Access to the HDI database objects is performed automatically by the HDI container's technical user. If you want to provide additional users (other than the default technical user assigned to the HDI container) with access to database objects, you need to create one or more dedicated database roles and grant theses roles to the users requiring access to the database objects. Although it is technically possible to create catalog roles using either the SAP HANA Cockpit or SQL, for roles that are needed to access database objects in the container, it is recommended to define the role using a design-time file in the HDB module of your project.
The design-time files used to create roles must have the extension .hdbrole in order to be recognized as design-time role files.
Each role must be defined in its own .hdbrole design-time file.
It is not possible to create several roles within the same .hdbrole file.
The role ID (including a valid namespace if applicable) must be unique in the HDB module, as for any other object (calculation view, synonym, and so on).
Types of Privileges in a Design-Time Role
The .hdbroleconfig File
The .hdbrole file cannot contain references to real schema names, but only logical references to schemas that are resolved in another type of design-time file: the .hdbroleconfig file.
The purpose of the.hdbroleconfig file is to maintain the actual name of the external schemas in a dedicated file, instead of having many occurrences of the schema names in the .hdbrole files themselves. It makes the maintenance of a project easier when you are able to maintain the references to external schemas in just one place.
You can create the .hdbroleconfig file manually and then specify this file when you create your .hdbrole file. Or you can generate the .hdbroleconfig file automatically from within the .hdbrole editor and then optionally adjust the generated file if required.