Jonathan Haun
SAP Hana 2.0 Security Guide
Jonathan Haun
SAP Hana 2.0 Security Guide
- Gebundenes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Your complete guide to safeguarding your SAP HANA 2.0 platform awaits! Get step-by-step instructions for configuring and maintaining each security element, from the new SAP HANA cockpit to privileges and roles. Learn how to secure database objects and provision and maintain user accounts. Then, dive into managing authentications, certificates, audits, and traces.
Highlights include:
1) SAP HANA cockpit 2) Privileges 3) Catalog objects 4) User accounts 5) Roles 6) Authentication 7) Certificate management 8) Encryption 9) Lifecycle management 10) Auditing 11) Security tracing
Andere Kunden interessierten sich auch für
- Denys van KempenSAP Hana 2.067,99 €
- Mark MergaertsSAP HANA 2.0 Administration68,99 €
- Denys van KempenSAP Hana 2.0 Certification Guide: Technology Associate Exam70,99 €
- Thomas TiedeSAP HANA - Sicherheit und Berechtigungen89,90 €
- Rudi de LouwSAP Hana 2.0 Certification Guide: Application Associate Exam67,99 €
- Bert BraaschSAP HANA - Datenbankadministration89,90 €
- Steve BiskieAuditing SAP S/4HANA98,99 €
-
-
-
Your complete guide to safeguarding your SAP HANA 2.0 platform awaits! Get step-by-step instructions for configuring and maintaining each security element, from the new SAP HANA cockpit to privileges and roles. Learn how to secure database objects and provision and maintain user accounts. Then, dive into managing authentications, certificates, audits, and traces.
Highlights include:
1) SAP HANA cockpit
2) Privileges
3) Catalog objects
4) User accounts
5) Roles
6) Authentication
7) Certificate management
8) Encryption
9) Lifecycle management
10) Auditing
11) Security tracing
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Highlights include:
1) SAP HANA cockpit
2) Privileges
3) Catalog objects
4) User accounts
5) Roles
6) Authentication
7) Certificate management
8) Encryption
9) Lifecycle management
10) Auditing
11) Security tracing
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- SAP PRESS Englisch
- Verlag: Rheinwerk Verlag / SAP PRESS
- Artikelnr. des Verlages: 459/21896
- 2. Aufl.
- Seitenzahl: 608
- Erscheinungstermin: 23. April 2020
- Englisch
- Abmessung: 236mm x 182mm x 40mm
- Gewicht: 1237g
- ISBN-13: 9781493218967
- ISBN-10: 1493218964
- Artikelnr.: 58584776
- SAP PRESS Englisch
- Verlag: Rheinwerk Verlag / SAP PRESS
- Artikelnr. des Verlages: 459/21896
- 2. Aufl.
- Seitenzahl: 608
- Erscheinungstermin: 23. April 2020
- Englisch
- Abmessung: 236mm x 182mm x 40mm
- Gewicht: 1237g
- ISBN-13: 9781493218967
- ISBN-10: 1493218964
- Artikelnr.: 58584776
Jonathan Haun currently serves as the lead SAP HANA consultant and consulting manager with Decision First Technologies. Over the past two years, he has had the opportunity to help several clients implement solutions using SAP HANA. In addition to being certified in multiple SAP BusinessObjects tools, he is also a SAP Certified Application Associate and SAP Certified Technology Associate for SAP HANA 1.0. Jonathan has worked in the field of business intelligence for more than 10 years. During this time, he has gained invaluable experience while helping customers implement solutions using the tools from the SAP BusinessObjects product line. Before working as a full-time business intelligence consultant, he worked in a variety of information technology management and administrative roles. His combination of experience and wealth of technical knowledge make him an ideal source of information pertaining to business intelligence solutions powered by SAP HANA. You can follow Jonathan on Twitter at @jdh2n or visit his blog at http://bobj.sapbiblog.com.
... Preface ... 19
... Purpose ... 19
... Who Should Read This Book? ... 19
... Structure of This Book ... 20
... Acknowledgments ... 25
... Introduction ... 27
... Overview of SAP HANA ... 27
... Introduction to SAP HANA Security ... 35
... Importance of Securing Your SAP HANA System ... 36
... Summary ... 37
1 ... Managing Security with the SAP HANA Cockpit ... 39
1.1 ... What Is the SAP HANA Cockpit? ... 40
1.2 ... Security Areas in SAP HANA Cockpit ... 54
1.3 ... SAP HANA Database Explorer and SQL Console ... 61
1.4 ... Summary ... 64
2 ... Introduction to SAP HANA Privileges ... 65
2.1 ... Privileges within SAP HANA ... 66
2.2 ... Privilege Validation and Assignment ... 72
2.3 ... Summary ... 76
3 ... Catalog Objects ... 77
3.1 ... What Are SAP HANA Catalog Objects? ... 77
3.2 ... Creating and Managing Native Catalog Objects ... 79
3.3 ... Creating and Managing Repository Catalog Objects ... 84
3.4 ... Deploying Repository Objects ... 90
3.5 ... Case Study ... 96
3.6 ... Summary ... 101
4 ... User Accounts ... 103
4.1 ... What Are User Accounts? ... 103
4.2 ... Creating and Managing User Accounts ... 110
4.3 ... Granting and Revoking Privileges ... 123
4.4 ... Managing User Role Assignments ... 143
4.5 ... Case Study: Provisioning Users with SQL Scripts and Stored Procedures ... 150
4.6 ... Summary ... 160
5 ... Database Roles ... 161
5.1 ... What Are Roles? ... 161
5.2 ... Creating and Managing Roles ... 165
5.3 ... Granting and Revoking Privileges ... 170
5.4 ... Managing Nested Roles ... 192
5.5 ... Mapping LDAP Groups to Roles ... 196
5.6 ... Summary ... 199
6 ... Repository Roles ... 201
6.1 ... What Are Repository Roles? ... 201
6.2 ... Managing Repository Roles with Design-Time Scripts ... 207
6.3 ... Granting and Revoking Privileges in Design-Time Scripts ... 213
6.4 ... Managing Repository Roles with the SAP HANA Web-Based Development Workbench ... 221
6.5 ... Granting Repository Roles to Users ... 232
6.6 ... Case Study: Creating Basic Repository Roles ... 234
6.7 ... Summary ... 240
7 ... System Privileges ... 241
7.1 ... What Are System Privileges? ... 241
7.2 ... Default System Privileges ... 242
7.3 ... Granting System Privileges ... 253
7.4 ... Case Study: Security Administrator System Privileges ... 262
7.5 ... Summary ... 267
8 ... Object Privileges ... 269
8.1 ... What Are Object Privileges? ... 269
8.2 ... Granting Object Privileges with SQL ... 280
8.3 ... Granting Object Privileges with the SAP HANA Cockpit ... 285
8.4 ... Granting Object Privileges with the SAP HANA Web-Based Development Workbench ... 287
8.5 ... Granting Object Privileges with Repository Roles ... 289
8.6 ... Case Study: Updating Repository Roles to Access Information Views ... 295
8.7 ... Summary ... 299
9 ... Package Privileges ... 301
9.1 ... What Is the SAP HANA Development Repository? ... 301
9.2 ... What Are Package Privileges? ... 304
9.3 ... Granting Package Privileges ... 307
9.4 ... Case Study: Preventing Content Developers from Elevating Their Privileges ... 315
9.5 ... Summary ... 319
10 ... Analytic Privileges ... 321
10.1 ... What Are SAP HANA Information Views? ... 322
10.2 ... What Are Analytic Privileges? ... 324
10.3 ... _SYS_BI_CP_ALL: A System-Generated Analytic Privilege ... 330
10.4 ... Managing Static Analytic Privileges ... 331
10.5 ... Managing Dynamic Analytic Privileges ... 336
10.6 ... Managing Dynamic Expression-Based SQL Analytic Privileges ... 346
10.7 ... Troubleshooting Effective Analytic Privileges and Filter Conditions ... 350
10.8 ... Granting Analytic Privileges ... 351
10.9 ... Summary ... 359
11 ... Application Privileges ... 361
11.1 ... What Are Application Privileges? ... 361
11.2 ... Creating Application Privileges ... 362
11.3 ... Granting Application Privileges ... 364
11.4 ... Privileges on Users ... 372
11.5 ... Summary ... 375
12 ... Authentication ... 377
12.1 ... SAP HANA Internal Authentication Mechanism ... 378
12.2 ... SAP HANA and LDAP Authentication ... 393
12.3 ... Supported Third-Party Authentication Providers ... 396
12.4 ... Case Study: Adding SAML Identity User Accounts ... 406
12.5 ... Summary ... 409
13 ... Certificate Management and Encryption ... 411
13.1 ... SSL Certificates ... 411
13.2 ... Client Encryption Settings ... 423
13.3 ... Encrypting Data ... 431
13.4 ... Summary ... 440
14 ... Security Lifecycle Management ... 441
14.1 ... Maintaining a Consistent Security Model ... 441
14.2 ... Creating Delivery Units for Security-Related Packages ... 448
14.3 ... Transporting Security Packages to Other SAP HANA Systems ... 457
14.4 ... Additional Options in SAP HANA Application Lifecycle Management ... 466
14.5 ... Summary ... 468
15 ... Auditing ... 469
15.1 ... Why Do You Need Auditing? ... 469
15.2 ... Configuring Auditing ... 471
15.3 ... Creating Audit Policies ... 479
15.4 ... Querying Audit Data ... 494
15.5 ... Case Study: Defining Audit Policies ... 496
15.6 ... Summary ... 503
16 ... Security Tracing and Troubleshooting ... 505
16.1 ... Authorization Tracing ... 505
16.2 ... Querying the System to Review Effective Privileges ... 513
16.3 ... Case Study: Identifying Deficiencies in Information View Access ... 522
16.4 ... Summary ... 524
17 ... Security Recommendations ... 525
17.1 ... Password Authentication Settings ... 525
17.2 ... Encryption Settings ... 529
17.3 ... Identifying Users with Elevated Privileges ... 529
17.4 ... Disabling the SYSTEM Account ... 539
17.5 ... Identifying Privilege Escalation Vulnerabilities ... 540
17.6 ... Handover from Hardware Vendors ... 541
17.7 ... Creating Audit Policies ... 541
17.8 ... Summary ... 542
18 ... SAP HANA XSA Security ... 543
18.1 ... Overview of SAP HANA XSA ... 543
18.2 ... Managing Space Access, Users, and Roles Collections in SAP HANA XSA ... 546
18.3 ... Working with SAP Web IDE for SAP HANA ... 556
18.4 ... HDI Containers and Security ... 559
18.5 ... Summary ... 594
... The Author ... 595
... Index ... 597
... Purpose ... 19
... Who Should Read This Book? ... 19
... Structure of This Book ... 20
... Acknowledgments ... 25
... Introduction ... 27
... Overview of SAP HANA ... 27
... Introduction to SAP HANA Security ... 35
... Importance of Securing Your SAP HANA System ... 36
... Summary ... 37
1 ... Managing Security with the SAP HANA Cockpit ... 39
1.1 ... What Is the SAP HANA Cockpit? ... 40
1.2 ... Security Areas in SAP HANA Cockpit ... 54
1.3 ... SAP HANA Database Explorer and SQL Console ... 61
1.4 ... Summary ... 64
2 ... Introduction to SAP HANA Privileges ... 65
2.1 ... Privileges within SAP HANA ... 66
2.2 ... Privilege Validation and Assignment ... 72
2.3 ... Summary ... 76
3 ... Catalog Objects ... 77
3.1 ... What Are SAP HANA Catalog Objects? ... 77
3.2 ... Creating and Managing Native Catalog Objects ... 79
3.3 ... Creating and Managing Repository Catalog Objects ... 84
3.4 ... Deploying Repository Objects ... 90
3.5 ... Case Study ... 96
3.6 ... Summary ... 101
4 ... User Accounts ... 103
4.1 ... What Are User Accounts? ... 103
4.2 ... Creating and Managing User Accounts ... 110
4.3 ... Granting and Revoking Privileges ... 123
4.4 ... Managing User Role Assignments ... 143
4.5 ... Case Study: Provisioning Users with SQL Scripts and Stored Procedures ... 150
4.6 ... Summary ... 160
5 ... Database Roles ... 161
5.1 ... What Are Roles? ... 161
5.2 ... Creating and Managing Roles ... 165
5.3 ... Granting and Revoking Privileges ... 170
5.4 ... Managing Nested Roles ... 192
5.5 ... Mapping LDAP Groups to Roles ... 196
5.6 ... Summary ... 199
6 ... Repository Roles ... 201
6.1 ... What Are Repository Roles? ... 201
6.2 ... Managing Repository Roles with Design-Time Scripts ... 207
6.3 ... Granting and Revoking Privileges in Design-Time Scripts ... 213
6.4 ... Managing Repository Roles with the SAP HANA Web-Based Development Workbench ... 221
6.5 ... Granting Repository Roles to Users ... 232
6.6 ... Case Study: Creating Basic Repository Roles ... 234
6.7 ... Summary ... 240
7 ... System Privileges ... 241
7.1 ... What Are System Privileges? ... 241
7.2 ... Default System Privileges ... 242
7.3 ... Granting System Privileges ... 253
7.4 ... Case Study: Security Administrator System Privileges ... 262
7.5 ... Summary ... 267
8 ... Object Privileges ... 269
8.1 ... What Are Object Privileges? ... 269
8.2 ... Granting Object Privileges with SQL ... 280
8.3 ... Granting Object Privileges with the SAP HANA Cockpit ... 285
8.4 ... Granting Object Privileges with the SAP HANA Web-Based Development Workbench ... 287
8.5 ... Granting Object Privileges with Repository Roles ... 289
8.6 ... Case Study: Updating Repository Roles to Access Information Views ... 295
8.7 ... Summary ... 299
9 ... Package Privileges ... 301
9.1 ... What Is the SAP HANA Development Repository? ... 301
9.2 ... What Are Package Privileges? ... 304
9.3 ... Granting Package Privileges ... 307
9.4 ... Case Study: Preventing Content Developers from Elevating Their Privileges ... 315
9.5 ... Summary ... 319
10 ... Analytic Privileges ... 321
10.1 ... What Are SAP HANA Information Views? ... 322
10.2 ... What Are Analytic Privileges? ... 324
10.3 ... _SYS_BI_CP_ALL: A System-Generated Analytic Privilege ... 330
10.4 ... Managing Static Analytic Privileges ... 331
10.5 ... Managing Dynamic Analytic Privileges ... 336
10.6 ... Managing Dynamic Expression-Based SQL Analytic Privileges ... 346
10.7 ... Troubleshooting Effective Analytic Privileges and Filter Conditions ... 350
10.8 ... Granting Analytic Privileges ... 351
10.9 ... Summary ... 359
11 ... Application Privileges ... 361
11.1 ... What Are Application Privileges? ... 361
11.2 ... Creating Application Privileges ... 362
11.3 ... Granting Application Privileges ... 364
11.4 ... Privileges on Users ... 372
11.5 ... Summary ... 375
12 ... Authentication ... 377
12.1 ... SAP HANA Internal Authentication Mechanism ... 378
12.2 ... SAP HANA and LDAP Authentication ... 393
12.3 ... Supported Third-Party Authentication Providers ... 396
12.4 ... Case Study: Adding SAML Identity User Accounts ... 406
12.5 ... Summary ... 409
13 ... Certificate Management and Encryption ... 411
13.1 ... SSL Certificates ... 411
13.2 ... Client Encryption Settings ... 423
13.3 ... Encrypting Data ... 431
13.4 ... Summary ... 440
14 ... Security Lifecycle Management ... 441
14.1 ... Maintaining a Consistent Security Model ... 441
14.2 ... Creating Delivery Units for Security-Related Packages ... 448
14.3 ... Transporting Security Packages to Other SAP HANA Systems ... 457
14.4 ... Additional Options in SAP HANA Application Lifecycle Management ... 466
14.5 ... Summary ... 468
15 ... Auditing ... 469
15.1 ... Why Do You Need Auditing? ... 469
15.2 ... Configuring Auditing ... 471
15.3 ... Creating Audit Policies ... 479
15.4 ... Querying Audit Data ... 494
15.5 ... Case Study: Defining Audit Policies ... 496
15.6 ... Summary ... 503
16 ... Security Tracing and Troubleshooting ... 505
16.1 ... Authorization Tracing ... 505
16.2 ... Querying the System to Review Effective Privileges ... 513
16.3 ... Case Study: Identifying Deficiencies in Information View Access ... 522
16.4 ... Summary ... 524
17 ... Security Recommendations ... 525
17.1 ... Password Authentication Settings ... 525
17.2 ... Encryption Settings ... 529
17.3 ... Identifying Users with Elevated Privileges ... 529
17.4 ... Disabling the SYSTEM Account ... 539
17.5 ... Identifying Privilege Escalation Vulnerabilities ... 540
17.6 ... Handover from Hardware Vendors ... 541
17.7 ... Creating Audit Policies ... 541
17.8 ... Summary ... 542
18 ... SAP HANA XSA Security ... 543
18.1 ... Overview of SAP HANA XSA ... 543
18.2 ... Managing Space Access, Users, and Roles Collections in SAP HANA XSA ... 546
18.3 ... Working with SAP Web IDE for SAP HANA ... 556
18.4 ... HDI Containers and Security ... 559
18.5 ... Summary ... 594
... The Author ... 595
... Index ... 597
... Preface ... 19
... Purpose ... 19
... Who Should Read This Book? ... 19
... Structure of This Book ... 20
... Acknowledgments ... 25
... Introduction ... 27
... Overview of SAP HANA ... 27
... Introduction to SAP HANA Security ... 35
... Importance of Securing Your SAP HANA System ... 36
... Summary ... 37
1 ... Managing Security with the SAP HANA Cockpit ... 39
1.1 ... What Is the SAP HANA Cockpit? ... 40
1.2 ... Security Areas in SAP HANA Cockpit ... 54
1.3 ... SAP HANA Database Explorer and SQL Console ... 61
1.4 ... Summary ... 64
2 ... Introduction to SAP HANA Privileges ... 65
2.1 ... Privileges within SAP HANA ... 66
2.2 ... Privilege Validation and Assignment ... 72
2.3 ... Summary ... 76
3 ... Catalog Objects ... 77
3.1 ... What Are SAP HANA Catalog Objects? ... 77
3.2 ... Creating and Managing Native Catalog Objects ... 79
3.3 ... Creating and Managing Repository Catalog Objects ... 84
3.4 ... Deploying Repository Objects ... 90
3.5 ... Case Study ... 96
3.6 ... Summary ... 101
4 ... User Accounts ... 103
4.1 ... What Are User Accounts? ... 103
4.2 ... Creating and Managing User Accounts ... 110
4.3 ... Granting and Revoking Privileges ... 123
4.4 ... Managing User Role Assignments ... 143
4.5 ... Case Study: Provisioning Users with SQL Scripts and Stored Procedures ... 150
4.6 ... Summary ... 160
5 ... Database Roles ... 161
5.1 ... What Are Roles? ... 161
5.2 ... Creating and Managing Roles ... 165
5.3 ... Granting and Revoking Privileges ... 170
5.4 ... Managing Nested Roles ... 192
5.5 ... Mapping LDAP Groups to Roles ... 196
5.6 ... Summary ... 199
6 ... Repository Roles ... 201
6.1 ... What Are Repository Roles? ... 201
6.2 ... Managing Repository Roles with Design-Time Scripts ... 207
6.3 ... Granting and Revoking Privileges in Design-Time Scripts ... 213
6.4 ... Managing Repository Roles with the SAP HANA Web-Based Development Workbench ... 221
6.5 ... Granting Repository Roles to Users ... 232
6.6 ... Case Study: Creating Basic Repository Roles ... 234
6.7 ... Summary ... 240
7 ... System Privileges ... 241
7.1 ... What Are System Privileges? ... 241
7.2 ... Default System Privileges ... 242
7.3 ... Granting System Privileges ... 253
7.4 ... Case Study: Security Administrator System Privileges ... 262
7.5 ... Summary ... 267
8 ... Object Privileges ... 269
8.1 ... What Are Object Privileges? ... 269
8.2 ... Granting Object Privileges with SQL ... 280
8.3 ... Granting Object Privileges with the SAP HANA Cockpit ... 285
8.4 ... Granting Object Privileges with the SAP HANA Web-Based Development Workbench ... 287
8.5 ... Granting Object Privileges with Repository Roles ... 289
8.6 ... Case Study: Updating Repository Roles to Access Information Views ... 295
8.7 ... Summary ... 299
9 ... Package Privileges ... 301
9.1 ... What Is the SAP HANA Development Repository? ... 301
9.2 ... What Are Package Privileges? ... 304
9.3 ... Granting Package Privileges ... 307
9.4 ... Case Study: Preventing Content Developers from Elevating Their Privileges ... 315
9.5 ... Summary ... 319
10 ... Analytic Privileges ... 321
10.1 ... What Are SAP HANA Information Views? ... 322
10.2 ... What Are Analytic Privileges? ... 324
10.3 ... _SYS_BI_CP_ALL: A System-Generated Analytic Privilege ... 330
10.4 ... Managing Static Analytic Privileges ... 331
10.5 ... Managing Dynamic Analytic Privileges ... 336
10.6 ... Managing Dynamic Expression-Based SQL Analytic Privileges ... 346
10.7 ... Troubleshooting Effective Analytic Privileges and Filter Conditions ... 350
10.8 ... Granting Analytic Privileges ... 351
10.9 ... Summary ... 359
11 ... Application Privileges ... 361
11.1 ... What Are Application Privileges? ... 361
11.2 ... Creating Application Privileges ... 362
11.3 ... Granting Application Privileges ... 364
11.4 ... Privileges on Users ... 372
11.5 ... Summary ... 375
12 ... Authentication ... 377
12.1 ... SAP HANA Internal Authentication Mechanism ... 378
12.2 ... SAP HANA and LDAP Authentication ... 393
12.3 ... Supported Third-Party Authentication Providers ... 396
12.4 ... Case Study: Adding SAML Identity User Accounts ... 406
12.5 ... Summary ... 409
13 ... Certificate Management and Encryption ... 411
13.1 ... SSL Certificates ... 411
13.2 ... Client Encryption Settings ... 423
13.3 ... Encrypting Data ... 431
13.4 ... Summary ... 440
14 ... Security Lifecycle Management ... 441
14.1 ... Maintaining a Consistent Security Model ... 441
14.2 ... Creating Delivery Units for Security-Related Packages ... 448
14.3 ... Transporting Security Packages to Other SAP HANA Systems ... 457
14.4 ... Additional Options in SAP HANA Application Lifecycle Management ... 466
14.5 ... Summary ... 468
15 ... Auditing ... 469
15.1 ... Why Do You Need Auditing? ... 469
15.2 ... Configuring Auditing ... 471
15.3 ... Creating Audit Policies ... 479
15.4 ... Querying Audit Data ... 494
15.5 ... Case Study: Defining Audit Policies ... 496
15.6 ... Summary ... 503
16 ... Security Tracing and Troubleshooting ... 505
16.1 ... Authorization Tracing ... 505
16.2 ... Querying the System to Review Effective Privileges ... 513
16.3 ... Case Study: Identifying Deficiencies in Information View Access ... 522
16.4 ... Summary ... 524
17 ... Security Recommendations ... 525
17.1 ... Password Authentication Settings ... 525
17.2 ... Encryption Settings ... 529
17.3 ... Identifying Users with Elevated Privileges ... 529
17.4 ... Disabling the SYSTEM Account ... 539
17.5 ... Identifying Privilege Escalation Vulnerabilities ... 540
17.6 ... Handover from Hardware Vendors ... 541
17.7 ... Creating Audit Policies ... 541
17.8 ... Summary ... 542
18 ... SAP HANA XSA Security ... 543
18.1 ... Overview of SAP HANA XSA ... 543
18.2 ... Managing Space Access, Users, and Roles Collections in SAP HANA XSA ... 546
18.3 ... Working with SAP Web IDE for SAP HANA ... 556
18.4 ... HDI Containers and Security ... 559
18.5 ... Summary ... 594
... The Author ... 595
... Index ... 597
... Purpose ... 19
... Who Should Read This Book? ... 19
... Structure of This Book ... 20
... Acknowledgments ... 25
... Introduction ... 27
... Overview of SAP HANA ... 27
... Introduction to SAP HANA Security ... 35
... Importance of Securing Your SAP HANA System ... 36
... Summary ... 37
1 ... Managing Security with the SAP HANA Cockpit ... 39
1.1 ... What Is the SAP HANA Cockpit? ... 40
1.2 ... Security Areas in SAP HANA Cockpit ... 54
1.3 ... SAP HANA Database Explorer and SQL Console ... 61
1.4 ... Summary ... 64
2 ... Introduction to SAP HANA Privileges ... 65
2.1 ... Privileges within SAP HANA ... 66
2.2 ... Privilege Validation and Assignment ... 72
2.3 ... Summary ... 76
3 ... Catalog Objects ... 77
3.1 ... What Are SAP HANA Catalog Objects? ... 77
3.2 ... Creating and Managing Native Catalog Objects ... 79
3.3 ... Creating and Managing Repository Catalog Objects ... 84
3.4 ... Deploying Repository Objects ... 90
3.5 ... Case Study ... 96
3.6 ... Summary ... 101
4 ... User Accounts ... 103
4.1 ... What Are User Accounts? ... 103
4.2 ... Creating and Managing User Accounts ... 110
4.3 ... Granting and Revoking Privileges ... 123
4.4 ... Managing User Role Assignments ... 143
4.5 ... Case Study: Provisioning Users with SQL Scripts and Stored Procedures ... 150
4.6 ... Summary ... 160
5 ... Database Roles ... 161
5.1 ... What Are Roles? ... 161
5.2 ... Creating and Managing Roles ... 165
5.3 ... Granting and Revoking Privileges ... 170
5.4 ... Managing Nested Roles ... 192
5.5 ... Mapping LDAP Groups to Roles ... 196
5.6 ... Summary ... 199
6 ... Repository Roles ... 201
6.1 ... What Are Repository Roles? ... 201
6.2 ... Managing Repository Roles with Design-Time Scripts ... 207
6.3 ... Granting and Revoking Privileges in Design-Time Scripts ... 213
6.4 ... Managing Repository Roles with the SAP HANA Web-Based Development Workbench ... 221
6.5 ... Granting Repository Roles to Users ... 232
6.6 ... Case Study: Creating Basic Repository Roles ... 234
6.7 ... Summary ... 240
7 ... System Privileges ... 241
7.1 ... What Are System Privileges? ... 241
7.2 ... Default System Privileges ... 242
7.3 ... Granting System Privileges ... 253
7.4 ... Case Study: Security Administrator System Privileges ... 262
7.5 ... Summary ... 267
8 ... Object Privileges ... 269
8.1 ... What Are Object Privileges? ... 269
8.2 ... Granting Object Privileges with SQL ... 280
8.3 ... Granting Object Privileges with the SAP HANA Cockpit ... 285
8.4 ... Granting Object Privileges with the SAP HANA Web-Based Development Workbench ... 287
8.5 ... Granting Object Privileges with Repository Roles ... 289
8.6 ... Case Study: Updating Repository Roles to Access Information Views ... 295
8.7 ... Summary ... 299
9 ... Package Privileges ... 301
9.1 ... What Is the SAP HANA Development Repository? ... 301
9.2 ... What Are Package Privileges? ... 304
9.3 ... Granting Package Privileges ... 307
9.4 ... Case Study: Preventing Content Developers from Elevating Their Privileges ... 315
9.5 ... Summary ... 319
10 ... Analytic Privileges ... 321
10.1 ... What Are SAP HANA Information Views? ... 322
10.2 ... What Are Analytic Privileges? ... 324
10.3 ... _SYS_BI_CP_ALL: A System-Generated Analytic Privilege ... 330
10.4 ... Managing Static Analytic Privileges ... 331
10.5 ... Managing Dynamic Analytic Privileges ... 336
10.6 ... Managing Dynamic Expression-Based SQL Analytic Privileges ... 346
10.7 ... Troubleshooting Effective Analytic Privileges and Filter Conditions ... 350
10.8 ... Granting Analytic Privileges ... 351
10.9 ... Summary ... 359
11 ... Application Privileges ... 361
11.1 ... What Are Application Privileges? ... 361
11.2 ... Creating Application Privileges ... 362
11.3 ... Granting Application Privileges ... 364
11.4 ... Privileges on Users ... 372
11.5 ... Summary ... 375
12 ... Authentication ... 377
12.1 ... SAP HANA Internal Authentication Mechanism ... 378
12.2 ... SAP HANA and LDAP Authentication ... 393
12.3 ... Supported Third-Party Authentication Providers ... 396
12.4 ... Case Study: Adding SAML Identity User Accounts ... 406
12.5 ... Summary ... 409
13 ... Certificate Management and Encryption ... 411
13.1 ... SSL Certificates ... 411
13.2 ... Client Encryption Settings ... 423
13.3 ... Encrypting Data ... 431
13.4 ... Summary ... 440
14 ... Security Lifecycle Management ... 441
14.1 ... Maintaining a Consistent Security Model ... 441
14.2 ... Creating Delivery Units for Security-Related Packages ... 448
14.3 ... Transporting Security Packages to Other SAP HANA Systems ... 457
14.4 ... Additional Options in SAP HANA Application Lifecycle Management ... 466
14.5 ... Summary ... 468
15 ... Auditing ... 469
15.1 ... Why Do You Need Auditing? ... 469
15.2 ... Configuring Auditing ... 471
15.3 ... Creating Audit Policies ... 479
15.4 ... Querying Audit Data ... 494
15.5 ... Case Study: Defining Audit Policies ... 496
15.6 ... Summary ... 503
16 ... Security Tracing and Troubleshooting ... 505
16.1 ... Authorization Tracing ... 505
16.2 ... Querying the System to Review Effective Privileges ... 513
16.3 ... Case Study: Identifying Deficiencies in Information View Access ... 522
16.4 ... Summary ... 524
17 ... Security Recommendations ... 525
17.1 ... Password Authentication Settings ... 525
17.2 ... Encryption Settings ... 529
17.3 ... Identifying Users with Elevated Privileges ... 529
17.4 ... Disabling the SYSTEM Account ... 539
17.5 ... Identifying Privilege Escalation Vulnerabilities ... 540
17.6 ... Handover from Hardware Vendors ... 541
17.7 ... Creating Audit Policies ... 541
17.8 ... Summary ... 542
18 ... SAP HANA XSA Security ... 543
18.1 ... Overview of SAP HANA XSA ... 543
18.2 ... Managing Space Access, Users, and Roles Collections in SAP HANA XSA ... 546
18.3 ... Working with SAP Web IDE for SAP HANA ... 556
18.4 ... HDI Containers and Security ... 559
18.5 ... Summary ... 594
... The Author ... 595
... Index ... 597