SAP HANA Database Authorization Check and Role Building

With the introduction of SAP S/4HANA (and thus the HANA database, HANA DB) end-users will be able to directly access Core Data Services in the HANA database and bypass the authorization check in the S/4HANA ABAP system.

For database administrators, SAP provides the SAP HANA studio and the SAP HANA cockpit. These tools also require a new authorization and role concept.

The Xiting HANA DB Authorization Service includes administrative tools, role templates and the following deliverables:

Your Contact
AMERICAS

Alessandro Banzer
SAP HANA Database
[email protected]

Your Contact
EMEA

Volker Deneke
SAP HANA Database
[email protected]

Are you interested in these services?

Contact us for a non-binding offer!

SAP HANA Authorization Services in Detail

Your Challenge

The HANA cockpit is SAP’s new user interface for database administrators. Unfortunately, the HANA database doesn’t rely on traditional ABAP authorizations and, as a result, organizations have to implement a separate authorization concept to control access to the HANA cockpit and the underlying database.

In addition to XS Classic and XS Advanced, HDB Studio and hdbsql are available as environments for development and role building.

Another challenge is that certain use cases require business users to directly access the Core Data Services. To implement such scenarios, you have to authorize users via special HANA database privileges that add further complexity to the overall access framework.

To assist with the creation of catalogs, repositories and HDI roles, SAP offers the HANA security tools.

Database users can be created and managed directly in HANA or external IDM systems. In addition, HANA offers various transport options for roles and objects.

 

Our solution

With the HANA Security Services developed by Xiting, we help customers better understand the differences between the various tools for administering and managing the HANA database.

We will also present the advantages and disadvantages of the SAP HANA Cockpit and the SAP HANA Studio, and show you which authorizations are required.

Security administrators must be able to create roles, manage password rules and user groups, and detect authorization problems. Our service introduces you to the necessary roles and functionalities.

For example, SAP recommends deactivating the SYSTEM user. As part of our workshop, we show you which privileges you can use to manage the HANA database without relying on a SYSTEM user.

In addition, HANA also has unique requirements related to auditing. We explain how security audits can be created and transported to other systems.

Plus, our HANA Security Service provides clear recommendations for creating HANA roles and managing users. If Core Data Services (Views) should not be visible to all users in plain text, we will also be happy to show you all the functions required for data masking.

 

SAP HANA Database Services

Basics Workshop

  • Creation of a common understanding of SAP HANA DB and clarification of terms.
  • Presentation of the possible application scenarios for an SAP HANA database, as well as the resulting effects on the system landscape.
  • Displaying of the SAP HANA security functionalities, such as password security, database auditing, user and role management, datacenter integration and transport.

Authorization Concept

  • Presentation of the SAP HANA authorization concept in a workshop.
  • Based on the workshop results, we create a basic SAP HANA authorization concept, which includes defined roles for daily operations.
  • Creation of roles for actors, such as basic administrators, transport, power users and/or developers.
  • Implementation of the created roles in an SAP HANA database system/system network.
  • Assignment of the previously created authorization roles for the respective user types in the target databases.
  • Creation and provision of the complete documentation.

Security Check

  • Review of your SAP HANA database from the point of view of the assignment of authorizations and system configuration, based on a clearly defined set of rules.
  • Documentation and evaluation of the results.
  • Recommendation of operational measures.

More Information

Educational Webinar
SAP HANA Database: Learn more about this topic in our webinar with one of our experts.

SAP Security Blog
Read more about this topic and other SAP security related blog posts in our SAP Se

More Xiting Services
Xiting covers a comprehensive range of services and workshops.

Contact

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 9888 155
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]
Contact
Demo