Symptom
You notice that GRANT statements are getting executed in both the SYSTEMDB and tenant using the SYSTEM user but are not manually executed (by you) and would like to know the reason for these statements.
Below is an example of the executed statement :
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON SCHEMA _SYS_ADVISOR TO SYSTEM WITH GRANT OPTION
How it appears in the audit_log :
HOST | PORT | SERVICE_NAME | CONNECTION_ID | CLIENT_HOST | CLIENT_IP | CLIENT_PID | CLIENT_PORT | USER_NAME | STATEMENT_USER_NAME | APPLICATION_NAME | APPLICATION_USER_NAME | XS_APPLICATION_USER_NAME | AUDIT_POLICY_NAME | EVENT_STATUS | EVENT_LEVEL | EVENT_ACTION | SCHEMA_NAME | OBJECT_NAME | PRIVILEGE_NAME | ROLE_SCHEMA_NAME | ROLE_NAME | GRANTEE_SCHEMA_NAME | GRANTEE | GRANTABLE | FILE_NAME | SECTION | KEY | PREV_VALUE | VALUE | STATEMENT_STRING |
<hostname> | <port number> | nameserver | <connection id> | 0 | 0 | SYSTEM | _SYS_ADVISOR | ? | ? | SYSTEM | SYSTEM_ACTIONS_ALL | SUCCESSFUL | CRITICAL | GRANT PRIVILEGE | _SYS_ADVISOR | ? | DELETE | ? | ? | ? | SYSTEM | GRANTABLE | ? | ? | USER | ? | ? | GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON SCHEMA _SYS_ADVISOR TO SYSTEM WITH GRANT OPTION |
Read more...
Environment
SAP HANA, platform edition
Product
Keywords
automated, GRANT, SYSTEM, user, _SYS_ADVISOR, executed, SYSTEMDB, tenant, statement, audit_log, select, insert, update, delete, execute, schema , KBA , HAN-DB-SEC , SAP HANA Security & User Management , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.