SAP HANA
SAP HANA is an in-memory, column-oriented, relational database management system developed and marketed by SAP SE.
SAP HANA Security
Sap Hana Security is protecting important data from unauthorized access and ensures that the standards and compliance meet as per the security standard.
User Type in SAP HANA
Depending on the different security policy there are two types of users in SAP HANA as below –
Technical User (DBA User) –
It is a user who directly work with SAP HANA database with necessary privileges. SAP HANA Database system provides following user by default as standard user –
- SYSTEM
- SYS
- _SYS_REPO
Database or Real User:
Database user is a real person who works on SAP HANA. There are two types of Database user as below –
Standard User: This user can create objects in an own schema and reads data in system views. Standard User created with “CREATE USER” statement. PUBLIC role is assigned for read system views.
Restricted User: Restricted User connects to database through HTTP Only. ODBC/JDBC access for client connection must be enabled with SQL statement.
User creation in SAP HANA –
only database user with ROLE ADMIN privileges can create user and role in SAP HANA
Step 1) To create new user in SAP HANA Studio go to security tab as shown below and follow the following steps;
Go to security node.
Select Users (Right Click) -> New User.
Step 2) A user creation screen appears.
Enter User Name.
Enter Password for the user.
These are authentication mechanism, by default User name / password is used for authentication.
By Clicking on the deploy Button user will be created.
SAP HANA privileges:
Privilege is the permission to execute certain actions. Total 6 types of privileges are available in SAP HANA
1)System privileges
2)Object privileges
3)Analytic privileges
4)Package privileges
5)Application privileges
6)Privileges on User
1- System Privileges
It controls normal system activity. System Privileges are mainly used for
- Managing license
- Managing version
- Creating and Deleting Schema in SAP HANA Database
- Managing Audit
- Importing and Exporting content
- Managing user and role in SAP HANA Database
- Monitoring and tracing of SAP HANA database
- Performing data backups
- Maintaining Delivery Units
2- Object Privileges
Object Privileges are SQL privileges that are used to give authorization to read and modify database objects. Object privileges can be granted to catalog objects (table, view, etc.) or non-catalog objects (development objects).
3- Analytic Privileges
Analytic Privileges are used to allow read access on data of SAP HANA Information model (attribute view, Analytic View, calculation View).
This privilege is evaluated during query processing.
Analytic Privileges grants different user access on different part of data in the Same information view based on user role.
Analytic Privileges are used in SAP HANA database to provide row level data Control for individual users to see the data is in the same view.
4- Package Privileges
Package Privileges are used to provide authorization for actions on individual packages in SAP HANA Repository
5- Application Privileges
Application Privileges are required in In SAP HANA Extended Application Services (SAP HANA XS) for access application.
6- Privileges on User
It is an SQL Privileges, which can grant by the user on own user. ATTACH DEBUGGER is the only privilege that can be granted to a user.
Define and Create Role
A role is a collection of privileges that can be granted to other users or role. The role includes privileges for database object & application and depending on the nature of the job. We can use the standard role as a template for creating a custom role. A role can contain following privileges –
System Privileges for administrative and development task
Object Privileges for database objects
Analytic Privileges for SAP HANA Information View
Package Privileges on repository packages
Application Privileges for SAP HANA XS applications.
Privileges on the user (For Debugging of procedure).
Role Creation
Step 1) In this step,
Go to Security node in SAP HANA System.
Select Role Node (Right Click) and select New Role.
Step 2) A role creation screen is displayed.
Give Role name under New Role Block.
Select Granted Role tab, and click “+” Icon to add Standard Role or exiting role.
Select Desired role
Step 3) In this step,
Selected Role is added in Granted Roles Tab.
Privileges can be assigned to the user directly by selecting System Privileges, object Privileges, Analytic Privileges, Package Privileges, etc.
Click on deploy icon to create Role.
Tick option “Grantable to other users and roles”, if you want to assign this role to other user and role.
Grant Role to User
Step 1) In this step, we will Assign Role to a user.
Go to User sub-node under Security node and double click it. User window will show.
Click on Granted roles “+” Icon.
A pop-up will appear, Search Role name which will be assign to the user.
Step 2) In this step, role will be added.
Step 3) In this step,
Click on Deploy Button.
A Message changed is displayed.
Resetting User Password
If user password needs to reset, then go to User sub-node under Security node and double click it. User window will show.
Step 1) In this step,
Enter new password.
Enter Confirm password.
Step 2) In this step,
Click on Deploy Button.
A message changed is displayed.
Re-Activate/De-activate User
Go to User sub-node under Security node and double click it. User window will show.
There is De-Activate User icon. Click on it
A confirmation message “Popup” will appear. Click on ‘Yes’ Button.
A message “User’ deactivated” will be displayed. The De-Activate icon changes with name “Activate user”. Now we can activate user from the same icon
SAP HANA License Management
The license key is required to use SAP HANA Database.
SAP HANA database support two types of license key –
Permanent License Key: Permanent license keys are valid till expiration date.
Temporary License Key: This is valid for 90 days and automatically installed with a new SAP HANA Database Installation.
Authorization of License Management
SAP HANA Auditing
SAP HANA Auditing features allow you to monitor and record action which is performed in SAP HANA System.
Authorization for SAP HANA Auditing