Technical Articles
C_HANATEC_13 Topics: Users and Authorization – by the SAP HANA Academy
LATEST UPDATE: December, 2020 ========================================= For the latest information, visit our blog post series about SAP HANA certification: For the SAP Press Certification Success Guide, see For the blog post, see |
Introduction
This blog is part of a series to help you pass the SAP Certified Technology Associate – SAP HANA 2.0 certification exam, C_HANATEC_13.
For an overview of the exam, see
For the sample questions, see
Topic Areas
There are 10 topic areas and you can expect about 8 questions for each topic.
- Users and Authorization (this blog)
- Database Migration to SAP HANA
- Installation and Upgrade
- System Architecture
- Multitenant Database Containers
- High Availability and Disaster Tolerance
- Database Administration Tools and Tasks
- Monitoring and Troubleshooting
- Backup and Recovery
- Security
In this blog, I will discuss the Users and Authorization topic.
On the SAP Training website for C_HANATEC_13, the exam objective for this topic is stated:
Describe the SAP HANA authorization concept,
the SAP HANA database repository,
understand the roles and privileges concept.
Set up authorization traces.
Study Material
The study material for this topic is the training
- HA200 – SAP HANA 2.0 Installation and Administration (5 days)
- HA240 – Authorization, Security and Scenarios (2 days)
The Maintaining Users and Authorization chapter in the HA200 guide covers authorization, privileges, roles and administrative tasks (about 75 pages).
The training guide for HA240 covers this as well in some more detail plus the repository, tracing, and some miscellaneous topics (300 pages).
You can download the index of both guides from the SAP Training website (see links above) in case you want to note the objectives of each unit.
These topics are also addressed in the following SAP HANA guides:
- SAP HANA Security Guide
- Security Administration and User Management – SAP HANA Administration Guide
What’s New?
The focus will be on the new SAP HANA 2.0 features, so if you are new to this version you might be interested to view the What’s New videos first:
- SAP HANA 2.0 SPS 00 What’s New: Security
- SAP HANA 2.0 SPS 01 What’s New: Security
- SAP HANA 2.0 SPS 02 What’s New: Security
Note that C_HANATEC_13 covers SAP HANA 2.0 SPS 00 only. C_HANATEC_14 will cover SPS 02.
Authorization
For this topic, you need to understand
- the authorization framework: user, roles, and privileges and how they relate
- what user management tasks there are, the tools you can use and how this works in a multi-tenant database
- what user groups are
- the different user types: how to convert a restricted user into a standard one
- how to enable cross-tenant database access
- the default SAP HANA users and roles created during installation and best practices for their usage
- the different access channels (protocols) of SAP HANA clients
For the concepts, you can study the following chapters of the Security Guide
For the activities, you need to consult the Administration Guide or the relevant SAP HANA Developer Guide (there is one for SAP HANA studio and the SAP HANA Web-based Development Workbench for XS classic, and one for the SAP Web IDE for SAP HANA for XS Advanced)
- Security Administration and User Management – SAP HANA Administration Guide
- Setting Up Roles and Privileges – SAP HANA Developer Guide
It should not come as a surprise that MDC has made its way to this topic area. Make sure you are familiar with remote identities, for example
- Enable and Configure Cross-Database Access – SAP HANA Administration Guide
There are also a number of tutorial videos about these topics on the SAP HANA Academy
For the full playlist, see
SAP HANA Academy – Configure Cross-Tenant Database Access
SAP HANA Academy – Documentation: Security – Users in SAP HANA
SAP HANA Academy – Documentation: Security – Database User Types
SAP HANA Academy – Documentation: Security – Multitenant Database Containers
Privileges
One of the key components in the authorization concept are privileges. You are not expected the know all the system privileges by heart but knowing the most important ones, see
- Privileges – SAP HANA Security Guide / Privileges – SAP HANA Administration Guide
SAP HANA Academy – Documentation: Security – Analytic Privileges I
SAP HANA Academy – Documentation: Security – Analytic Privileges II
Roles
The third pillar in the authorization concept, next to users and privileges, are roles.
You need to know the different types of roles (runtime, repository) and the default roles including SAP_INTERNAL_HANA_SUPPORT, see
- Database Roles – SAP HANA Security Guide
- Repository Roles – SAP HANA Security Guide
- Roles – SAP HANA Administration Guide
As the SAP HANA repository has been deprecated for the SAP HANA 2.0 SPS 02 release, you might be surprised to get questions about repository roles (XS classic) and not about XS Advanced.
SAP HANA Academy – Documentation: Security – SAP HANA Roles Explained I
SAP HANA Academy – Documentation: Security – SAP HANA Roles Explained II
SAP HANA Academy – SAP HANA Security: Repository Role Editor
SAP HANA Academy – Monitoring SAP HANA: Monitoring Role
SAP HANA Academy – Security: SAP_INTERNAL_HANA_SUPPORT
Administration Tasks
Part of this topic is also the most common user management tasks, like deactivating users (for example SYSTEM) and the configuration of a password policy (and blacklist), how to find out what roles and privileges a user has, and how to work with the dependency viewer. For this see
- Configure the Password Policy and Password Blacklist – SAP HANA Administration Guide
- Provisioning Users – SAP HANA Administration Guide
- Troubleshooting Authorization Problems – SAP HANA 2.0 Troubleshooting and Performance Analysis Guide
You might also find the following blog of use
SAP HANA Academy – SAP HANA Express: Security – Password Policy
SAP HANA Academy – SAP HANA Express: Security – Reset SYSTEM user password
SAP HANA Academy – Documentation: Security – Object Ownership in the SAP HANA database I
SAP HANA Academy – Documentation: Security – Object Ownership in the SAP HANA database II
References
SAP HANA Academy Playlists
- SAP Certified Technology Associate [C_HANATEC_13]
- SAP HANA Security
- SAP HANA Security Documentation
- Multitenant Database Containers
SAP HANA Community Blogs
- SAP HANA 2.0 SPS 00 What’s New: Security – by the SAP HANA Academy
- SAP HANA 2.0 SPS 01 What’s New: Security – by the SAP HANA Academy
- SAP HANA 2.0 SPS 02 What’s New: Security – by the SAP HANA Academy
- Authorization Dependency Viewer
- Step by step tutorial – cross-database queries in SAP HANA SPS09
- SAP HANA Multitenant (MDC) videos now available on the SAP HANA Academy
SAP Help Portal (Documentation)
- SAP HANA User Management
- SAP HANA Authorization
- Security Administration and User Management – SAP HANA Administration Guide
- Setting Up Roles and Privileges – SAP HANA Developer Guide
- Enable and Configure Cross-Database Access – SAP HANA Administration Guide
- Privileges – SAP HANA Security Guide / Privileges – SAP HANA Administration Guide
- Database Roles – SAP HANA Security Guide
- Repository Roles – SAP HANA Security Guide
- Roles – SAP HANA Administration Guide
- Configure the Password Policy and Password Blacklist – SAP HANA Administration Guide
- Provisioning Users – SAP HANA Administration Guide
- Troubleshooting Authorization Problems – SAP HANA 2.0 Troubleshooting and Performance Analysis Guide
SAP Training
Thank you for watching
The SAP HANA Academy provides technical enablement, implementation and adoption support for customers and partners with 1000’s of free tutorial videos.
For the full library, see SAP HANA Academy Library – by the SAP HANA Academy
For the full list of blogs, see Blog Posts – by the SAP HANA Academy
- Subscribe to our YouTube channel for updates
- Join us on LinkedIn linkedin.com/in/saphanaacademy
- Follow us on Twitter @saphanaacademy
- Google+ plus.google.com/+saphanaacademy
- Facebook facebook.com/saphanaacademy