Upload
phaniraj-garimella
View
35
Download
0
Embed Size (px)
DESCRIPTION
SAP HANA 7
Citation preview
1. Administrative Users: SYSTEM User (Built in initial user)Data Administrator (owns ERP data, use data loads)Repository Admin (create package structure, grant package priv.)User Admin (create users, roles, grants data model)
2. Analytic Privileges MANDATORY: Repository ObjectsCannot retrieve data w/o it.
Restrict access to:Field from Attribute View, Used for Analytic/Calculation ViewDimension of Analytic ViewSingle Value
3. Assign Privileges Search: Object/Privilege combo: Search byObjectPrivilege Tab>Green Add >Search> OK >Save> Green Deploy
4. Create Analytic Privilege: System> Content> Package>Analytic Privilege> Name/Description> Select Views>Grant/Restrict Fields> Grant/Restrict Values> Save> Activate(Run-Time Object created & added to Role)
BUG: No changes after activation
5. Create Roles: Studio: System>Authorization>Role>New>User
SQL: CREATE ROLE <role name>
6. Create Users: Names users in HANA and authentication:Via HANA StudioVia SQL statements
*Cannot import users from sap systems, must create HANAstudio.
7. Create Users: System>Authorization>Users>New>User>Enter:Initial Pass/ External User/ Default Client> Save>Deploy
8. Grant Role to User: Grant Role Tab> Search>Role Name>AddRole> Allow/Disallow Granting Role to User
Delete Role will also delete role from all grantees.
ROLE ADMIN supersedes GRANT OPTION
9. HANA Data Model Users and Info Consumer: ModelingUsers (create/edit data model)Model ActivationCreator Analytic PrivilegesActivation of Analytic Privileges
Info Consumer: Read Only
10. Object Privilege Combo: grant SELECT on TABLE(privilege/object)grant EXECUTE on PROCEDURE (privilege/object)
11. Pre-Defined Roles: Roles:1. PUBLIC (minimal privilege, default to new user)2. CONTENT_ADMIN:_SYS_BIC & GRANT OPTION_SYS_BI & GRANT OPTION
3. MODELING: (Create/Activate)Info Models/ Analytic Privileges
12. Privilege: grant USER ADMIN (system privilege)grant EXAMPLE_ROLE (role privilege)
13. Security Best Practice: 1. Don't Change SYSTEM Schema2. Create DATA ADMIN w/ Target Schema per System3. Grant to _SYS_REPO:GRANT SELECT ON SCHEMA <data _schema> TO _SYS_REPOWITH GRANT OPTION4. Don't place critical privileges into roles. Limit use of ROLEADMIN, Create named users w/ these priv. instead.5. ROLE ADMIN required for creating roles. ROLE ADMIN supersedes GRANT (don't need both together)
14. Types of Privileges: Privileges:System (Actions in DB): USER ADMIN/ CREATE SCHEMASQL (Access to Data Containers): SELECT ON/ DROP ONAnalytic (Row-Level for Data Models): Fields/FilterPackage (Modeling): Edit/Activate Models
15. User Management/security HANA: Create usersAssign securityManage users
16. User Role: Role for tasks: Create/ Activate/ Consume datamodelsRole has hierarchy/inheritanceRole can assign Individual SQL/system privileges
Create roles>assign security to roles >assign role to users
17. Users and Roles: Process Flow: Define and Create RolesAssign Privileges to RolesCreate UsersGrant Roles to Users
18. Why Security Needed?: Trivial:Skilled people/ ERP tables/ Only Model owners can edit models
Non-Trivial: User AdminSeveral front end tools direct access to HANAObject/Content Access controlled in HANANamed users for Information Consumers
Exception: Info Center User Management Not Needed IF:Data access doesn't need to be controlledAccess occur in BO semantic layerAccess occur in security in BO Enterprise
SAP HANA 7Study online at quizlet.com/_6rpn3