SAP HANA 2.0 SPS 03 – Security Documentation
New and updated security documentation is now available for SAP HANA 2.0 SPS 03 on SAP Help Portal. Here’s a round-up of main new features and where you can find the detailed documentation:
SAP HANA now comes with built-in data anonymization capabilities. These allow you to safeguard data privacy, while unlocking the full potential of your data in modern analytic use cases.
Two anonymization methods are supported: k-anonymity and differential privacy. You’ll find detailed information about what each of these methods involves in the new Data Anonymization chapter of the SAP HANA Security Guide. Also check out the blog post Take data privacy to the next level with SAP HANA 2.0 SPS 03 and the latest video.
Data anonymization capabilities are integrated into SAP HANA calculation views and can be configured using the calculation view editor of the SAP Web IDE for SAP HANA. Find out how in the new Anonymize Data Using Calculation Views section of the SAP HANA Modeling Guide.
Finally, you can view a list of all calculation views that have one or more anonymization node views configured in the new Anonymization Report available in the SAP HANA cockpit. Find out how to access the anonymization report in the SAP HANA cockpit documentation.
Shared business authorizations
You can now create analytic privileges in SAP HANA that reuse ABAP authorization objects. By incorporating the new built-in procedure SYS.GENERATE_STRUCTURED_PRIVILEGE_PFCG_CONDITION into an analytic privilege, you can generate the filter condition for restricting read access to views based on specified authorization objects.
Find out more about reusing ABAP authorizations in SAP HANA and the built-in procedure in the new Shared Business Authorizations in SAP HANA section of the SAP HANA Security Guide. To understand the ABAP authorization concept, read the documentation for User and Role Administration of Application Server ABAP.
LDAP authentication and automatic user provisioning
Users accessing SAP HANA can now be authenticated against an LDAP directory server using their LDAP user name and password. In addition, SAP HANA can be configured to automatically create the necessary user in SAP HANA (if the LDAP user is a member of a group mapped to an SAP HANA role).
Find out more in the new sections for LDAP User Authentication in the SAP HANA Security Guide and Configure an LDAP Server Connection for LDAP User Authentication in the SAP HANA Administration Guide.
Password policies for user groups
User groups allow you to manage related users together and were introduced with SPS 02. Now, if the users of different user groups have different requirements when it comes to passwords, a group administrator can configure group-specific values for the individual parameters of the password policy. Find out how in the extended section for User Groups in the SAP HANA Security Guide.
User groups can be tricky, so to give you a clearer picture of how to create and manage them, a new reference section is available: SQL Statements and Authorization for User Group Administration (Reference).
Column encryption with client-controlled keys
Individual table columns that contain sensitive data, such as credit card numbers or social security numbers, can now be encrypted using an encryption key accessible only by the client. A detailed new section on Client-Side Data Encryption is available in the SAP HANA Security Guide. For procedural information, refer to the corresponding section in the SAP HANA Administration Guide.
New best practices document for developing HDI-based roles
With the deprecation of SAP HANA extended services, classic model and the SAP HANA repository, we now recommend developing design-time roles in the SAP Web IDE for SAP HANA and deploying them using the SAP HANA deployment infrastructure (HDI). The new Best Practices and Recommendations for Developing Roles in SAP HANA is there to help you get started and address the common challenges of role development with the SAP HANA extended services, advanced model. A new section on SAP HANA DI Roles is also available in the SAP HANA Security Guide.
For more on other SPS 03 documentation updates, check out these posts: Product documentation and User Assistance for SAP HANA 2.0 SPS 03 and SQL and System View Reference Guide – HANA 2.0 SPS 03.