Simplified security management in SAP HANA 2.0 SPS02
Managing secure data access and configuring systems securely are critical tasks in operating business systems today. SAP HANA has security built into its core, with a comprehensive framework and tooling for authentication and single sign-on, authorization and role management, user and identity management, audit logging, secure configuration and encryption. Learn more about SAP HANA security at sap.com/hanasecurity
With the SAP HANA 2.0 SPS 02 release, new features were added that significantly simplify security configuration and management:
- Easily manage different sets of users by assigning them to user groups with separate exclusive group administrators
- Simplified encryption configuration, monitoring and key lifecycle management in SAP HANA cockpit
With user groups you can manage related users together. Dedicated group administrators can be assigned to manage individual user groups exclusively and independently of each other. For example, you might want to group users by department, and assign dedicated group administrators to manage the users within their own department.
In the example scenario below, three user groups have been created for the Sales, Research, and Training departments. The user groups were set up for exclusive administration by dedicated group admins. So what are the group admins allowed to do? Let’s have a look at the group admins for the Sales user group
- Only the group admins for the restricted user group Sales can create or delete users in this user group, and manage security properties of the Sales users.
- The Sales group admins can only manage users of the Sales group, but not users from other user groups like Research or Training.
For more information, see the SAP HANA Security Guide.
Encryption Management in SAP HANA Cockpit
The encryption configuration and monitoring capabilities of SAP HANA cockpit have been significantly enhanced.
As you know, SAP HANA offers comprehensive features for encrypting data at rest and in motion, including data volume encryption, log encryption, backup encryption, application encryption, and communication encryption (SSL/TLS). SAP HANA encryption features use SAP standard cryptographic library CommonCryptoLib, which is FIPS-certified.
Configuring encryption is now much easier: in SAP HANA cockpit, you can now enable data volume encryption, log encryption and backup encryption with the click of a single button:
You can drill down to more detailed information, for example to view when the configuration or the encryption keys were last changed:
Key management is the cornerstone of all encryption implementations. A whole new app has been added in SAP HANA cockpit for managing encryption keys, which gives you detailed information for example on the current key versions in use or the dates of the last key changes.
Tasks relevant for the life-cycle management of encryption keys are now also accessible from here, for example changing and securely backing up encryption keys.
For more information, see the SAP HANA Administration Guide.
These are just the highlights of new security features added with SAP HANA 2.0 SPS 02, but there is more!
Additional features have been added in the area of LDAP group authorization and security hardening of multi-container systems (multitenancy), and last but not least, in secure application development where an SQLScript code scanner is now available.
Also check out the SAP HANA Academy blog and video for more information on the new security features. For general information on SAP HANA 2.0 SPS02 enhancements, please refer to the SAP HANA release notes.
And don’t forget to visit our SAP HANA security website at sap.com/hanasecurity