SAP HANA Security | SAP HANA User Management

Security

In this, we need to provide different activities for different users.

User management

Types of users: There are three types of uses

Business users: View results of business modeling

use client tools

Modelers: Define business models

use the information modeler of SAP HANA Studio

Administrators

• Manage SAP HANA Database+-
• Use the administration console of SAP HANA STUDIO

If you would like to become an SAP Hana Admin certified professional, then visit Tekslate - A Global online training platform: "SAP Hana Admin training and certification course"

Authentication

To liable to log on to the system, users have to be authenticated currently there are two authentication types:

Database – internal authentication with user name and password.

External authentication via a third – party authentication provider

Internal Authentication

• Users are created in SAP HANA database only
• Authentication is handled by SAP HANA database via username/password combination
• Using External User Repositions for Authentications:
• SAP HANA database supports the mapping of users created in the SAP HANA database to external users via the Microsoft windows active directory or the MIT Kerberos network authentication protocol
• AS the preconditions, you have installed the relevant Kerberos client's software  form your operating system software package and SAP HANA database has been configured accordingly
• The users stored in the Microsoft active directory or the MIT Kerberos key distribution center can then be mapped to database users in the SAP HANA data box. For that purpose, specify the user principal name (UPN) as the external ID when creating the database user

Authorization

SAP HANA database provides its own authorization Service:

All authorizations on data all handled in SAP HANA data box

The user with which you log on to the system determines which database objects you on acumen and modify

Users can only perform operations for which they have been granted privileges

Exception: There are two default users created during installation, which have a fixed set of privileges each by default

User can have the following types of privileges

Privileges that were directly granted to them (“Direct privileges”.)

Privileges that were granted to notes that they belong to ( inherited privileges)

User provisioning

Users and roles are defined inside SAP HANA DB Using HANA STUDIO

Read & Role Hierarchy

Users and their assignments to roles

Creating Roles

ROLE – ADMIN Privileges is required to create roles a newly created role is initially empt.,

The new ride name must be different from any other existing role or user name existing role or user name

Procedure

• Select Authorization in the Navigator
• In the context menu select New  Role
• Create A “Role”

Role name: Enter the role name

Visibility

• Define whether the role should be available internally o globally: enter the global ID, which specifies the external role name for the global user, it is possible to grant other roles (Granted roles or privileges (SQL. Privileges, Analytical Privileges, system privileges) to the role.
• To allow the user of this to pass on privileges to their users mark the grant option
• Choose to deploy to create the role

Changing Roles

You can change the Role properties:

Procedure

• Select Authorization Role in the together
• Select the role
• In the context menu select open
• Change the role
• You can change the Global ID ( invisibility  is GLOBAL)
• You can grant other roles (Granted Roles) or privileges (SQL – Privileges, analytical privileges, system privileges) to a role or other them.
• You can change the grant option which allows the user to parts on his privileges to another user when setting
• Choose to deploy to save the chooses

Creating users

We (You) can create users specify a user name, which is not identical to the name of an existing user or role

Procedure

• Select authorization in the navigator
• In the context menu, select New User
• Create the user

User name: Enter the user name

Authentication: Define whether the user authentication should be carried out intimation or externally for internal Authentication: Enter and confirm a password.

External Authentication: Enter the external ID specified in the active directory for the user.

You can grant roles (Granted Roles) and/or privileges (SQL privileges, analytical privileges, system privileges) to the user to allow the user to pass on his privileges to other users, mark the grant option

Choose Deploy to crate

Changing Users

We can change user properties of example password, roles, and privilege

Procedure

• Select Authorization  users in the navigation
• Select the User
• In the context menu select open and expend the upper section using the arrow in the upper right corner

Change the user

Password: We can change the password if authentication in Internal, on the external ID if the authorization in External

Roles and privileges: We can grant roles and Revoke and/or privileges (SQL privileges, analytical privileges, system privileges) to the user

Grant Option: We can change the Grant option which allows the user to pass on his privileges to other users when setting

Deleting Roles

Procedure

Select Authorization                       Role in the Navigation

Select the role

In the context menu, select delete

Deleting Users

Procedure

Select Authorization                      User in the navigator

Select the user

In the context menu, select delete.

For in-depth knowledge on SAP HANA, click on below

• Performance Tuning in SAP HANA
• Security in SAP HANA
• Analytical Privileges in SAP HANA
• Organizing system Landscapes in SAP Hana
• SAP HANA Views