Beruflich Dokumente
Kultur Dokumente
SAP Business
Objects
SAP HANA
Active
Directory
Tableau
Schema
Container that holds database objects such as tables,
views and stored procedures
Schema Types - User Defined, SLT Derived & System
_SYS_BIC, _SYS_BI & _SYS_REPO_ schemas in HANA
Create separate schemas per function area or project
Avoid creating system specific schemas
Package
Container for repository objects which can be
transported between Native HANA systems
Package types - Structured & Unstructured
Root package should be structured
Avoid creating unnecessary packages as this creates
additional administration work
Security can be restricted at the root package or
sub package level
HANA development artifacts such as schema, package, roles etc. can exist as runtime or
design-time objects
HANA development /modeling should be done in Design-time
Users can still be provisioned manually outside this process and those
users will not be interfered with or altered by this process
PROCEDURES
Procedures
A set of SQL statements and the logic that is used to perform specific task
PROVISION USERS
ZSP_PROVISION_USERS
CREATE/UPDATE BW USER
ZSP_CREATE_UPDATE_BW_USER
ADD LOG
ZSP_ADD_LOG
CUSTOM TABLES
BW TO HANA ROLE MAPPING
USR_DBMS_SYSTEM table
RSUSR_DBMS_USERS program
RSUSR_DBMS_USERS_CHECK prog.
Analytic Privilege
@ 20 Company Code
@ 20 Company Code
@ 15 Profit Center
@ 15 Profit Center
@ 5 Sales Org.
@ 5 Sales Org.
Challenges You have to create Analytic Privilege (AP) for each relevant
BW Analysis Authorization and you have to create these APs for each
HANA view you want to restrict
Company Code
Plant
Sales org.
Profit Center
Tables
AGR_USERS
AGR_1251
RSECVAL
RSECHIE
/BIC/HZPRFT_CTR
SAP HANA provides a web based user self service platform for end users to request new
HANA accounts and reset passwords. These feature is available as of HANA SP09 and above
The content is deactivated by default and is part of the HANA_XS_BASE Delivery Unit
SAP HANA introduces a new challenge for security administrators whenever there are
authorization issues. There is no SU53, SUIM, ST01 or STAUTHTRACE t-codes available
Here are some steps to follow when troubleshooting HANA reports
Isolate the problem
Is it a Portal, BI ABAP, BOBJ, tableau, or Native HANA
issue? You need a security resource with knowledge
in all the above areas
If issue is in Native HANA:
Check if user is locked, has correct access and SSO enabled?
Find out which views (Analytic, Calculation etc.) the end
user is executing?
Perform a Data Preview within Native HANA to verify error
is security related. Not Authorized Error should appear
Perform a Native HANA trace through trace configuration
Use the SQL statement below to find out the missing object
/* SQL to Lookup object names */
SELECT * FROM OWNERSHIP WHERE OBJECT_OID IN (131073);
You should see the object failing i.e. schema name or analytic privilege name
SUMMARY
Newell BI HANA Landscape
Overview of HANA system, repository and project explorer
Schema, packages, delivery Units, transport and stored procedures in
Native HANA
Design-time vs Runtime HANA artifacts
Native HANA security privileges
Newell roles design in Native HANA
Newell user provisioning procedure Vs SAP SU01 provisioning
Dynamic analytic privilege procedure Vs static privileges in Native HANA
SSO authentication mechanism in Native HANA
HANA user self service application
Security audit and trace configuration in Native HANA
QUESTIONS
FOLLOW US
at @ASUG365