Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
dvankempen
Product and Topic Expert
Product and Topic Expert

Introduction


In the upcoming weeks, we will be posting new videos to the SAP HANA Academy to show new features and functionality introduced in SAP HANA 1.0 Support Package Stack (SPS) 12.

The topic of this blog is security.

For the previous versions of this blog, see

For the full SAP HANA 2.0 SPS 02 blog list, see

 

Overview Video


SAP HANA Security - SPS 12 - YouTube


What's New?


Security Administration with SAP HANA Cockpit


The tile catalog SAP HANA Security Overview has a new tile: Authentication, which lists the status of the password policy and any SSO configuration. The tile opens the Password Policy and Blacklist app.



The new Password Policy and Blacklist app allows you to view and edit password policy and blacklist of the SAP HANA database. In previous versions, SAP HANA studio was required for these tasks.



The Auditing tile now allows you to configure auditing: enable/disable, audit trail targets and create/change/delete audit policies. In previous versions, SAP HANA studio was required for these tasks.



The Data Volume Encryption app now allows you to change the root key used for data volume encryption. Alternatively, the root key can be changed using SQL (see below). In previous versions, the command line tool hdbnsutil was required to perform this task.



You can also see a history of root key changes using the view M_PERSISTENCE_ENCRYPTION_KEYS.

Authorization


Two new system views are available for analysing user authorisations:

  • EFFECTIVE_PRIVILEGE_GRANTEES

  • EFFECTIVE_ROLE_GRANTEES




Two new roles are available to support users administrating SAP HANA using SAP Solution Manager and SAP NetWeaver tools:

  • sap.hana.admin.roles::SolutionMangagerMonitor

  • sap.hana.admin.roles::RestrictedUserDBSLAccess


Authentication


You can now disable authentication mechanisms that are not used in your environment.



SAP HANA smart data access now supports SSO with Kerberos and Microsoft Active Directory for connections to SAP HANA remote sources.

Encryption


You can change the root key for data volume encryption using either SAP HANA cockpit or SQL (note that no native UI for HANA studio has been included).

SQL> ALTER SYSTEM PERSISTENCE ENCRYPTION CREATE NEW ROOT KEY


SAP HANA studio now support client certification validation for the SAP HANA database connection



The SAP HANA user store (hdbuserstore) now also supports JDBC connections and multitenant databases.

Auditing


Several new user actions in the SAP HANA database can now be audited:

  • CREATE | ALTER | DROP PSE

  • CREATE | DROP CERTIFICATES

  • CREATE | DROP SCHEMA




Cross-database queries in SAP HANA multitenant database containers are now audited in the tenant database in which the query is executed.

The maximum length of a statement can set set using the system parameter audit_statement_length in section [auditing configuration] of global.ini.

Enhanced Database Trace Information for Authorization issues


On this topic, see the blog by Sinéad Higgins:

Enhanced database trace information for authorization issues in SAP HANA SPS 12


Security Checklists and Recommendations


A new guide has been added to the SAP HANA documentation set: SAP HANA Security Checklists and Recommendations. This guide extends and replaces the Security Configuration Checklist paragraph from the SAP HANA Security Guide.


Security for SAP HANA Extended Application Services, Advanced Model


A new paragraph has been added to the SAP HANA Security Guide on the topic of Extended Application Services:

Security for SAP HANA Extended Application Services, Advanced Model

Additional Information


SAP HANA Security Playlist



SAP HANA



Help Portal: SAP HANA Platform Core SPS 12



SAP Notes



 SCN




 

Thank you for watching


The SAP HANA Academy provides technical enablement, implementation and adoption support for customers and partners with 1000’s of free tutorial videos.

For the full library, see SAP HANA Academy Library - by the SAP HANA Academy

For the full list of blogs, see Blog Posts – by the SAP HANA Academy

 

2 Comments