Security in SAP HANA
Security
In this we need to provide different activities for different users.
User management
Types of users
There are three types of uses:
Business users
view results of business modeling
use client tools
Modelers
Define business models
use the information modeler of SAP HANA Studio
Administrators
- Manage SAP HANA Data base
- Use the administration console of SAP HANA STUDIO
Authentication
To liable to log on to the system, users have to be authenticated currently there are two authentication types:
Database – internal authentication with user name and password.
External authentication via a third – party authentication provider
Internal Authentication
Users are created is SAP HANA database only
Authentication is handled by SAP HANA database via username / Password combination
Using External User Repositions for Authentications:
SAP HANA database supports mapping of users created in SAP HANA database to external users via the Microsoft windows active directory or the MIT kerberos network authentication protocol
These core tutorials will help you to learn the Security in SAP HANA. For an in-depth understanding and practicalexperience, explore SAP HANA Training in Hyderabad.
AS the preconditions, you have installed the relevant kereberos clients software form your operating system software package and SAPHANA database has been configured accordingly
The users stored in the Microsoft active directory or the MIT Kereberos key distribution center can then be mapped to database users in SAP HANA data box . For that purpose, specify the user principle Name (UPN) as the external ID when creating the database user
Authorization
SAP HANA database provides its own authorization Service:
All authorizations on data all handled in SAP HANA data box
The user with which you log on to the system determines which database objects you on acumen and modify
Users can only perform operations for which they have been granted privileges
Exception
There are two default users created during installation, which have a fixed set of privileges each by default
User can have the following types of privileges
Privileges that were directly granted to them (“Direct privileges”.)
Privileges that were granted to notes that they belongs to ( inherited privileges)
User provisioning
Users and roles are defined in side SAP HANA DB Using HANA STUDIO
Read & Role Hierarchy
Users and their assignments to roles
Creating Roles
ROLE – ADMIN Privileges is required to create roles a newly created role is initially empt.,
The new rde name must be different from any other existing role or user name existing role or user name
Procedure
- Select Authorization in the Navigator
- In the context menu select new Role
- Create A “Role”
Role name:- Enter the role name
Visibility
Define whether the role should be available internally o globally : enter the global ID, which specifies the external role name for the global user, it is possible to grant other roles (Granted roles or privileges (SQL. Privileges, Analytical Privileges, system privileges) to the role.
To allow the user of this to pass on privileges to their users mark the grant option
Choose deploy to create the role
Changing Roles
You can change the Role properties:
Procedure
Select Authorization Role in the together
Select the role
In the context menu select open
Change the role
You can change the Global ID ( invisibility is GLOBAL)
You can grant other roles (Granted Roles) or privileges (SQL – Privileges, analytical privileges, system privileges) to a role or other them.
You can change the grant option which allows the user to parts on his privileges to other user when set
Choose deploy to save the chooses
Creating users
We (You) can create users specify a user name, which is not identical to the name of an existing user or role
Procedure
Select authorization in the navigator
In the context menu, select New User
Create the user
User name: Enter the user name
Authentication: Define whether the user authentication should be carried out intimation or externally for internal Authentication: Enter and conform a password.
External Authentication: Enter the external ID specified in active directory for the user.
You can grant roles (Granted Roles) and/or privileges (SQL privileges, analytical privileges, system privileges) to the user to allow the user to pass on his privileges to other users, mark the grant option
Choose Deploy to crate
Changing Users
We can change user properties of example password, roles and privilege
Procedure
Select Authorization users in the navigation
Select the User
In the context menu select open and expend the upper section using the arrow in the upper right corner
Change the user
Password: We can change the password if authentication in Internal , on the external ID if the authorization in External
Roles and privileges:
We can grant roles and Revoke and/or privileges
(SQL privileges, analytical privileges, system privileges) to the user
Grant Option: We can change the Grant option which allows the user to pass on his privileges to other user when set
Deleting Roles
Procedure
Select Authorization Role in the Navigation
Select the role
In the context menu, select delete
Deleting Users
Procedure
Select Authorization User in the navigator
Select the user
In the contest menu, select delete.
For an Indepth knowledge on SAP HANA, click on below