Security is required to safeguard the firm’s confidential data from illegal entree and usage and also to make sure that the Compliance and principles are met according to the firm’s procedure. SAP HANA empowers client to incorporate various security policies and procedures and to meet the firm’s compliance requirements.
In a single HANA system, SAP HANA backs multiple databases and therefore, it is identified as multitenant database containers. Over one multitenant database containers can be present in the HANA system. By a single system ID (SID), the SAP HANA system that is fitted in this setting is recognized. By a SID and database name, the database containers in HANA system are recognized. The SAP HANA client, recognized as SAP HANA Studio, links to definite databases.
Security Related Types, Offered by SAP HANA
- Authentication and SSO
- User and Role Management
- Encryption of data in Persistence Layer
- Encryption of data communication in Network
Multitenant HANA Database additional features
- Database Isolation − Via operating system mechanism, it includes stopping cross tenant attacks.
- Configuration Change blacklist – It stops definite system properties from getting altered by tenant database administrators,
- Restricted Features – It disables definite database features that offer straight entree to file system, other resources or the network.
User and Role Management
The architecture of the HANA system is the basis on which the SAP HANA user and role management conformation rest on.
- The end-user and role are managed in application server, if SAP HANA is combined with BI platform tools and performs as reporting database.
- For both end users and administrators, the user and role in database layer of HANA system is necessary, if the end-user links to the SAP HANA database directly.
A database user with necessary privileges must be there with the users who want to work with HANA database. Depending on the access requirement, user accessing HANA system can either be a technical user or an end user. To perform the required operation is verified after successful logon to system and user’s authorization. Performing that process rest on on privileges that user has been approved. These privileges can be approved by means of roles in HANA Security. For HANA database system, HANA Studio is one of influential tool to handle user and roles.
As per the security policies and various privileges allocated on user profile, the user types may vary. For reporting purpose or for data manipulation, user type can be a technical database user or end user wants entree on HANA system.
Users who can produce objects in their own Schemas and have read access in system Information models are the standard users. Every standard user has the access to read the information which is offered by PUBLIC role.
Users who have access to HANA system with some applications but do not have SQL privileges on HANA System are the restricted users.
When comparing the restricted users with Standard users, one can find that
- Restricted users do not have the authority to produce objects in HANA database or on their own Schemas.
- Unlike standard users restricted users do not have generic Public role added to profile due to which they do not have access to check any information in database.
- Only by using HTTP/HTTPS restricted users can link to HANA database.