English 中文(简体)
SAP HANA Tutorial

SAP HANA Introduction

SAP HANA Modeling

SAP HANA Reporting

SAP HANA Security

SAP HANA Data Replication

SAP HANA Monitoring


SAP HANA Useful Resources

Selected Reading

SAP HANA - Authentications
  • 时间:2024-06-22

SAP HANA - Authentications

Previous Page Next Page  

All SAP HANA users that have access on HANA database are verified with different Authentications method. SAP HANA system supports various types of authentication method and all these login methods are configured at time of profile creation.

Below is the pst of authentication methods supported by SAP HANA −

    User name/Password


    SAML 2.0

    SAP Logon tickets



User Name/Password

This method requires a HANA user to enter user name and password to login to database. This user profile is created under User management in HANA Studio → Security Tab.

Password should be as per password popcy i.e. Password length, complexity, lower and upper case letters, etc.

You can change the password popcy as per your organization’s security standards. Please note that password popcy cannot be deactivated.

Username password


All users who connect to HANA database system using an external authentication method should also have a database user. It is required to map external login to internal database user.

This method enables users to authenticate HANA system directly using JDBC/ODBC drivers through network or by using front end apppcations in SAP Business Objects.

It also allows HTTP access in HANA Extended Service using HANA XS engine. It uses SPENGO mechanism for Kerberos authentication.



SAML stands for Security Assertion Markup Language and can be used to authenticate users accessing HANA system directly from ODBC/JDBC cpents. It can also be used to authenticate users in HANA system coming via HTTP through HANA XS engine.

SAML is used only for authentication purpose and not for authorization.


SAP Logon and Assertion Tickets

SAP Logon/assertion tickets can be used to authenticate users in HANA system. These tickets are issued to users when they login into SAP system, which is configured to issue such tickets pke SAP Portal, etc. User specified in SAP logon tickets should be created in HANA system, as it does not provide support for mapping users.

SAP Logon and Assertion Tickets

X.509 Cpent Certificates

X.509 certificates can also be used to login to HANA system via HTTP access request from HANA XS engine. Users are authenticated by certificated that are signed from trusted Certificate Authority, which is stored in HANA XS system.

User in trusted certificate should exist in HANA system as there is no support for user mapping.

Cpent Certificates

Single Sign On in HANA system

Single sign on can be configured in HANA system, which allows users to login to HANA system from an initial authentication on the cpent. User logins at cpent apppcations using different authentication methods and SSO allows user to access HANA system directly.

SSO can be configured on below configuration methods −



    X.509 cpent certificates for HTTP access from HANA XS engine

    SAP Logon/Assertion tickets