Professional Documents
Culture Documents
Sap Hana Security PDF Free
Sap Hana Security PDF Free
SAP HANA Security is protecting important data from unauthorized access and
ensures that the standards and compliance meet as security standard adopted
by the company.
1. 3-Tier Architecture.
SAP application (ERP, BW, etc.) connects to database only with the help
of a technical user or database administrator (Basis Person). The end-
user cannot directly access to database or database server.
2. 2-Tier Architecture.
When the user enters their database username and password, then SAP
HANA Database authenticate the user.
The Privileges can be granted to the user directly or indirectly (through roles).
All Privileges assign to users are combined as a single unit.
When a user tries to access any SAP HANA Database object, HANA System
performs authorization check on the user through user roles and directly grants
the privileges.
When requested Privileges found, HANA system skips further checks and grant
access to request database objects.
Privileges Description
Types
Object Object Privileges are SQL privileges that are used to give authorization to read and modify
Privileges database objects. To access database objects user needs object privileges on database objects
on the schema in which database object exists. Object privileges can be granted to catalog
objects (table, view, etc.) or non-catalog objects (development objects). Object Privileges are
below –
CREATE ANY
UPDATE, INSERT, SELECT, DELETE, DROP, ALTER, EXECUTE
INDEX, TRIGGER, DEBUG, REFERENCES
Analytic Analytic Privileges are used to allow read access on data of SAP HANA Information model
Privileges (attribute view, Analytic View, calculation View).
Control for individual users to see the data is in the same view.
Package Package Privileges are used to provide authorization for actions on individual packages in SA
Privileges HANA Repository.
Application Application Privileges are required in In SAP HANA Extended Application Services (SAP
Privileges HANA XS) for access application.
Privileges on It is an SQL Privileges, which can grant by the user on own user.
User
ATTACH DEBUGGER is the only privilege that can be granted to a user.
1. Technical User (DBA User) – It is a user who directly work with SAP
HANA database with necessary privileges. Normally, these users don't
get deleted from the database.
SYSTEM
SYS
_SYS_REPO
2. Database or Real User: Each user who wants to work on SAP HANA
database, need a database user. Database user are a real person who
works on SAP HANA.
Standard This user can create objects in an own PUBLIC role is assigned for read system views.
User schema and reads data in system views.
Standard User created with "CREATE
USER" statement.
1. Create/delete User.
2. Define and Create Role.
3. Grant Role to the user.
4. Resetting user password.
5. Re-activate / de-activate user according to requirement.
1. Create User in SAP HANA- only database user with ROLE ADMIN
privileges can create user and role in SAP HANA.
1. Go to security node.
2. Select Users (Right Click) -> New User.
We can use the standard role as a template for creating a custom role.
Role Creation
Tick option "Grantable to other users and roles", if you want to assign this role
to other user and role.
3. Grant Role to User
1. Go to User sub-node under Security node and double click it. User
window will show.
2. Click on Granted roles "+" Icon.
3. A pop-up will appear, Search Role name which will be assign to the user.
If user password needs to reset, then go to User sub-node under Security node
and double click it. User window will show.
5. Re-Activate/De-activate User
Go to User sub-node under Security node and double click it. User window will
show.
Permanent License Key: Permanent license keys are valid till expiration
date. We need to request and apply license key before expire. If license
key expires then Temporary License Key are is automatically installed for
28 days.
Temporary License Key: This is automatically installed with a new SAP
HANA Database Installation. It is valid for 90 days and later can apply for
Permanent key from SAP.
Summary:
In this tutorial, we have learned following topic -