cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Bind App to hdi-container with specific role or read-only privilege (cloud foundry)

Go to solution
yannmiquel
Participant

3 weeks ago

0 Kudos

Hi,

I would like to bind an application to a hdi-container in such way that the application can only read from it.

So either to specify somewhere grant the role "XXX" to _RT  or restrict the privilege to SELECT on the schema.

Any idea how to perform this restriction ?

Thank you

Yann

Labels:
Show replies
Show replies
Answer
View Entire Topic
Cocquerel
Active Contributor
3 weeks ago

You should have an .hdbgrants artifact where you will define the authorizations for the application_user (_RT user) see details here https://help.sap.com/docs/SAP_HANA_PLATFORM/4505d0bdaf4948449b7f7379d24d0f0d/f49c1f5c72ee453788bf79f...

Show replies
Show replies
yannmiquel
Participant
3 weeks ago
0 Kudos
Hi, tank you for the hint. The Hdbgrant specify the role to be granted in an Hana project. I'm looking for a way to specify the role to be granted to a third application (python or nodejs) bund to the HDi container
Cocquerel
Active Contributor
3 weeks ago
When you are binding a node.js module to a database module, it gets the credential of the related _RT user to connect to the related HDI container. If your concern is that you have several applications that you would like to bind to the same hdi container but with different privileges, the solution is to create intermediate hdi containers, one for each application. Those hdi container would be bind to your main hdi container and you would create synonym to the hana artifacts you want to expose + specific hdbgrants file for each application.
yannmiquel
Participant
3 weeks ago
0 Kudos

Hi, thank you for the answer. I was hopping for a "cleaner" strategy (like specifying the name of the role somewhere) but I will go with the multiple hdi-containers.

Ask a Question