Week 1: Working Environment and Basic Concepts

Unit 4: HDI Concepts for Tables and Rights

HDI concepts for tables and rights
Creating data structures (ANSI SQL)

A table is the base object in a database

In SQL, Data Definition Language (DDL) describes the creation of a table and other database
artifacts

When you create a table, you define the columns with their names and datatypes plus other
features
Sample for a hdbtable declaration:

/* FIRST VERSION */
/*create*/ column table PERSON (
PERSONID BIGINT NOT NULL,
FIRSTNAME NVARCHAR(100),
LASTNAME NVARCHAR(100))

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 2

HDI concepts for tables and rights
Changing data structures

▪ Over time, you also need to change the tables (a.k.a. table or schema evolution or lifecycle management)

/* SECOND VERSION */
/*create*/ column table PERSON (
PERSONID BIGINT NOT NULL,
FIRSTNAME NVARCHAR(100),
LASTNAME NVARCHAR(100),
BIRTHDATE DATE )

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 3

HDI concepts for tables and rights
HDI table creation

HDBTABLE
▪ Creates or modifies a table in SAP HANA. If the table
exists in SAP HANA, an intermediate table is created
and content copied

HDBDROPCREATETABLE
▪ Always creates a new version of the table without
copying the content

HDBMIGRATIONTABLE
▪ Allows you to alter the table

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 4

HDI concepts for tables and rights
Change strategies

▪ There are 2 fundamental concepts for changing the table structure:

– ALTER a table → HDBMIGRATIONTABLE
alter table PERSON
add (BIRTHDAY DATE);
– RECREATE a table → HDBTABLE (pseudo code)
rename table PERSON to "tmp_PERSON";
create column table PERSON (
PERSONID BIGINT not null,
FIRSTNAME NVARCHAR(100),
LASTNAME NVARCHAR(100),
BIRTHDAY DATE
);
insert into PERSON (PERSONID, FIRSTNAME, LASTNAME)
select PERSONID, FIRSTNAME, LASTNAME
from "tmp_PERSON";
drop table "tmp_PERSON" cascade;

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 5

HDI concepts for tables and rights
Example of a .hdbmigrationtable

Version Version Version

== version = 1 == version = 2 == version = 3
column table PERSON ( column table PERSON ( column table PERSON (
FIRSTNAME varchar(100), FIRSTNAME varchar(100), FIRSTNAME varchar(100),
LNAME varchar(100)) LASTNAME varchar(100), LASTNAME varchar(100),
STREET varchar(100), STREET varchar(200),
CITY varchar(100)) CITY varchar(100),
HOUSENUMBER int)
== migration = 2
alter table PERSON add (STREET varchar(100)); == migration = 2
alter table PERSON add (CITY varchar(100)); alter table PERSON add (STREET varchar(100));
rename column PERSON.LNAME to LASTNAME; alter table PERSON add (CITY varchar(100));
rename column PERSON.NAME to LASTNAME;

== migration = 3
alter table PERSON alter (STREET
varchar(200));
alter table PERSON add (HOUSENUMBER int);

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 6

HDI concepts for tables and rights
Demo

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 7

HDI concepts for tables and rights
Isolation by default

By default ONLY the Runtime User has access to

the data in the <HDI-Container>
Runtime User Design Time
(RT-User) User (DT-User)
This is a key security feature of HDI!

DT and RT users are created by SAP BTP. The SAP

HANA Service Broker gets the request to create a HDI Container Concept
service and provide a service key. If the service
already exits it will just provide the key. This key has
all essential information such as host, port, UID, and
PwD, to allow building access to the container.
<HDI- <HDI- <HDI-
Container> Container>#DI Container>#OO
Only SAP BTP users of that SPACE can see this
information.

Access_Roles
© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 8
HDI concepts for tables and rights
Getting access rights to the data

You have to explicitly define roles and grant

them to other users

An access role has to be defined and granted Runtime User Design Time
(RT-User) User (DT-User)
to a user who wants to access the data full access rights
as defined in
default access role
A Granter User should get grantable rights
and can grant roles to individual users HDI Container Concept
generated
objects

access to runtime
data according to <HDI-Container> <HDI- <HDI-
rights Container>#DI Container>#OO

Granter
Individual User grants roles Granter User Access_Roles

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 9

HDI concepts for tables and rights
Summary concept of tables and rights

HDI
▪ Table creation and lifecycle management (evolution)
with data preservation
− Different constructs are available such as
• HDBTABLE
• HDBMIGRATIONTABLE
▪ Defining roles to access the data with an HDI container
− DT/RT users are cloud-generated “technical users”
that are maintained as “SHARED SERVICE KEYS”
− Define a ”Granter Role” that is allowed to assign
these internal HDI roles

© 2022 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 10

Thank you.
Contact information:

open@sap.com
Follow all of SAP

www.sap.com/contactsap

© 2022 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of
SAP SE or an SAP affiliate company.
The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its
distributors contain proprietary software components of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or
warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials.
The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty
statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional
warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or
any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation,
and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platforms, directions, and
functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason
without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or
functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ
materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they
should not be relied upon in making purchasing decisions.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names
mentioned are the trademarks of their respective companies.
See www.sap.com/trademark for additional trademark information and notices.