I had an issue where a restricted user could not execute a XSJS file which in turn was using XSDS internally.
The error was presented as below:
"dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized"
After testing the same scenario with a non restricted user (with PUBLIC role) I had success. Then I found the following presentation regarding new features of SP8.
http://scn.sap.com/docs/DOC-60271
This presentation explains the use of roles RESTRICTED_USER_ODBC_ACCESS and RESTRICTED_USER_JDBC_ACCESS.
As I'm using a SPS9 Hana On Premisse, I am assuming that the XSDS library uses ODBC internally. Is this right?