SAP HANA – insufficient privilege: Cannot grant activated roles

In last time I created a new user as a copy of an existing one. I use short SQL queries for this purpose. For example, below query give me ready output for granting roles to NEW_USER exactly the same like TEMPLATE_USER.

-- granted roles:
 select 'grant "' || role_name || '" to NEW_USER;' from SYS.GRANTED_ROLES where grantee='TEMPLATE_USER';

This is good for standard database role but the problem arises when You using predefined roles, e.g. sap.hana.xs.* or sap.hana.replay.*, etc.

Example:

-- You try grant role:
grant "sap.hana.replay.roles::Capture" to NEW_USER';

-- Output:
Could not execute 'grant "sap.hana.replay.roles::Capture" to NEW_USER'
SAP DBTech JDBC: [258]: insufficient privilege: Cannot grant activated roles: line 1 col 7 (at pos 6)

Solution

To eliminate above query error You should execute:

call grant_activated_role ('sap.hana.replay.roles::Capture', 'NEW_USER');

Here You have helpful query, which will give You the ability to grant permissions like sap.hana* to a NEW_USER based on TEMPLATE_USER:

select 'call grant_activated_role (''' || role_name || ''', ''NEW_USER'');' from SYS.GRANTED_ROLES where role_name like 'sap.hana%' and grantee='TEMPLATE_USER';

Copyright © 2021. SAPBasisWorld.com Privacy Policy