQL Console:
call
"_SYS_REPO"."REVOKE_APPLICATION_PRIVILEGE"('"com.acme.myApp::Execute"','<UserName
>') Related Links
Create an Application Descriptor File [page 55]
Each application that you want to develop and deploy on SAP HANA Extended Application Services (SAP HANA XS) must have an application-descriptor file. The application descriptor is the core file that you use to describe an application's framework within SAP HANA XS.
Enabling Access to SAP HANA XS Application Packages [page 66]
The application-access file enables you to specify who or what is authorized to access the content exposed by the application package and what content they are allowed to see.