I am trying to use the analytic privileges to restrict data permissions to users for an analytic view. But I cannot go through the SAP Studio, as I need to call a stored procedure to get the authorized values, so I am running SQL to create privileges.
'Could not execute 'Select customer_name from "_SYS_BIC"."e2sc-hana/AV_COMMIT" group by customer_name' in 56 ms 432 µs . SAP DBTech JDBC: [2048]: column store error: search table error: [2950] user is not authorized '
<valueFilter operator="IN">
<procedureCall schema="E2SC_HANA" procedure="DETERMINE_AUTHORIZED_CUSTOMER_FOR_USER"/>
</valueFilter>
I verified that the user has access to the stored procedure etc.
But if I give a static list of values like below, it works as expected.
<value value="EDNSC"/>
</valueFilter>
Does anyone know if procedures are really supported or what I am doing wrong here?
Here is the SQL for my privilege I created:
CREATE STRUCTURED PRIVILEGE
'<?xml version="1.0" encoding="utf-8"?>
<analyticPrivilegeSchema version="1">
<analyticPrivilege name="e2sc-hana/CUSTOMER_PRIV">
<cubes>
<cube name="_SYS_BIC:e2sc-hana/AV_COMMIT">
</cube>
</cubes>
<validity>
<anyTime/>
</validity>
<activities>
<activity activity="read" />
</activities>
<dimensionAttributes>
<dimensionAttribute name="e2sc-hana/AT_SITE$CUSTOMER_NAME">
<restrictions>
<valueFilter operator="IN">
<procedureCall schema="E2SC_HANA" procedure="DETERMINE_AUTHORIZED_CUSTOMER_FOR_USER"/>
</valueFilter>
</restrictions>
</dimensionAttribute>
</dimensionAttributes>
</analyticPrivilege>
</analyticPrivilegeSchema>';
CREATE TYPE "E2SC_HANA"."CUSTOMER_OUTPUT" AS TABLE("CUSTOMER" varchar);
CREATE PROCEDURE "E2SC_HANA"."DETERMINE_AUTHORIZED_CUSTOMER_FOR_USER" (OUT
VAL "E2SC_HANA"."CUSTOMER_OUTPUT")
LANGUAGE SQLSCRIPT SQL SECURITY DEFINER READS SQL DATA AS
BEGIN
VAL = SELECT 'EDNSC' as CUSTOMER from dummy;
END;