1. Administrative Users: SYSTEM User (Built in initial user) Data Administrator (owns ERP data, use data loads) Repository Admin (create package structure, grant package priv.) User Admin (create users, roles, grants data model) 2. Analytic Privileges MANDATORY: Repository Objects Cannot retrieve data w/o it. Restrict access to: Field from Attribute View, Used for Analytic/Calculation View Dimension of Analytic View Single Value 3. Assign Privileges Search: Object/Privilege combo: Search by Object Privilege Tab>Green Add >Search> OK >Save> Green Deploy 4. Create Analytic Privilege: System> Content> Package> Analytic Privilege> Name/Description> Select Views> Grant/Restrict Fields> Grant/Restrict Values> Save> Activate (Run-Time Object created & added to Role) BUG: No changes after activation 5. Create Roles: Studio: System>Authorization>Role>New>User SQL: CREATE ROLE <role name> 6. Create Users: Names users in HANA and authentication: Via HANA Studio Via SQL statements *Cannot import users from sap systems, must create HANA studio. 7. Create Users: System>Authorization>Users>New>User>Enter: Initial Pass/ External User/ Default Client> Save>Deploy 8. Grant Role to User: Grant Role Tab> Search>Role Name>Add Role> Allow/Disallow Granting Role to User Delete Role will also delete role from all grantees. ROLE ADMIN supersedes GRANT OPTION 9. HANA Data Model Users and Info Consumer: Modeling Users (create/edit data model) Model Activation Creator Analytic Privileges Activation of Analytic Privileges Info Consumer: Read Only 10. Object Privilege Combo: grant SELECT on TABLE (privilege/object) grant EXECUTE on PROCEDURE (privilege/object) 11. Pre-Defined Roles: Roles: 1. PUBLIC (minimal privilege, default to new user) 2. CONTENT_ADMIN: _SYS_BIC & GRANT OPTION _SYS_BI & GRANT OPTION 3. MODELING: (Create/Activate) Info Models/ Analytic Privileges 12. Privilege: grant USER ADMIN (system privilege) grant EXAMPLE_ROLE (role privilege) 13. Security Best Practice: 1. Don't Change SYSTEM Schema 2. Create DATA ADMIN w/ Target Schema per System 3. Grant to _SYS_REPO: GRANT SELECT ON SCHEMA <data _schema> TO _SYS_REPO WITH GRANT OPTION 4. Don't place critical privileges into roles. Limit use of ROLE ADMIN, Create named users w/ these priv. instead. 5. ROLE ADMIN required for creating roles. ROLE ADMIN supersedes GRANT (don't need both together) 14. Types of Privileges: Privileges: System (Actions in DB): USER ADMIN/ CREATE SCHEMA SQL (Access to Data Containers): SELECT ON/ DROP ON Analytic (Row-Level for Data Models): Fields/Filter Package (Modeling): Edit/Activate Models 15. User Management/security HANA: Create users Assign security Manage users 16. User Role: Role for tasks: Create/ Activate/ Consume data models Role has hierarchy/inheritance Role can assign Individual SQL/system privileges Create roles>assign security to roles >assign role to users 17. Users and Roles: Process Flow: Define and Create Roles Assign Privileges to Roles Create Users Grant Roles to Users 18. Why Security Needed?: Trivial: Skilled people/ ERP tables/ Only Model owners can edit models Non-Trivial: User Admin Several front end tools direct access to HANA Object/Content Access controlled in HANA Named users for Information Consumers Exception: Info Center User Management Not Needed IF: Data access doesn't need to be controlled Access occur in BO semantic layer Access occur in security in BO Enterprise SAP HANA 7 Study online at quizlet.com/_6rpn3

SAP HANA 7

Download PDF Report

Upload
phaniraj-garimella
View
35
Download
0

Embed Size (px)

DESCRIPTION

SAP HANA 7

Citation preview

2. Analytic Privileges MANDATORY: Repository ObjectsCannot retrieve data w/o it.

Restrict access to:Field from Attribute View, Used for Analytic/Calculation ViewDimension of Analytic ViewSingle Value

3. Assign Privileges Search: Object/Privilege combo: Search byObjectPrivilege Tab>Green Add >Search> OK >Save> Green Deploy

4. Create Analytic Privilege: System> Content> Package>Analytic Privilege> Name/Description> Select Views>Grant/Restrict Fields> Grant/Restrict Values> Save> Activate(Run-Time Object created & added to Role)

BUG: No changes after activation

5. Create Roles: Studio: System>Authorization>Role>New>User

SQL: CREATE ROLE <role name>

6. Create Users: Names users in HANA and authentication:Via HANA StudioVia SQL statements

*Cannot import users from sap systems, must create HANAstudio.

7. Create Users: System>Authorization>Users>New>User>Enter:Initial Pass/ External User/ Default Client> Save>Deploy

8. Grant Role to User: Grant Role Tab> Search>Role Name>AddRole> Allow/Disallow Granting Role to User

Delete Role will also delete role from all grantees.

ROLE ADMIN supersedes GRANT OPTION

9. HANA Data Model Users and Info Consumer: ModelingUsers (create/edit data model)Model ActivationCreator Analytic PrivilegesActivation of Analytic Privileges

Info Consumer: Read Only

10. Object Privilege Combo: grant SELECT on TABLE(privilege/object)grant EXECUTE on PROCEDURE (privilege/object)

11. Pre-Defined Roles: Roles:1. PUBLIC (minimal privilege, default to new user)2. CONTENT_ADMIN:_SYS_BIC & GRANT OPTION_SYS_BI & GRANT OPTION

3. MODELING: (Create/Activate)Info Models/ Analytic Privileges

12. Privilege: grant USER ADMIN (system privilege)grant EXAMPLE_ROLE (role privilege)

13. Security Best Practice: 1. Don't Change SYSTEM Schema2. Create DATA ADMIN w/ Target Schema per System3. Grant to _SYS_REPO:GRANT SELECT ON SCHEMA <data _schema> TO _SYS_REPOWITH GRANT OPTION4. Don't place critical privileges into roles. Limit use of ROLEADMIN, Create named users w/ these priv. instead.5. ROLE ADMIN required for creating roles. ROLE ADMIN supersedes GRANT (don't need both together)

14. Types of Privileges: Privileges:System (Actions in DB): USER ADMIN/ CREATE SCHEMASQL (Access to Data Containers): SELECT ON/ DROP ONAnalytic (Row-Level for Data Models): Fields/FilterPackage (Modeling): Edit/Activate Models

15. User Management/security HANA: Create usersAssign securityManage users

16. User Role: Role for tasks: Create/ Activate/ Consume datamodelsRole has hierarchy/inheritanceRole can assign Individual SQL/system privileges

Create roles>assign security to roles >assign role to users

17. Users and Roles: Process Flow: Define and Create RolesAssign Privileges to RolesCreate UsersGrant Roles to Users

18. Why Security Needed?: Trivial:Skilled people/ ERP tables/ Only Model owners can edit models

Non-Trivial: User AdminSeveral front end tools direct access to HANAObject/Content Access controlled in HANANamed users for Information Consumers

Exception: Info Center User Management Not Needed IF:Data access doesn't need to be controlledAccess occur in BO semantic layerAccess occur in security in BO Enterprise

SAP HANA 7Study online at quizlet.com/_6rpn3