Lesson: Understanding Core Modeling with SAP HANA

Unless you grant access to users, they are not able to view any data from your calculation
views. There are three levels of security, as follows:

1. The first level of access required is to the actual database objects. In this case we mean
the calculation view and the source tables and functions that are included in the
calculation view. This is achieved by granting an SQL select permission on the entire
calculation view. This privilege is granted to the user, or more likely, to the role the user is
assigned to.

2. You need to have access at the row level. This is achieved by defining an analytic privilege
and assigning it to the user, or the role to which the user is assigned. An analytic privilege
is an object that is created in the Web IDE. It describes, for each calculation view, the rules
to allow data access. The conditions can be simple such as User Rose can view data only
for company Acme. The conditions can also be more complex such as Olive can view
company Acme data but only between 2017–2018 . A user can have multiple analytic
privileges. Analytic privilege logic can be written using simple rules or for more complex
rules we can write using SQLScript to encapsulate the logic in a reusable procedure.

3. Then we come to the visibility of data values of each column. We can hide sensitive
columns by applying a masking rule to each column. For example, instead of displaying a
salary we only show £xxxxxx. We only grant access to key users who see the original data
and not the masked version.

Data Anonymization
Compliancy with data privacy laws is a big challenge for many organizations who would like to
develop analytics over their data that includes people information, but they are aware that
new rules protect the individuals identity and how their data is used. This means that often
organizations are reluctant to start new projects for fear that they might be at risk of breaking
data privacy laws.

Figure 55: Data Anonymization

As of SAP HANA 2.0 SPS03 we can build sophisticated data anonymization rules into our
data models that protect a person’s privacy. We can apply rules to sensitive data so that it is
not possible to identify individuals from that data. For example, instead of displaying total
sickness days taken by birth date (where it might be possible to identify someone by their

© Copyright. All rights reserved. 77