Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

LATEST UPDATE: December, 2020 =========================================

For the latest information, visit our blog post series about SAP HANA certification:

For the SAP Press Certification Success Guide, see

For the blog post, see


This blog is part of a series to help you pass the SAP Certified Technology Associate - SAP HANA 2.0 certification exam, C_HANATEC_13.

For an overview of the exam, see

For the sample questions, see

Topic Areas

There are 10 topic areas and you can expect about 8 questions for each topic.

In this blog, I will discuss the Users and Authorization topic.

On the SAP Training website for C_HANATEC_13, the exam objective for this topic is stated:
Describe the SAP HANA authorization concept, 
the SAP HANA database repository,
understand the roles and privileges concept.
Set up authorization traces.

Study Material

The study material for this topic is the training


The Maintaining Users and Authorization chapter in the HA200 guide covers authorization, privileges, roles and administrative tasks (about 75 pages).

The training guide for HA240 covers this as well in some more detail plus the repository, tracing, and some miscellaneous topics (300 pages).

You can download the index of both guides from the SAP Training website (see links above) in case you want to note the objectives of each unit.

These topics are also addressed in the following SAP HANA guides:

What's New?

The focus will be on the new SAP HANA 2.0 features, so if you are new to this version you might be interested to view the What's New videos first:

Note that C_HANATEC_13 covers SAP HANA 2.0 SPS 00 only. C_HANATEC_14 will cover SPS 02.


For this topic, you need to understand

  • the authorization framework: user, roles, and privileges and how they relate

  • what user management tasks there are, the tools you can use and how this works in a multi-tenant database

  • what user groups are

  • the different user types: how to convert a restricted user into a standard one

  • how to enable cross-tenant database access

  • the default SAP HANA users and roles created during installation and best practices for their usage

  • the different access channels (protocols) of SAP HANA clients

For the concepts, you can study the following chapters of the Security Guide

For the activities, you need to consult the Administration Guide or the relevant SAP HANA Developer Guide (there is one for SAP HANA studio and the SAP HANA Web-based Development Workbench for XS classic, and one for the SAP Web IDE for SAP HANA for XS Advanced)

It should not come as a surprise that MDC has made its way to this topic area. Make sure you are familiar with remote identities, for example

There are also a number of tutorial videos about these topics on the SAP HANA Academy

For the full playlist, see

SAP HANA Academy - Configure Cross-Tenant Database Access

SAP HANA Academy - Documentation: Security - Users in SAP HANA

SAP HANA Academy - Documentation: Security - Database User Types

SAP HANA Academy - Documentation: Security - Multitenant Database Containers


One of the key components in the authorization concept are privileges. You are not expected the know all the system privileges by heart but knowing the most important ones, see

SAP HANA Academy - Documentation: Security - Analytic Privileges I

SAP HANA Academy - Documentation: Security - Analytic Privileges II


The third pillar in the authorization concept, next to users and privileges, are roles.

You need to know the different types of roles (runtime, repository) and the default roles including SAP_INTERNAL_HANA_SUPPORT, see

As the SAP HANA repository has been deprecated for the SAP HANA 2.0 SPS 02 release, you might be surprised to get questions about repository roles (XS classic) and not about XS Advanced.

SAP HANA Academy - Documentation: Security - SAP HANA Roles Explained I

SAP HANA Academy - Documentation: Security - SAP HANA Roles Explained II

SAP HANA Academy - SAP HANA Security: Repository Role Editor

SAP HANA Academy - Monitoring SAP HANA: Monitoring Role


Administration Tasks

Part of this topic is also the most common user management tasks, like deactivating users (for example SYSTEM) and the configuration of a password policy (and blacklist), how to find out what roles and privileges a user has, and how to work with the dependency viewer. For this see

You might also find the following blog of use

SAP HANA Academy - SAP HANA Express: Security - Password Policy

SAP HANA Academy - SAP HANA Express: Security - Reset SYSTEM user password

SAP HANA Academy - Documentation: Security - Object Ownership in the SAP HANA database I

SAP HANA Academy - Documentation: Security - Object Ownership in the SAP HANA database II


SAP HANA Academy Playlists

SAP HANA Community Blogs

SAP Help Portal (Documentation)

SAP Training

Thank you for watching

The SAP HANA Academy provides technical enablement, implementation and adoption support for customers and partners with 1000’s of free tutorial videos.

For the full library, see SAP HANA Academy Library - by the SAP HANA Academy

For the full list of blogs, see Blog Posts – by the SAP HANA Academy