Security / Authorizations
Will all existing users get migrated to HANA DB with the correct authorizations?
Absolutely – The ERP database to HANA migration is a full database migration
Will the user administration in ERP on HANA change, how does this impact our security team? Does the Basis Team need to be involved in this HANA research work?
All ERP users / roles are defined through the ERP Application layer. The only change is for the users of the HANA data modeling studio in the HANA datamart, and that also applies to SHAF.
Yes, it is recommended to train the Basis team in SAP HANA, there are specific technical training classes available.
Where can I find more details on the HANA security capabilities?
SAP HANA Security Guide
This guide describes how to enable security for SAP HANA appliance software and the SAP HANA database.
Is the authorization in the SHAF (SAP HANA Analytical Framework) rather comparable to the ERP on HANA security model, or to the HANA data mart security model?
The user privileges in the SAP HANA data mart security model are currently less granular than the authorizations in BW on HANA and in ERP on HANA.
If more complex security is required, the recommendation is to consume the HANA data models via BW Transient or Virtual InfoProviders.
In order to access SHAF in the sidecar scenario, the Business Suite users share the same technical database user for connecting to the HANA sidecar. This authorization check within Business Suite using PFCG & authorization check.
Once SHAF in the sidecar has been accessed, HANA based Analytics (Access from reporting tools to HANA ) is utilized. Each HANA based Analytics user becomes a database user and the authorization check within HANA using privileges
Please see the link to the HANA security guide for more details:
SAP HANA database authorization mechanisms use the following privileges:
Perform system-level operations or administrative tasks
Perform specified actions on specified database objects
Allow selective access control for database views generated when modeled are activated
Allow operations on packages, for example, creation and maintenance. Privileges can differ for native and imported packages.
Database Replication Security Guides
These guides describe how to enable security for the data replication technologies related to the SAP HANA appliance software.
SAP HANA Security Guide – Trigger-Based Replication (SLT)
SAP BusinessObjects Data Services Administrator’s Guide. Please see the chapters “Security” and “User and Rights Management: