Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Former Member

Security / Authorizations

Will all existing users get migrated to HANA DB with the correct authorizations?

Absolutely – The ERP database to HANA migration is a full database migration

Will the user administration in ERP on HANA change, how does this impact our security team? Does the Basis Team need to be involved in this HANA research work?

All ERP users / roles are defined through the ERP Application layer. The only change is for the users of the HANA data modeling studio in the HANA datamart, and that also applies to SHAF.

Yes, it is recommended to train the Basis team in SAP HANA, there are specific technical training classes available.

Where can I find more details on the HANA security capabilities?

SAP HANA Security Guide

This guide describes how to enable security for SAP HANA appliance software and the SAP HANA database.

Is the authorization in the SHAF (SAP HANA Analytical Framework) rather comparable to the ERP on HANA security model, or to the HANA data mart security model?

The user privileges in the SAP HANA data mart security model are currently less granular than the authorizations in BW on HANA and in ERP on HANA.
If more complex security is required, the recommendation is to consume the HANA data models via BW Transient or Virtual InfoProviders.

In order to access SHAF in the sidecar scenario, the Business Suite users share the same technical database user for connecting to the HANA sidecar. This authorization check within Business Suite using PFCG & authorization check.
Once SHAF in the sidecar has been accessed,  HANA based Analytics (Access from reporting tools to HANA ) is utilized. Each HANA based Analytics user becomes a database user and the authorization check within HANA using privileges

Please see the link to the HANA security guide for more details:

SAP HANA database authorization mechanisms use the following privileges:

●System privileges
Perform system-level operations or administrative tasks

●Object privileges
Perform specified actions on specified database objects

●Analytic privileges
Allow selective access control for database views generated when modeled are activated

●Package Privileges
Allow operations on packages, for example, creation and maintenance. Privileges can differ for native and imported packages.

Database Replication Security Guides

These guides describe how to enable security for the data replication technologies related to the SAP HANA appliance software.

SAP HANA Security Guide - Trigger-Based Replication (SLT)

SAP BusinessObjects Data Services Administrator's Guide. Please see the chapters "Security" and "User and Rights Management:

Labels in this area