- Kyma ✅
- Cloud Foundry ✅
This part of the Expert Features explains how to export and import SAP HANA Cloud HDI (HANA Deployment Infrastructure) containers in a SaaS scenario. This can be useful to back up your subscriber data on a regular basis. Please be aware that the import process will overwrite the content of your target container. For this reason also make sure, not to apply incompatible database changes between the backup and import of a container.
Before approaching this part of the Expert Features, please make sure to set up a new HDI Container Group Administrator first as described in the following part of the Expert Features (HDI Container Administration) and use the respective user for the steps below.
In this sample use-case we assume the following backup scenario. If your scenario is different from the following assumptions, please test your requirements in a sandbox system first, before deleting any tenant database containers! In general, we recommend testing all backup-related steps before applying them in a productive environment!
- You did a database container backup of tenant ABC
- You unsubscribed tenant ABC or removed the consumer subaccount
- You create a new subaccount and subscribe tenant ABC again
- You want to load the backup into the new and empty database container of tenant ABC
So the important assumption is, that the target container for the import of the backup already exists and is part of the ordinary tenant database container lifecycle managed by the Service Manager.
Hint - In case you don't want to overwrite the target container (e.g. due to incompatible database changes), you can also import the exported container into a new database schema instead of overwriting the target schema. After the import, you can manually insert the required backups into the target container.
Creating and storing backups of database containers is a very critical process from a data security perspective. As a SaaS provider, you need to ensure this process is well aligned with your SaaS customers and that only a very limited group of people has permissions to access, export, and import customer database containers.
As an alternative to a manual export, please also consider an automated technical approach (using respective SQL commands) that includes strong encryption of exported containers in a secure location. Containers can also be exported to Cloud Sources like Azure Storage or AWS S3. Please find the required steps in the respective SAP Help documents (see Further Information).
Before approaching this part of the Expert Features, please make sure to set up a new HDI Container Group Administrator first as described in the following part of the Expert Features (Manage Tenant Database Containers).
- The tables in the schema of the exported container must not be larger than 2GB.
- The exporting user needs to be an Admin of your container's HDI Container Group.
- Dependent objects need to be imported first (e.g., a shared database container).
- The Object Owner (#OO) of the targeted import container needs all required permissions (e.g., for a shared database container).
Especially for the last prerequisite, please check the Dependencies and privileges chapter!
3.1. Find the ID of the consumer tenant of which you want to export using the SAP BTP Subscription Management Dashboard. Click on your SaaS Registry service instance to open the Dashboard.
3.2. Find the related tenant database container within your Service Manager instance by checking the labels.
3.3. Open the existing service key, to identify the schema name of the container you want to export.
3.4. Go to the SAP HANA Database Explorer and log in with an HDI Container (Group) Admin (e.g., SUSAAS_OPS) of the database container you want to export (see Prerequisites section).
Hint - Go to your SAP HANA Tools to find the link to your Database Explorer by clicking on the ... button next to your SAP HANA Cloud Instance.
If you are already logged in with another user, please do a right-click on the root of your existing database connection and click on Add database with different user. This will allow you to define a new database connection (see screenshots).
3.5. Right-click the root of this user's database connection and select Export HDI Container.
3.6. Select the Local export target and search for the schema name which you identified in the service key of the corresponding Service Manager container instance.
3.7. Select the schema from the result list and click on Prepare HDI Container for Download to start the process.
3.8. Select Prepare in the next popup.
3.9. Click the refresh button in the Background Activities pane, until your export job is in status SUCCESS.
3.10. Double-click on your export job, to open the download popup and download your exported container content.
3.11. After downloading, you can delete the temporary database table again which was created for the export.
3.12. Therefore, select your export job by clicking on the checkbox and hitting the trash icon.
3.13. You can now delete the background activity and/or the temporary table by selecting the option of your choice.
4.1. Go to SAP HANA Database Explorer and log in with an HDI Container (Group) Admin of the container you want to restore your backup in.
Important - The database container in which you want to restore your backup, already has to exist before doing the following steps! Also, check the next chapter (click here) to learn about pre-import prerequisites in case of cross-container-access scenarios!
4.2. Right-click the root of this user's database connection and select Import HDI Container.
4.3. Select the Local Import Source and in the next step click on Browse to select the archived database container content from your hard disk.
4.4. Select the archive file which you previously exported.
4.5. Click on Upload File.
4.6. Confirm the upload in the popup window.
4.7. Wait until the upload has finished.
Hint - As of today, you can only import to a new database container using the user interface, but it's not possible to import data into an existing database container. Therefore, an SQL command needs to be executed instead of clicking on Import HDI Container.
4.8. Refresh the schema content of your HDI Container Group Admin.
4.9. Check the tables for the database container backup stored in a temporary table.
4.10. Open a new SQL console using the HDI Container Admin of the targeted import container.
4.11. Copy and paste the following SQL command and change the parameters as described. Then click on Run or hit F8.
Just pull the table into your SQL command window to make your life a bit easier.
SQL Code
CALL _SYS_DI#BROKER_CG.IMPORT_CONTAINER_FOR_COPY( -- BROKER_CG = Broker Container Group
'ABC123DGH456HIJ789KLM123NOP456QRS789', -- Target schema to import container data
CURRENT_SCHEMA, -- Schema containing uploaded container
'.SAP.HRTT.ImportHDI.99991231.125959.abc-...-xyz', -- Table name containing uploaded container
_SYS_DI.T_NO_PARAMETERS, -- Can remain default
?, ?, ? -- Can remain default
); Sample
CALL _SYS_DI#BROKER_CG.IMPORT_CONTAINER_FOR_COPY(
'A12F6AC586D24B4B805A3E2587DAF10D',
CURRENT_SCHEMA,
'.SAP.HRTT.ImportHDI.20220811.144424.38b0386c-f99c-48e3-a994-5041120c7bf6',
_SYS_DI.T_NO_PARAMETERS,
?, ?, ?
); 4.12. Check the logs to see if the import was successful.
4.13. You can now delete the temporary container backup table from your HDI Container Group Admin schema. Do a right-click on your table and choose Delete.
All external objects referenced in the imported container (e.g., if the imported container is accessing a shared database container) must already be available in the database and accessable to the object owner (#OO-user) of the targeted import container when starting the import process. So, if necessary, grant the object owner of the target container required privileges for accessing these objects of a shared container.
If a shared container exposes a role for cross-container access, this role must be granted (before the import) to the object owner (#OO-user) of the import target container. The role can be granted to the #OO-user either by a role administrator (ROLE ADMIN) or by using the HDI Container API for role assignment.
Sample SQL command to assign a role using the SAP HDI Container API:
CREATE LOCAL TEMPORARY COLUMN TABLE #ROLES LIKE _SYS_DI.TT_SCHEMA_ROLES;
INSERT INTO #ROLES ( ROLE_NAME, PRINCIPAL_SCHEMA_NAME, PRINCIPAL_NAME ) VALUES ( 'COM_EXTERNAL_ACCESS#', '', 'IMPORT_TARGET_CONTAINER#OO' );
CALL SHARED_CONTAINER#DI.GRANT_CONTAINER_SCHEMA_ROLES(#ROLES, _SYS_DI.T_NO_PARAMETERS, ?, ?, ?);
DROP TABLE #ROLES;For more details, check the links provided in the Further Information section.
Please use the following links to find further information on the topics above:
- SAP Help - Export an SAP HDI Container for Copy Purposes
- SAP Help - Export an SAP HDI Container for Copy Purposes to a Cloud Store
- SAP Help - Import an SAP HDI Container for Copy Purposes
- SAP Help - Import an SAP HDI Container for Copy Purposes from a Cloud Store
- SAP Help - Grant a User a Role from the SAP HDI Container's Schema
- SAP Help - Revoke a Role from the SAP HDI Container's Schema