Profiling also exists and can be implemented in the SAP HANA database.
But not all roads lead to the same result. Some choices may not be ideal in the long run and in the management of authorizations in SAP HANA. What is important to know when defining SAP HANA roles?
This is not always done as this database is mainly used when using SAP applications. Such as S/4HANA.
SAP HANA (High Performance Analytic Appliance) is the database created by SAP. In this case it is reductive to define HANA only as a database, in fact it has many functions:
There are two main ways at the moment. Via the SAP HANA Studio program (you can download it from the SAP support portal and install it on your PC) and via the SAP HANA Cockpit, a web feature that must be installed "server side".
Once SAP HANA Studio is installed, you can connect to the database.
However, SAP suggests using the SAP HANA Cockpit, for several reasons, for example:
In case HANA is managed in the cloud (SAP HANA Enterprise Cloud) what are the points of attention (SAP Cloud Security)?
You may find yourself in two main scenarios:
These scenarios are very different from each other. In the first case above, in most cases, you do not need to define many roles, except for system administrators.
While in the second case you may need to define many roles and use a variety of features to manage the HANA authorization concept.
There are two types of roles in SAP HANA:
Depending on the situation and scenario, it is necessary to figure out which is the best type of role to use. As there may be a lot of overlap. In other words, the same "authorization" can be assigned through both Catalog Roles and Repository Roles.
But how to figure out what to do and what type of HANA role to use?
Role Transport
Version Management (Versioning)
Role Ownership
GRANT and REVOKE
Here you can find how to create a Repository Role.
You can recognize whether a HANA role is of type Repository Role by the fact that it is written in its definition. Unlike Catalog Roles that do not carry this definition, as shown in the image below.
Repository Roles must be created through the definition of a project, where they are placed. Privileges (Privileges) must then be defined within them.
It is possible through the SAP GRC Access Control in version 12.x where you can create super-users for access to the HANA database as well.
In this case, a procedure is defined for Privileged Access Management (PAM) where the super user (firefighter) can access the HANA development environment.
More content like this above? Subscribe to our Blog, by using the link below:
Topics: sap hana, HANA Security, sap grc 12, HANA Roles, firefighter HANA