In this second blog series, here are some of the Key SAP HANA Security concept functions as follows.
1.) Authentication – Authentication in SAP HANA can be done using SAP HANA Studio or SAP Web IDE.
2.) Authorization – In SAP HANA, we called as “Privileges”. It is the similar as authorizations, Transaction Codes and Authorization Objects but just a different terminology word in SAP.
3.) User Management – In SAP HANA, we can manage the User Management using SAP HANA Studio or SAP Wed IDE. In SAP HANA, users can be classified in two groups:
A.) Regular users – Regular users are named users or real persons who work as data modelers or data administrators.
B.) Technical users – Technical users are internal users within the SAP HANA database such as _SYS_STATISTICS, _SYS_REPO that cannot be logged in from outside but are technical user IDs used internally for managing the SAP HANA database.
In SAP HANA, the key User Types are classified into 2 types as follows:-
i.) SYSTEM User Type – which is used as an overall system admin ID. Avoid using the SYSTEM user ID and monitor the control to prevent regular end users from using this user ID. ADM User is another user ID which has Unlimited OS access to all resources related to HANA.
ii.) ROOT User Type – which is another user ID which is used to install and upgrade only.
Now one question that everyone asks is “Is the environment secured when we consider SAP HANA Security?” Answer to the Response is that In SAP HANA, there are several objects that constitute the HANA database. HANA is not just a database but also a modeling environment. Some of the objects that are used to secure are Views, Functions, Indexes, Sequences, Synonyms, Triggers, Tables and Views. From a modeling perspective, the three important views in HANA are attributing Views, Analytic Views and Calculation Views. I am not going to explain what these objects are as we are focused on HANA security, but let’s discuss the “Privileges” or what we know as “Authorizations” in this next blog series.
SAP HANA Privileges are broken down to Object Privileges, Package Privileges, Analytic Privileges and System Privileges. SAP HANA provides database schemas in which objects such as tables, indexes, and views are stored. Access to data stored in these objects and the schema that holds these objects are managed using object privileges. Package Privileges are used to secure Packages which are individual projects within the SAP HANA database. Analytic privileges provide row level control of what data users can see on the data models and System privileges help to monitor execution of administrative actions for the entire SAP HANA database.