SAP HANA SPS 12 What's New: Security - by the SAP ...
Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
In the upcoming weeks, we will be posting new videos to the SAP HANA Academy to show new features and functionality introduced in SAP HANA 1.0 Support Package Stack (SPS) 12.
The tile catalog SAP HANA Security Overview has a new tile: Authentication, which lists the status of the password policy and any SSO configuration. The tile opens the Password Policy and Blacklist app.
The new Password Policy and Blacklist app allows you to view and edit password policy and blacklist of the SAP HANA database. In previous versions, SAP HANA studio was required for these tasks.
The Auditing tile now allows you to configure auditing: enable/disable, audit trail targets and create/change/delete audit policies. In previous versions, SAP HANA studio was required for these tasks.
The Data Volume Encryption app now allows you to change the root key used for data volume encryption. Alternatively, the root key can be changed using SQL (see below). In previous versions, the command line tool hdbnsutil was required to perform this task.
You can also see a history of root key changes using the view M_PERSISTENCE_ENCRYPTION_KEYS.
Authorization
Two new system views are available for analysing user authorisations:
EFFECTIVE_PRIVILEGE_GRANTEES
EFFECTIVE_ROLE_GRANTEES
Two new roles are available to support users administrating SAP HANA using SAP Solution Manager and SAP NetWeaver tools:
sap.hana.admin.roles::SolutionMangagerMonitor
sap.hana.admin.roles::RestrictedUserDBSLAccess
Authentication
You can now disable authentication mechanisms that are not used in your environment.
SAP HANA smart data access now supports SSO with Kerberos and Microsoft Active Directory for connections to SAP HANA remote sources.
Encryption
You can change the root key for data volume encryption using either SAP HANA cockpit or SQL (note that no native UI for HANA studio has been included).
SQL> ALTER SYSTEM PERSISTENCE ENCRYPTION CREATE NEW ROOT KEY
SAP HANA studio now support client certification validation for the SAP HANA database connection
The SAP HANA user store (hdbuserstore) now also supports JDBC connections and multitenant databases.
Auditing
Several new user actions in the SAP HANA database can now be audited:
CREATE | ALTER | DROP PSE
CREATE | DROP CERTIFICATES
CREATE | DROP SCHEMA
Cross-database queries in SAP HANA multitenant database containers are now audited in the tenant database in which the query is executed.
The maximum length of a statement can set set using the system parameter audit_statement_length in section [auditing configuration] of global.ini.
Enhanced Database Trace Information for Authorization issues
The SAP HANA Academy provides technical enablement, implementation and adoption support for customers and partners with 1000’s of free tutorial videos.