You will learn how to set up the roles, synonyms and deployment configuration to access objects in a HANA Deployment Infrastructure (HDI) container from another HDI container.
This tutorial uses the SAP HANA INteractive Education model as an example of a target HDI container. Create thistarget container by following the XSA-specific instructions found in the SHINE source code repository.
Your current database module will use two containers, the hdi-container created with the database module and the target container from the SHINE application.
◉ If you are using SAP HANA 2.0 SPS03 or later, right-click on the db module and choose Add External SAP HANA service
Step 1: Create the target container as a resource
This tutorial uses the SAP HANA INteractive Education model as an example of a target HDI container. Create thistarget container by following the XSA-specific instructions found in the SHINE source code repository.
Your current database module will use two containers, the hdi-container created with the database module and the target container from the SHINE application.
◉ If you are using SAP HANA 2.0 SPS03 or later, right-click on the db module and choose Add External SAP HANA service
Choose the service from within the list and click Finish
Continue with step 2.
◉ If you are using SAP HANA 2.0 SPS02 or lower:
Find out the name of the target container using command xs s from the command line interface (CLI):
Call it consumed-core-container and a new parameter with service-name as a key and the name of the service from command xs s
Add a property with key consumed-service-name and value ${service-name}
Save the mta.yaml file. Open the consuming hdi-container resource definition and take note of the name of the variable that has the service name assigned to its value:
Select the consuming database module and add a property with key TARGET_CONTAINER and refer to the variable set with the name of the consuming hdi-container:
Add group SERVICE_REPLACEMENTS with key consumed-db and the value of the variable used to hold the value of the service name in the consuming hdi-container (consumed-service-name in this example).
>Except for the name of the hdi-container from the external application and the environment variable service-name, the names of the variables can be adjusted to fit your needs.
As a reference, the relevant parts of the mta.yaml file in this example look like this:
modules:
- name: form_data
type: hdb
path: form_data
requires:
- name: hdi_form_data
properties:
TARGET_CONTAINER: '~{hdi-container-name}'
- name: consumed-core-container
group: SERVICE_REPLACEMENTS
properties:
key: consumed-db
service: '~{consumed-service-name}'
resources:
- name: hdi_form_data
parameters:
config:
schema: FORMS
properties:
hdi-container-name: '${service-name}'
type: com.sap.xs.hdi-container
- name: consumed-core-container
type: org.cloudfoundry.existing-service
parameters:
service-name: 'XSA_DEV-zkway5plof6jgxab-hana-shine-xsa-shine-container'
properties:
consumed-service-name: '${service-name}'
Step 2: Check or create roles in the target container
The technical users created for the consuming hdi-container will need to be granted permissions in the target or consumed container. The permissions can be roles in the target container.
In the SHINE application, the available roles are admin.hdbrole and core-db. You will use the admin role in this tutorial but if you are using a different container or would like to restrict access further, you can create a new one:
The # (pound) sign at the end of the name of a role means it contains privileges with grant option and will be assigned to the schema owner technical user.
Step 3: Create a grants file
Create a file with extension .hdbgrants in a folder called cfg in your module.
You can use the option New->File to create both a folder and a file in the latest version of SAP Web IDE for SAP HANA
Here is a sample file to grant permissions to both an administration and application user. The names of the roles match the roles created in the target container as noted in the first step:
{
"consumed-db": {
"object_owner" : {
"container_roles":[ "admin"]
},
"application_user" : {
"container_roles":["admin"]
}
}
}
Step 4: Create synonyms
Create a file with extension .hdbsynonym in a folder called synonyms under src. You can use the + sign to add synonyms from the target container:
For example:
Build the consuming database module.
Step 5: Use the synonyms in a view
Here is a sample view using the synonyms for the target hdi-container. You can create one in a new or existing .hdbcds artifact
using "PO.Header" as HEADER;
context quality{
define view PO_QA
as select from HEADER {
"HEADER"."PURCHASEORDERID" as "PURCHASEORDERID",
"HEADER"."APPROVALSTATUS" as "APPROVALSTATUS",
"HEADER"."GROSSAMOUNT" as "GROSSAMOUNT",
"HEADER"."CURRENCY" as "CURRENCY"
};
}
Save and build the artifacts.
You can see the results in the database explorer
You can check the synonyms first
Or the view you have created
No comments:
Post a Comment