privilegeAnalysis ​
Command:
privilegeAnalysis
Category: Security
Status: Production Ready
Description ​
Analyze user or role privileges and generate least-privilege recommendations based on granted system, object, and role privileges.
Syntax ​
bash
hana-cli privilegeAnalysis [options]Aliases ​
privanalysisprivanalyze
Command Diagram ​
Parameters ​
Positional Arguments ​
This command does not accept positional arguments.
Options ​
| Option | Alias | Type | Default | Description |
|---|---|---|---|---|
--user | -u | string | - | Target user to analyze. |
--role | -r | string | - | Target role to analyze. |
--showUnused | --unused | boolean | false | Include unused privileges in the output. |
--suggest | -s | boolean | true | Suggest least-privilege recommendations. |
Connection Parameters ​
| Option | Alias | Type | Default | Description |
|---|---|---|---|---|
--admin | -a | boolean | false | Connect via admin (default-env-admin.json) |
--conn | - | string | - | Connection filename to override default-env.json |
Troubleshooting ​
| Option | Alias | Type | Default | Description |
|---|---|---|---|---|
--disableVerbose | --quiet | boolean | false | Disable verbose output |
--debug | -d | boolean | false | Enable debug output |
For the runtime-generated option list, run:
bash
hana-cli privilegeAnalysis --helpExamples ​
Basic Usage ​
bash
hana-cli privilegeAnalysis --user TESTUSER --suggestAnalyze TESTUSER privileges and include least-privilege suggestions.
Related Commands ​
roles- List roles and role metadatausers- List database usersgrantChains- Visualize privilege inheritance chains
See the Commands Reference for other commands in this category.