Professional Documents
Culture Documents
helpguid
helpguid
PUBLIC
Warning
This document has been generated from the SAP Help Portal and is an incomplete version of the official SAP product
documentation. The information included in custom documentation may not re ect the arrangement of topics in the SAP Help
Portal, and may be missing important aspects and/or correlations to other topics. For this reason, it is not for productive use.
This is custom documentation. For more information, please visit the SAP Help Portal 1
7/18/2024
Context
The CLIENT user parameter can be used to authorize named users in SAP HANA database. Only a user with the USER ADMIN
system privilege can change the value of the CLIENT parameter already assigned to other users. However, at runtime, any user
can assign an arbitrary value to the CLIENT parameter either by setting the corresponding session variable or passing the
parameter via placeholder in a query.
While this is the desired behavior for technical users that work with multiple clients such as SAP Business Warehouse, S/4
HANA, or SAP Business Suite, it is problematic in named user scenarios if the CLIENT parameter is used to authorize access to
data and not only to perform data ltering.
Procedure
1. Grant the system privilege CLIENT PARAMETER ADMIN to database users or roles who are permitted to access to the
CLIENT user parameter (for example, technical users).
Sample Code
GRANT CLIENT PARAMETER ADMIN TO <user or role>;
2. In the global.ini con guration le, see the value of the [authorization] secure_client_parameter to
true.
Results
Only users with the system privilege CLIENT PARAMETER ADMIN can overwrite the value of the CLIENT parameter for a
database connection or the value of the $$client$$ parameter in an SQL query.
Related Information
SAP Note 2582162
This is custom documentation. For more information, please visit the SAP Help Portal 2