7/6/2020 SAP HANA Security - Intellipaat Blog

Home / Tutorial / SAP HANA Security BECOME A CERTIFIED PROFESSIONAL

SAP HANA Security

In this tutorial session, we’ll be learning about SAP HANA Security overview, SAP HANA Authentication, SAP HANA Authorization,
SAP HANA User Administration method, SAP HANA Role Administration method, SAP HANA License Management process, and
SAP HANA Role Auditing process in detail.

8.5 K Views | 6 min read | Updated on June 13, 2020

By Naveen Bookmark

« Previous 9/12 in SAP HANA Tutorial Next »

SAP HANA Tutorial –

Learn SAP HANA
from Experts

SAP HANA Tutorial – Learn

SAP HANA from Experts

SAP HANA Architecture

SAP HANA Studio

SAP HANA Installation

SAP HANA Application

SAP HANA Modeling

SAP HANA Reporting

SAP HANA Integration With

Microsoft Excel

SAP HANA Security

SAP HANA Data Replication

SAP HANA Monitoring

SAP HANA Cheat Sheet

What Is SAP HANA Security?

SAP HANA Security is needed to protect valuable data from illegal access and is required to ensure that standards and
compliance meet as the safety standard adopted by any company.
SAP HANA uses a Multitenant database wherein multiple databases are created on a single SAP HANA system known as the
multitenant database container. So all the security-related features are provided for the multitenant database container in
SAP HANA.

In this tutorial session, we will be covering the following topics:

https://intellipaat.com/blog/tutorial/sap-hana-tutorial/sap-hana-security/ 1/6
7/6/2020 SAP HANA Security - Intellipaat Blog

SAP HANA Authorization

SAP HANA User and Role Management
SAP HANA Authentication
SAP HANA User Administration and Role Management
SAP HANA License Management
SAP HANA Auditing

Security-related features provided by SAP HANA are:

Authorization
User and Role Management
Authentication
Encryption of Data in the Network Layer
Encryption of Data in the Persistence Layer

Check out the top SAP HANA Interview Questions to learn what is expected from SAP professionals!

SAP HANA Authorization

Whenever you need to access the SAP HANA database, SAP HANA Authorization is needed. Depending on the authorization
provided to the user, database operations on a database object are performed. This authorization required is called
‘privileges’. Privileges can be given directly or indirectly to the user through different roles. All these privileges which are
assigned to users are consolidated as a single or one unit.
Whenever a user tries to obtain access to any SAP HANA database object, HANA system runs an authorization check on the
user and immediately grants him the privileges.
When the inquired privileges are found, the HANA system jumps further and examines to grant access to the requested
database objects.

Want to get certified in SAP HANA. Learn from our SAP HANA expert and do excel in your career with intellipaat’s SAP HA
NA Admin certification!

SAP HANA User and Role Management

SAP HANA User and Role Management configuration depends on the architecture of your SAP HANA system.

If the end-user straight away combines to the SAP HANA database, the role and user in the database layer of the HANA
system is needed by administrators and end-users.
The end-users and roles are managed by the application server whenever SAP HANA is integrated with BI platform tools.

Any user who wants to work with the HANA database should have a database user with certain privileges. Any technical or
end-user can access the HANA system according to the access requirement. After logging into the system, a user can perform
the required operation. It depends on the privileges which allow a user to execute an operation. HANA Studio  is a powerful
tool to manage users and roles for the HANA database system.

Visit our SAP HANA Community to get answers to all your queries!

SAP HANA Authentication

Admin of the database identifies who can access the SAP HANA database. This process of verifying a database user is called
‘authentication’.

https://intellipaat.com/blog/tutorial/sap-hana-tutorial/sap-hana-security/ 2/6
7/6/2020 SAP HANA Security - Intellipaat Blog

Authentication methods supported by SAP HANA are:

SAP Logon and Assertion Tickets

A user can be authenticated by Logon or Assertion Tickets, which can be configured and issued to a user for creating a
ticket.
User Name/Password
When a user enters their username and password for their respective databases, the SAP HANA database authenticates
the user.
Kerberos: It can be used in the following cases:

When HTTP is used to access SAP HANA XS

Directly from JDBC and ODBC Client (SAP HANA Studio)
Security Assertion Markup Language (SAML)
SAML is used to authenticate an SAP HANA user, who is accessing the SAP HANA database directly through ODBC/JDBC.
It is a process of mapping external user identity to the internal database user, so the user can log in to the SAP database
with the external user ID.
509 Clients Certificates
When SAP HANA XS Access by HTTP, Client certificates signed by a trusted Certification Authority (CA) can be used to
authenticate the user.

Go through this SAP HANA Course in Bangalore to get a clear understanding of SAP HANA!

SAP HANA User Administration and Role Management

If you need to access the SAP HANA database, several types of users are required. These users depend on different security
policies. Following are the types of users required:

Technical User (DBA User): A DBA user works directly with the SAP HANA database with all the required privileges. These
users don’t get deleted from the database though. DBA users are created for an administrative task, i.e., creating an
object and granting privileges onto the database object. Following are the standard users provided by the SAP HANA
database system:

SYS
SYSTEM
_SYS_REPO
Database or Real User: Each and every user who wants to work on the SAP HANA database needs a database user.
Database users are people working on SAP HANA. There are the following types of database users:

Standard User: A standard user creates objects in a schema and reads the data present in the system views. A
standard user can be created with the CREATE USER statement.
Restricted User: A restricted user has no SQL access through an SQL console. A restricted user can be created with
the CREATE RESTRICTED USER statement. If privileges are required for any application, they can be provided via this
role.

A restricted user can’t view data in the database.

https://intellipaat.com/blog/tutorial/sap-hana-tutorial/sap-hana-security/ 3/6
7/6/2020 SAP HANA Security - Intellipaat Blog

A restricted user connects to the database through HTTP only.

A restricted user can’t create database objects.

Are you interested in learning SAP HANA from experts? Enroll in our SAP Course in Singapore now!

SAP HANA License Management

In order to use the SAP HANA database, a license key is required. This key can be both installed and deleted using SAP HANA
Studio, SAP HANA SQL Query Editor, and SAP HANA HDBSQL command-line tool. There are two types of license keys
supported by SAP HANA database:

Temporary License Key: This license key gets installed automatically when a new SAP HANA database is installed. This
key is valid for 90 days from installation. We can apply for a permanent key from SAP, later.
Permanent License Key: Permanent keys have an expiration date and are valid till that date only. A request needs to be
sent before expiration to renew the license key. Just in case the license key expires, a temporary license key is
automatically installed for the next 28 days.

Keyword for License Management Privileges: ‘LICENSE ADMIN’

SAP HANA Auditing

SAP HANA Auditing allows you to record and monitor actions that are performed in the SAP HANA system. These features
are activated for the system before creating an audit policy.
Keyword for SAP HANA Auditing Privileges: ‘AUDIT ADMIN’

Go for the most professional SAP HANA Training Course for a SAP HANA career now!

In this session of the SAP HANA tutorial, we learned the basics of SAP HANA Security and understood the need for Admins. In
the next session, we will be covering SAP HANA Data Replication.

Previous Next

Recommended Videos

1 thought on “SAP HANA Security”

DECEMBER 20, 2019 AT 3:33 PM

I believe you have noted some very interesting details, thankyou for the post. 🙂

https://intellipaat.com/blog/tutorial/sap-hana-tutorial/sap-hana-security/ 4/6
7/6/2020 SAP HANA Security - Intellipaat Blog

Hazelgrove Reply
says:

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Solve : *

28 + 25 =

Post Comment

Browse Categories

Master Program Big Data Data Science Business Intelligence Salesforce Cloud Computing

Mobile Development Digital Marketing Database Programming Testing Project Management

Website Development SAP

https://intellipaat.com/blog/tutorial/sap-hana-tutorial/sap-hana-security/ 5/6
7/6/2020 SAP HANA Security - Intellipaat Blog

MEDIA CONTACT US TUTORIALS COMMUNITY INTERVIEW QUESTIONS

© Copyright 2011-2020 intellipaat.com. All Rights Reserved.

https://intellipaat.com/blog/tutorial/sap-hana-tutorial/sap-hana-security/ 6/6