Hello,
I wonder if there is an easier way to create a user which has only access to the XS-Engine-Webserver.
Currently, I create a user, apply a analytic privilege containing all views which should be accessible (along with the restrictions), grant the application privilege and also grant select/exectute on _SYS_BI and _SYS_BIC, because this seems to be necessary to view the content.
This is working fine as long as the user only accesses the XS Engine.
But actually the user also has the possibility connect to the System via SAP HANA Studio.
In this case he has full rights for his own schema (create, insert, whatever)
as well as
Selecting all system views in _SYS_BIC and _SYS_BI
This means that he can, for example, list all users with some critical information like last login date, last password change, create time, last invalid connect attempt, and so on.
Is there an easy way to restrict the direct connection to the database?
Or, if not, do I have to remove access to _SYS_BI(C) and instead add all objects which are related to the Attribute/Calculation Views (Views itself, Table Types, Hierarchies,...)? Not only this might be a huge list, but also how to handle changes (new objects, ...)?
Is there a way to revoke access to the own schema? Is it possible simply to delete it?
Kind Regards,
Fabian