Read Part One in this blog series and learn how SAP HANA can be used in different scenarios and each scenario requires a different security approach. Learn More About SAP HANA Database Securityĭownload an in-depth customer case study presentation deck: Managing Security and Controls in SAP HANA – Tube Specialties Case Study. SAP HANA Continuous Monitoring Solution Framework, which includes a Risk and Control Matrix to facilitate a “Stay Clean” approach for the SAP HANA Security Framework. is a comprehensive package of over 30 controls with clear descriptions of the controls objectives and test procedures to test the control areas that are mentioned above and a SAP HANA Solution Framework, which includes a Security Assessment Solution to facilitate a “Get Clean” approach for the HANA Security Environment.
SAP HANA STUDIO GRANT COMMAND PASSWORD
SAP HANA has several features which can introduce risks from a compliance perspective. Some of the controls considerations include User Provisioning, Password Management, Privileged User Management, Generic Accounts, Role Maintenance, Authorizations, Audit Logging, User Data Encryption, Policies and Procedures, Audit Logging, Parameters to prevent changes in Production, Table Logging, Specification, Authorization, and Tracking of Change Requests, Approval of Change Requests, Batch Scheduling and Processing and Backup and Problem Management. Using Design Time roles will help you version, transport and avoid the risk as mentioned previously. The best practice in managing SAP HANA security is to always define the roles and create them in SAP Web IDE, assign privileges to these roles in the next step and only then create users/grant roles to these users. This ensures that there are no Segregation of Duty Violations inherent in any HANA Design Time Roles. Each of the individual HANA Design Time Roles perform only a single task in HANA and contain all the privileges that can execute this task. has pre-configured, task-based SAP HANA Design Time Roles that cover all the activities within the HANA Database. To avoid this risk, always use Design Time Roles. If you create a Run Time role meaning a role created by an actual user ID, if that user ID is ever deleted, all the activities such as user role assignments, roles created etc. They are created by the technical user _SYS_REPO and granted through the execution of stored procedures. Unlike roles created in Run Time, roles created as Design Time objects can be transported between systems. Roles created as Design Time objects are not directly associated with a HANA database user. Roles created in Run Time are granted directly by the HANA database user and can only be revoked by the same user. Additionally, if the HANA database user is deleted, all roles that he or she was granted are revoked. In SAP HANA you can design roles and assign privileges (authorizations) and then assign the roles to users using 2 methods: Design Time Roles and Run Time Roles. Let’s examine the biggest risk in SAP HANA first. SAP HANA Security: Part 3 – SAP HANA Database Security Digital Transformation as a Service (DTaaS).