Professional Documents
Culture Documents
SAP HANA Security
SAP HANA Security
SAP HANA Security is protecting important data from unauthorized access and
ensures that the standards and compliance meet as security standard adopted
by the company.
1. 3-Tier Architecture.
SAP application (ERP, BW, etc.) connects to database only with the help
of a technical user or database administrator (Basis Person). The end-
user cannot directly access to database or database server.
2. 2-Tier Architecture.
When the user enters their database username and password, then SAP
HANA Database authenticate the user.
The Privileges can be granted to the user directly or indirectly (through roles).
All Privileges assign to users are combined as a single unit.
When a user tries to access any SAP HANA Database object, HANA System
performs authorization check on the user through user roles and directly grants
the privileges.
When requested Privileges found, HANA system skips further checks and grant
access to request database objects.
Privileges Description
Types
Object Object Privileges are SQL privileges that are used to give authorization to read and modify
Privileges database objects. To access database objects user needs object privileges on database objects
on the schema in which database object exists. Object privileges can be granted to catalog
objects (table, view, etc.) or non-catalog objects (development objects). Object Privileges are
below –
CREATE ANY
UPDATE, INSERT, SELECT, DELETE, DROP, ALTER, EXECUTE
INDEX, TRIGGER, DEBUG, REFERENCES
Analytic Analytic Privileges are used to allow read access on data of SAP HANA Information model
Privileges (attribute view, Analytic View, calculation View).
Control for individual users to see the data is in the same view.
Package Package Privileges are used to provide authorization for actions on individual packages in SA
Privileges HANA Repository.
Application Application Privileges are required in In SAP HANA Extended Application Services (SAP
Privileges HANA XS) for access application.
1. Technical User (DBA User) – It is a user who directly work with SAP
HANA database with necessary privileges. Normally, these users don't
get deleted from the database.
SYSTEM
SYS
_SYS_REPO
Standard This user can create objects in an own PUBLIC role is assigned for read system views.
User schema and reads data in system views.
Standard User created with "CREATE
USER" statement.
1. Create/delete User.
2. Define and Create Role.
3. Grant Role to the user.
4. Resetting user password.
5. Re-activate / de-activate user according to requirement.
Step 1) To create new user in SAP HANA Studio go to security tab as
shown below and follow the following steps;
1. Go to security node.
2. Select Users (Right Click) -> New User.
We can use the standard role as a template for creating a custom role.
Role Creation
Tick option "Grantable to other users and roles", if you want to assign this role
to other user and role.
3. Grant Role to User
STEP 1) In this step, we will Assign Role "MODELLING_VIEW" to another user
"ABHI_TEST".
1. Go to User sub-node under Security node and double click it. User
window will show.
2. Click on Granted roles "+" Icon.
3. A pop-up will appear, Search Role name which will be assign to the user.
STEP 2) In this step, role "MODELLING_VIEW" will be added under Role.
If user password needs to reset, then go to User sub-node under Security node
and double click it. User window will show.
5. Re-Activate/De-activate User
Go to User sub-node under Security node and double click it. User window will
show.
Summary:
In this tutorial, we have learned following topic -