cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cross Space Hana Access

Go to solution
aparr
Participant

on ‎09-28-2020 6:37 AM

Hi,

I have one space with two projects and one hdi container each. Project „sdi“ takes care of replicating data using sdi technology. Project two is a business application which wants to makes use of the replicated data. In the mta of the business app, the sdi hdi Container is mentioned and during deployment it grants the needed DB rights to the business app.

This is working very fine in one space but we like to spread the sdi and business app over different spaces. When I try to deploy the business app it fails because it needs the sdi hdi container in the same space. I found out that cf has a concept for instance sharing but when I try to enable it for my sdi hdi container it says that the service does not allow it. I guess this is under control by SAP?

Any ideas how to solve my problem?

Cheers,

Alex

Show replies
Show replies
aparr
Participant
‎11-17-2020 7:15 AM
0 Kudos

Again I'm trying to solve this issue. Any idea into the right direction experts 🙂

thomas.jung gregorw mariusobert

Answer
View Entire Topic
aparr
Participant
‎01-18-2021 10:22 AM

Finally, with an awesome help of SAP Support I was able to solve the problem. My missing piece was this very helpful document which outlines the options to consider to allow cross space access:

https://www.sap.com/documents/2018/04/fe086f0d-fa7c-0010-87a3-c30de2ffd8ff.html

First, I went to the space which owns the HANA instance and granted access for the second space, which hosts the business apps. After that, I had to create a HANA DB User and assign roles, which I defined in the SDI project which allows SELECT rights on the tables I replicated. This DB User needs to be allowed to grant these roles to other DB users. Finally, I created a user-provided service instance in the cf business app space with the credentials of the newly created DB user. During deployment, this DB user grants the HDI Container of the buisness app the roles needed.

The user provided service has to follow the following structure:

{
    "desc": "Replication Data Access Grantor",
    "password": "YOUR_PASSWORD",
    "schema": "YOUR_SCHEMA",
    "tags": "[\"hana\"]",
    "user": "YOUR_USER"
}

I set the schema name of the SDI projected to an hardcoded value. This ensures that the object names are all the same across all spaces. By default schema is not harcoded and would be different across all spaces.

Show replies
Show replies
narengokal
Explorer
‎03-03-2022 5:33 AM
0 Kudos

Seems to be be only detailed answer on the net. Thanks for sharing !

Ask a Question