18.5    Summary

You should now have a basic understanding of the difference scenarios and options that security teams need to understand when supporting security in the SAP HANA XSA environment. The SAP HANA XSA cockpit is used to configure SAP HANA XSA users, access to organizations, and access to spaces. Many other options are available, including the management of the service connections key to providing security within SAP Web IDE for SAP HANA and with HDI containers. SAP Web IDE for SAP HANA is primarily a developer’s tool, but the security team will need to understand how to create HDI container roles and manage the .hdbgrants file. In addition, we discussed the complex options for granting database users access to objects within an HDI container using .hdbrole files, granting access between containers and classic database objects in the .hdbgrants file, granting access to the #OO user directly, and finally granting access between containers.