SAP HANA Permissions

The following permissions are needed by the person who installs the in-database deployment package:

Note: Some of the permissions listed below cannot be granted until the Auxiliary Wrapper Generator and Eraser Procedures are installed. For more information, see Auxiliary Wrapper Generator and Eraser Procedures.

Task	Permission Needed
Unpack the self-extracting archive file	owner of the SAS Embedded Process install directory. The SAS Embedded Process install directory must have permissions that allow Read and Execute permission by the database administrator user.
Install or uninstall the SAS Embedded Process (run InstallSASEPFiles.sh or UninstallSASEPFiles.sh script)	root authority
Import the SAS_EP procedure package	A user on the SAP HANA server that has at least the CONTENT_ADMIN role or its equivalent
Install AFL plugins (requires starting and stopping the database)	root authority and database administrator
Install an auxiliary procedure generator and eraser	SYSTEM user

The following permissions are needed by the person who runs the scoring models. Without these permissions, the publishing of the scoring models fails:

SAP HANA SPS08

EXECUTE ON SYSTEM.afl_wrapper_generator to userid | role;
EXECUTE ON SYSTEM.afl_wrapper_eraser to userid | role;
AFL__SYS_AFL_SASLINK_AREA_EXECUTE to userid | role;

SAP HANA SPS09:

AFLPM_CREATOR_ERASER_EXECUTE to userid | role;
EXECUTE, SELECT, INSERT, UPDATE, and DELETE on the schema that is used for scoring

In addition, the roles of sas.ep::User and AFL__SYS_AFL_SASLINK_AREA_EXECUTE must be assigned to any user who wants to perform in-database processing. The sas.ep::User role is created when you import the SAS_EP stored procedure. The AFL__SYS_AFL_SASLINK_AREA_EXECUTE role is created when the AFL wrapper generator is created.

Note: If you plan to use SAS Model Manager with the SAS Scoring Accelerator for in-database scoring, additional permissions are required. For more information, see Configuring SAS Model Manager.