Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
When you look at security and data privacy investments from a business perspective, what are the most common challenges faced today? First and foremost, the costs for security operations and security management are on most people’s minds. The growing number of privacy and data protection regulations only increase the pressure here.

This is why the new SPS 04 release of SAP HANA 2.0 provides important enhancements addressing these challenges:

  • Data anonymization KPIs increase transparency for decision makers when assessing anonymization scenarios, easy-to-understand new controls simplify the setup of anonymization views, and l-diversity enhances the k-anonymity method

  • Audit retention policies let you specify a retention period after which audit log entries are automatically deleted

  • Simplified authorization troubleshooting gets SAP HANA users up and running again quickly and with less administrative overhead

These new features fit seamlessly into SAP HANA’s comprehensive security framework which enables businesses to innovate with confidence: with secure access to data and applications, a secure setup, and software that is resilient against attacks.

Data anonymization extensions

SAP HANA data anonymization, which was introduced with SAP HANA 2.0 SPS 03, allows you to get analytical insights from data while protecting the privacy of individuals.

With the new release, SAP HANA introduces anonymization KPIs that help decision makers to assess critical variables for risk and utility. This makes it easier to achieve the right balance between the goals of protecting data privacy while ensuring that the anonymized data remains useful.

Real-time data anonymization was released with two anonymization methods: differential privacy and k-anonymity. Now l-diversity has been added, which is an extension to k-anonymity and provides additional protection for data sets with homogeneous sensitive attributes.

The setup of k-anonymity has also been simplified with the automation of generating hierarchies for generalizing quasi-identifying attributes, and data scientist can now control additional parameters when setting up anonymization views.

And finally, SQL views are now supported for data anonymization – previously only calculation views were available.

Need more information? Check out Stephan Kessler's blog on how to Anonymize like a Rock Star!

Find more information on our anonymization web page at, read about an anonymization show case in this blog, and review the documentation.

Audit retention policies

Fine-tuned retention management is an important building block for compliance. You can now specify a retention period after which audit log entries of individual audit policies will be automatically deleted.

But compliance requirements are not the only reason why you might want to delete audit log entries: you can of course also use this new functionality to free up database space, delete audit log entries that simply are no longer needed.

The new audit configuration wizard in the SAP HANA cockpit makes it much easier to set up audit policies and to specify settings like the audit retention period.

For more information on audit log management, have a look at our documentation.

Simplified authorization troubleshooting

Authorization is a cornerstone of controlled access in SAP HANA. Defining authorization concepts requires careful thought and consideration. If authorization errors occur in either the test or productive landscape, they need to be quickly resolved so that users can access the database objects they require. The new authorization troubleshooting features introduced in SAP HANA 2.0 SPS 04 aim to simplify troubleshooting by adding two new techniques.

Authorization error collection - Collect all authorization errors over a configurable amount of time with no need to enable additional tracing. Use a built-in procedure to retrieve information about a missing end-user privilege by means of an error ID.

For more information about resolving insufficient privilege errors, check out the documentation.

Authorization Dependency Viewer in the SAP HANA cockpit - Visualize the object privilege hierarchy and troubleshoot missing privileges.

Stay tuned for an upcoming blog on the Authorization Dependency Viewer in the SAP HANA cockpit!

What else?

These are just the security highlights for SAP HANA 2.0 SPS 04, but there is much more:

  • SAP HANA cockpit’s new security checklist makes it easy to review the most important security settings

  • Column encryption provides new key rotation options and support for additional operations like joins on encrypted data

  • The TLS/SSL best practice guide explains how to configure TLS/SSL in typical HANA scenarios.

More information

Please check out the updated security guide. For general information on the SAP HANA 2.0 SPS 04 enhancements, read the blog or review the SPS 04 release notes.

And don’t forget to visit our SAP HANA security website at