SAP HANA, SAP HANA Cloud, SAP HANA Enterprise Cloud, SAP HANA Studio

SAP HANA DB Authorization concept

webadmin

SAP HANA

SAP HANA is an in-memory, column-oriented, relational database management system developed and marketed by SAP SE.

SAP HANA Security

Sap Hana Security is protecting important data from unauthorized access and ensures that the standards and compliance meet as per the security standard.

User Type in SAP HANA

Depending on the different security policy there are two types of users in SAP HANA as below –

Technical User (DBA User) –

It is a user who directly work with SAP HANA database with necessary privileges. SAP HANA Database system provides following user by default as standard user –

  • SYSTEM
  • SYS
  • _SYS_REPO

Database or Real User:

Database user is a real person who works on SAP HANA. There are two types of Database user as below –

Standard User: This user can create objects in an own schema and reads data in system views. Standard User created with “CREATE USER” statement. PUBLIC role is assigned for read system views.

Restricted User: Restricted User connects to database through HTTP Only. ODBC/JDBC access for client connection must be enabled with SQL statement.

User creation in SAP HANA –

only database user with ROLE ADMIN privileges can create user and role in SAP HANA

Step 1) To create new user in SAP HANA Studio go to security tab as shown below and follow the following steps;

Go to security node.

Select Users (Right Click) -> New User.

User Creation

Step 2) A user creation screen appears.

Enter User Name.

Enter Password for the user.

These are authentication mechanism, by default User name / password is used for authentication.

By Clicking on the deploy Button user will be created.

SAP HANA privileges:

Privilege is the permission to execute certain actions. Total 6 types of privileges are available in SAP HANA

1)System privileges

2)Object privileges

3)Analytic privileges

4)Package privileges

5)Application privileges

6)Privileges on User

1- System Privileges

It controls normal system activity. System Privileges are mainly used for

  • Managing license
  • Managing version
  • Creating and Deleting Schema in SAP HANA Database
  • Managing Audit
  • Importing and Exporting content
  • Managing user and role in SAP HANA Database
  • Monitoring and tracing of SAP HANA database
  • Performing data backups
  • Maintaining Delivery Units
System Privilege

2- Object Privileges

Object Privileges are SQL privileges that are used to give authorization to read and modify database objects. Object privileges can be granted to catalog objects (table, view, etc.) or non-catalog objects (development objects).

Object Privilege

3- Analytic Privileges

Analytic Privileges are used to allow read access on data of SAP HANA Information model (attribute view, Analytic View, calculation View).

This privilege is evaluated during query processing.

Analytic Privileges grants different user access on different part of data in the Same information view based on user role.

Analytic Privileges are used in SAP HANA database to provide row level data Control for individual users to see the data is in the same view.

Analytical Privilege

4- Package Privileges

Package Privileges are used to provide authorization for actions on individual packages in SAP HANA Repository

Package Privilege

5- Application Privileges

Application Privileges are required in In SAP HANA Extended Application Services (SAP HANA XS) for access application.

Application Privilege

6- Privileges on User

It is an SQL Privileges, which can grant by the user on own user. ATTACH DEBUGGER is the only privilege that can be granted to a user.

Privileges on User

Define and Create Role

A role is a collection of privileges that can be granted to other users or role. The role includes privileges for database object & application and depending on the nature of the job. We can use the standard role as a template for creating a custom role. A role can contain following privileges –

System Privileges for administrative and development task

Object Privileges for database objects

Analytic Privileges for SAP HANA Information View

Package Privileges on repository packages

Application Privileges for SAP HANA XS applications.

Privileges on the user (For Debugging of procedure).

Role Creation

Step 1) In this step,

Go to Security node in SAP HANA System.

Select Role Node (Right Click) and select New Role.

Role Creation

Step 2) A role creation screen is displayed.

Give Role name under New Role Block.

Select Granted Role tab, and click “+” Icon to add Standard Role or exiting role.

Select Desired role

Step 3) In this step,

Selected Role is added in Granted Roles Tab.

Privileges can be assigned to the user directly by selecting System Privileges, object Privileges, Analytic Privileges, Package Privileges, etc.

Click on deploy icon to create Role.

Role assignment

Tick option “Grantable to other users and roles”, if you want to assign this role to other user and role.

Grant Role to User

Step 1) In this step, we will Assign Role to a user.

Go to User sub-node under Security node and double click it. User window will show.

Click on Granted roles “+” Icon.

A pop-up will appear, Search Role name which will be assign to the user.

Grant Role

Step 2) In this step, role will be added.

Step 3) In this step,

Click on Deploy Button.

A Message changed is displayed.

Resetting User Password

If user password needs to reset, then go to User sub-node under Security node and double click it. User window will show.

Step 1) In this step,

Enter new password.

Enter Confirm password.

Password reset

Step 2) In this step,

Click on Deploy Button.

A message changed is displayed.

Re-Activate/De-activate User

Go to User sub-node under Security node and double click it. User window will show.

There is De-Activate User icon. Click on it

User De-Activate

A confirmation message “Popup” will appear. Click on ‘Yes’ Button.

A message “User’ deactivated” will be displayed. The De-Activate icon changes with name “Activate user”. Now we can activate user from the same icon

SAP HANA License Management

The license key is required to use SAP HANA Database.

SAP HANA database support two types of license key –

Permanent License Key: Permanent license keys are valid till expiration date.

Temporary License Key: This is valid for 90 days and automatically installed with a new SAP HANA Database Installation.

SAP HANA License

Authorization of License Management

SAP HANA Auditing

SAP HANA Auditing features allow you to monitor and record action which is performed in SAP HANA System.

SAP HANA Auditing

Authorization for SAP HANA Auditing

Rating: 0 / 5 (0 votes)