Security
In this, we need to provide different activities for different users.
If you would like to become an SAP Hana Admin certified professional, then visit Tekslate - A Global online training platform:"SAP Hana Admin training and certification course". This course will help you to achieve excellence in this domain.
User management
Types of users: There are three types of uses
Business users: View results of business modeling
use client tools
Modelers: Define business models
use the information modeler of SAP HANA Studio
Administrators
- Manage SAP HANA Database+-
- Use the administration console of SAP HANA STUDIO
Authentication
To liable to log on to the system, users have to be authenticated currently there are two authentication types:
Database – internal authentication with user name and password.
External authentication via a third – party authentication provider
Internal Authentication
- Users are created in SAP HANA database only
- Authentication is handled by SAP HANA database via username/password combination
- Using External User Repositions for Authentications:
- SAP HANA database supports the mapping of users created in the SAP HANA database to external users via the Microsoft windows active directory or the MIT Kerberos network authentication protocol
- AS the preconditions, you have installed the relevant Kerberos client's software form your operating system software package and SAP HANA database has been configured accordingly
- The users stored in the Microsoft active directory or the MIT Kerberos key distribution center can then be mapped to database users in the SAP HANA data box. For that purpose, specify the user principal name (UPN) as the external ID when creating the database user
Authorization
SAP HANA database provides its own authorization Service:
All authorizations on data all handled in SAP HANA data box
The user with which you log on to the system determines which database objects you on acumen and modify
Users can only perform operations for which they have been granted privileges
Exception: There are two default users created during installation, which have a fixed set of privileges each by default
User can have the following types of privileges
Privileges that were directly granted to them (“Direct privileges”.)
Privileges that were granted to notes that they belong to ( inherited privileges)
User provisioning
Users and roles are defined inside SAP HANA DB Using HANA STUDIO
Read & Role Hierarchy
Users and their assignments to roles
Creating Roles
ROLE – ADMIN Privileges is required to create roles a newly created role is initially empt.,
The new ride name must be different from any other existing role or user name existing role or user name
Procedure
- Select Authorization in the Navigator
- In the context menu select New Role
- Create A “Role”
Role name: Enter the role name
Visibility
Define whether the role should be available internally o globally: enter the global ID, which specifies the external role name for the global user, it is possible to grant other roles (Granted roles or privileges (SQL. Privileges, Analytical Privileges, system privileges) to the role.
To allow the user of this to pass on privileges to their users mark the grant option
Choose to deploy to create the role
Changing Roles
You can change the Role properties:
Procedure
- Select Authorization Role in the together
- Select the role
- In the context menu select open
- Change the role
- You can change the Global ID ( invisibility is GLOBAL)
- You can grant other roles (Granted Roles) or privileges (SQL – Privileges, analytical privileges, system privileges) to a role or other them.
- You can change the grant option which allows the user to parts on his privileges to another user when setting
- Choose to deploy to save the chooses
Creating users
We (You) can create users specify a user name, which is not identical to the name of an existing user or role
Procedure
- Select authorization in the navigator
- In the context menu, select New User
- Create the user
User name: Enter the user name
Authentication: Define whether the user authentication should be carried out intimation or externally for internal Authentication: Enter and confirm a password.
External Authentication: Enter the external ID specified in the active directory for the user.
You can grant roles (Granted Roles) and/or privileges (SQL privileges, analytical privileges, system privileges) to the user to allow the user to pass on his privileges to other users, mark the grant option
Choose Deploy to crate
Changing Users
We can change user properties of example password, roles, and privilege
Procedure
- Select Authorization users in the navigation
- Select the User
- In the context menu select open and expend the upper section using the arrow in the upper right corner
Change the user
Password: We can change the password if authentication in Internal, on the external ID if the authorization in External
Roles and privileges:
We can grant roles and Revoke and/or privileges
(SQL privileges, analytical privileges, system privileges) to the user
Grant Option: We can change the Grant option which allows the user to pass on his privileges to other users when setting
Deleting Roles
Procedure
Select Authorization Role in the Navigation
Select the role
In the context menu, select delete
Deleting Users
Procedure
Select Authorization User in the navigator
Select the user
In the context menu, select delete.
For in-depth knowledge on SAP HANA, click on below
- Performance Tuning in SAP HANA
- Security in SAP HANA
- Analytical Privileges in SAP HANA
- Organizing system Landscapes in SAP Hana
- SAP HANA Views