Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
javed_khan3
Explorer
4,213

Intro:


This article will cover Basics of HANA DB Authorization for initial learners, the in depth detailes will be covered in next Blog.

SAP HANA


SAP HANA is an in-memory, column-oriented, relational database management system developed and marketed by SAP SE.

SAP HANA Security

Sap Hana Security is protecting important data from unauthorized access and ensures that the standards and compliance meet as per the security standard.

User Type in SAP HANA:


Depending on the different security policy there are two types of users in SAP HANA as below –

Technical User (DBA User)


It is a user who directly work with SAP HANA database with necessary privileges. SAP HANA Database system provides following user by default as standard user–

  • SYSTEM

  • SYS

  • _SYS_REPO


Database or Real User:


Database user is a real person who works on SAP HANA. There are two types of Database user as below –

Standard User: This user can create objects in an own schema and reads data in system views. Standard User created with “CREATE USER” statement. PUBLIC role is assigned for read system views.

Restricted User: Restricted User connects to database through HTTP Only. ODBC/JDBC access for client connection must be enabled with SQL statement.

User creation in SAP HANA- 


only database user with ROLE ADMIN privileges can create user and role in SAP HANA

Step 1) To create new user in SAP HANA Studio go to security tab as shown below and follow the following steps;

Go to security node.

Select Users (Right Click) -> New User.


User Creation


 

Step 2) A user creation screen appears.

Enter User Name.

Enter Password for the user.

These are authentication mechanism, by default User name / password is used for authentication.


 


 

By Clicking on the deploy Button user will be created.


 

SAP HANA privileges:

Privilege is the permission to execute certain actions. Total 6 types of privileges are available in SAP HANA

1)System privileges

2)Object privileges

3)Analytic privileges

4)Package privileges

5)Application privileges

6)Privileges on User

1- System Privileges


It controls normal system activity. System Privileges are mainly used for

  • Managing license

  • Managing version

  • Creating and Deleting Schema in SAP HANA Database

  • Managing Audit

  • Importing and Exporting content

  • Managing user and role in SAP HANA Database

  • Monitoring and tracing of SAP HANA database

  • Performing data backups

  • Maintaining Delivery Units



System Privilege


 

 2- Object Privileges


Object Privileges are SQL privileges that are used to give authorization to read and modify database objects. Object privileges can be granted to catalog objects (table, view, etc.) or non-catalog objects (development objects).


Object Privilege


 

 3- Analytic Privileges


Analytic Privileges are used to allow read access on data of SAP HANA Information model (attribute view, Analytic View, calculation View).

This privilege is evaluated during query processing.

Analytic Privileges grants different user access on different part of data in the Same information view based on user role.

Analytic Privileges are used in SAP HANA database to provide row level data Control for individual users to see the data is in the same view.


Analytical Privilege


 

 4- Package Privileges


Package Privileges are used to provide authorization for actions on individual packages in SAP HANA Repository


Package Privilege


 

 

 5- Application Privileges


Application Privileges are required in In SAP HANA Extended Application Services (SAP HANA XS) for access application.


Application Privilege


 

6- Privileges on User


It is an SQL Privileges, which can grant by the user on own user. ATTACH DEBUGGER is the only privilege that can be granted to a user.


Privileges on User


 

 

Define and Create Role


A role is a collection of privileges that can be granted to other users or role. The role includes privileges for database object & application and depending on the nature of the job. We can use the standard role as a template for creating a custom role. A role can contain following privileges –

System Privileges for administrative and development task

Object Privileges for database objects

Analytic Privileges for SAP HANA Information View

Package Privileges on repository packages

Application Privileges for SAP HANA XS applications.

Privileges on the user (For Debugging of procedure).

 

Role Creation


Step 1) In this step,

Go to Security node in SAP HANA System.

Select Role Node (Right Click) and select New Role.


Role Creation


 

Step 2) A role creation screen is displayed.


 

Give Role name under New Role Block.

Select Granted Role tab, and click “+” Icon to add Standard Role or exiting role.

Select Desired role

 

Step 3) In this step,

Selected Role is added in Granted Roles Tab.

Privileges can be assigned to the user directly by selecting System Privileges, object Privileges, Analytic Privileges, Package Privileges, etc.

Click on deploy icon to create Role.


Role assignment


Tick option “Grantable to other users and roles”, if you want to assign this role to other user and role.

   Grant Role to User


Step 1) In this step, we will Assign Role to a user.

Go to User sub-node under Security node and double click it. User window will show.

Click on Granted roles “+” Icon.

A pop-up will appear, Search Role name which will be assign to the user.


Grant Role


 

Step 2) In this step, role will be added.


Step 3) In this step,

Click on Deploy Button.

A Message changed is displayed.


 

Resetting User Password


If user password needs to reset, then go to User sub-node under Security node and double click it. User window will show.

Step 1) In this step,

Enter new password.

Enter Confirm password.


                                                          Password reset

Step 2) In this step,

Click on Deploy Button.

A message changed is displayed.

 

Re-Activate/De-activate User


Go to User sub-node under Security node and double click it. User window will show.

There is De-Activate User icon. Click on it

 


User De-Activate


 

A confirmation message “Popup” will appear. Click on ‘Yes’ Button.

A message “User’ deactivated” will be displayed. The De-Activate icon changes with name “Activate user”. Now we can activate user from the same icon

 

SAP HANA License Management


The license key is required to use SAP HANA Database.

SAP HANA database support two types of license key –

Permanent License Key: Permanent license keys are valid till expiration date.

Temporary License Key: This is valid for 90 days and automatically installed with a new SAP HANA Database Installation.


SAP HANA License


Authorization of License Management

 

SAP HANA Auditing


SAP HANA Auditing features allow you to monitor and record action which is performed in SAP HANA System.


SAP HANA Auditing


Authorization for SAP HANA Auditing

 

Author's linkedIn Profile : linkedin.com/in/javedkhan0107
1 Comment
Labels in this area