What Is SAP HANA Security?

SAP HANA Security is needed to protect valuable data from illegal access and is required to ensure that standards and compliance meet as the safety standard adopted by any company.
SAP HANA uses a Multitenant database wherein multiple databases are created on a single SAP HANA system known as the multitenant database container. So all the security-related features are provided for the multitenant database container in SAP HANA.

In this tutorial session, we will be covering the following topics:

Security-related features provided by SAP HANA are:

  • Authorization
  • User and Role Management
  • Authentication
  • Encryption of Data in the Network Layer
  • Encryption of Data in the Persistence Layer

Check out the top SAP HANA Interview Questions to learn what is expected from SAP professionals!

SAP HANA Authorization

Whenever you need to access the SAP HANA database, SAP HANA Authorization is needed. Depending on the authorization provided to the user, database operations on a database object are performed. This authorization required is called ‘privileges’. Privileges can be given directly or indirectly to the user through different roles. All these privileges which are assigned to users are consolidated as a single or one unit.
Whenever a user tries to obtain access to any SAP HANA database object, HANA system runs an authorization check on the user and immediately grants him the privileges.
When the inquired privileges are found, the HANA system jumps further and examines to grant access to the requested database objects.

Want to get certified in SAP HANA. Learn from our SAP HANA expert and do excel in your career with intellipaat’s SAP HANA Admin certification!

SAP HANA User and Role Management

SAP HANA User and Role Management configuration depends on the architecture of your SAP HANA system.

  • If the end-user straight away combines to the SAP HANA database, the role and user in the database layer of the HANA system is needed by administrators and end-users.
  • The end-users and roles are managed by the application server whenever SAP HANA is integrated with BI platform tools.

Any user who wants to work with the HANA database should have a database user with certain privileges. Any technical or end-user can access the HANA system according to the access requirement. After logging into the system, a user can perform the required operation. It depends on the privileges which allow a user to execute an operation. HANA Studio  is a powerful tool to manage users and roles for the HANA database system.

Visit our SAP HANA Community to get answers to all your queries!

SAP HANA Authentication

Admin of the database identifies who can access the SAP HANA database. This process of verifying a database user is called ‘authentication’.
SAP HANA Authentication
Authentication methods supported by SAP HANA are:

  • SAP Logon and Assertion Tickets
    A user can be authenticated by Logon or Assertion Tickets, which can be configured and issued to a user for creating a ticket.
  • User Name/Password
    When a user enters their username and password for their respective databases, the SAP HANA database authenticates the user.
  • Kerberos: It can be used in the following cases:
    • When HTTP is used to access SAP HANA XS
    • Directly from JDBC and ODBC Client (SAP HANA Studio)
  • Security Assertion Markup Language (SAML)
    SAML
    is used to authenticate an SAP HANA user, who is accessing the SAP HANA database directly through ODBC/JDBC. It is a process of mapping external user identity to the internal database user, so the user can log in to the SAP database with the external user ID.
  • 509 Clients Certificates
    When SAP HANA XS Access by HTTP, Client certificates signed by a trusted Certification Authority (CA) can be used to authenticate the user.

Go through this SAP HANA Course in Bangalore to get a clear understanding of SAP HANA!

SAP HANA User Administration and Role Management

If you need to access the SAP HANA database, several types of users are required. These users depend on different security policies. Following are the types of users required:

  • Technical User (DBA User): A DBA user works directly with the SAP HANA database with all the required privileges. These users don’t get deleted from the database though. DBA users are created for an administrative task, i.e., creating an object and granting privileges onto the database object. Following are the standard users provided by the SAP HANA database system:
    • SYS
    • SYSTEM
    • _SYS_REPO
  • Database or Real User: Each and every user who wants to work on the SAP HANA database needs a database user. Database users are people working on SAP HANA. There are the following types of database users:
    • Standard User: A standard user creates objects in a schema and reads the data present in the system views. A standard user can be created with the CREATE USER statement.
    • Restricted User: A restricted user has no SQL access through an SQL console. A restricted user can be created with the CREATE RESTRICTED USER statement. If privileges are required for any application, they can be provided via this role.
      • A restricted user can’t view data in the database.
      • A restricted user connects to the database through HTTP only.
      • A restricted user can’t create database objects.

Are you interested in learning SAP HANA from experts? Enroll in our SAP Course in Singapore now!

SAP HANA User Administration and Role Management

SAP HANA License Management

In order to use the SAP HANA database, a license key is required. This key can be both installed and deleted using SAP HANA Studio, SAP HANA SQL Query Editor, and SAP HANA HDBSQL command-line tool. There are two types of license keys supported by SAP HANA database:

  • Temporary License Key: This license key gets installed automatically when a new SAP HANA database is installed. This key is valid for 90 days from installation. We can apply for a permanent key from SAP, later.
  • Permanent License Key: Permanent keys have an expiration date and are valid till that date only. A request needs to be sent before expiration to renew the license key. Just in case the license key expires, a temporary license key is automatically installed for the next 28 days.

Keyword for License Management Privileges: ‘LICENSE ADMIN’

SAP HANA Auditing

SAP HANA Auditing allows you to record and monitor actions that are performed in the SAP HANA system. These features are activated for the system before creating an audit policy.
Keyword for SAP HANA Auditing Privileges: ‘AUDIT ADMIN’

Go for the most professional SAP HANA Training Course for a SAP HANA career now!

In this session of the SAP HANA tutorial, we learned the basics of SAP HANA Security and understood the need for Admins. In the next session, we will be covering SAP HANA Data Replication.

Recommended Videos

Leave a Reply

Your email address will not be published. Required fields are marked *