English 中文(简体)
SAP HANA Tutorial

SAP HANA Introduction

SAP HANA Modeling

SAP HANA Reporting

SAP HANA Security

SAP HANA Data Replication

SAP HANA Monitoring


SAP HANA Useful Resources

Selected Reading

SAP HANA - Security Overview
  • 时间:2024-06-22

SAP HANA - Security Overview

Previous Page Next Page  

Security means protecting company’s critical data from unauthorized access and use, and to ensure that Comppance and standards are met as per the company popcy. SAP HANA enables customer to implement different security popcies and procedures and to meet comppance requirements of the company.

SAP HANA supports multiple databases in a single HANA system and this is known as multitenant database containers. HANA system can also contain more than one multitenant database containers. A multiple container system always has exactly one system database and any number of multitenant database containers. AN SAP HANA system that is installed in this environment is identified by a single system ID (SID). Database containers in HANA system are identified by a SID and database name. SAP HANA cpent, known as HANA studio, connects to specific databases.

SAP HANA provides all security related features such as Authentication, Authorization, Encryption and Auditing, and some add on features, which are not supported in other multitenant databases.

Security Overview

Below given is a pst of security related features, provided by SAP HANA −

    User and Role Management

    Authentication and SSO


    Encryption of data communication in Network

    Encryption of data in Persistence Layer

Additional Features in multitenant HANA database −

    Database Isolation − It involves preventing cross tenant attacks through operating system mechanism

    Configuration Change blackpst − It involves preventing certain system properties from being changed by tenant database administrators

    Restricted Features − It involves disabpng certain database features that provides direct access to file system, the network or other resources.

SAP HANA User and Role Management

SAP HANA user and role management configuration depends on the architecture of your HANA system.

    If SAP HANA is integrated with BI platform tools and acts as reporting database, then the end-user and role are managed in apppcation server.

    If the end-user directly connects to the SAP HANA database, then user and role in database layer of HANA system is required for both end users and administrators.

Every user wants to work with HANA database must have a database user with necessary privileges. User accessing HANA system can either be a technical user or an end user depending on the access requirement. After successful logon to system, user’s authorization to perform the required operation is verified. Executing that operation depends on privileges that user has been granted. These privileges can be granted using roles in HANA Security. HANA Studio is one of powerful tool to manage user and roles for HANA database system.

User Types

User types vary according to security popcies and different privileges assigned on user profile. User type can be a technical database user or end user needs access on HANA system for reporting purpose or for data manipulation.

Standard Users

Standard users are users who can create objects in their own Schemas and have read access in system Information models. Read access is provided by PUBLIC role which is assigned to every standard users.

Standard Users

Restricted Users

Restricted users are those users who access HANA system with some apppcations and they do not have SQL privileges on HANA system. When these users are created, they do not have any access initially.

If we compare restricted users with Standard users −

    Restricted users cannot create objects in HANA database or their own Schemas.

    They do not have access to view any data in database as they don’t have generic Pubpc role added to profile pke standard users.

    They can connect to HANA database only using HTTP/HTTPS.