Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Dear Reader Notes on Usage Table of Contents   Preface
  Purpose   Who Should Read This Book   Structure of This Book   Acknowledgments
  Introduction
  Overview of SAP HANA   Introduction to SAP HANA Security   Importance of Securing Your SAP HANA System   Summary
1   Managing Security with SAP HANA Studio
1.1   SAP HANA Studio Overview
1.1.1   Getting Started with SAP HANA Studio 1.1.2   Navigating SAP HANA Studio
1.2   The Administration Console 1.3   Managing Perspectives in SAP HANA Studio
1.3.1   Administration Console Perspective 1.3.2   Development Perspective 1.3.3   Modeler Perspective
1.4   SQL Console 1.5   Security Settings in SAP HANA Studio
1.5.1   User Management 1.5.2   Role Management 1.5.3   Security Console 1.5.4   Development Perspective 1.5.5   SQL Console 1.5.6   Configuration Tab
1.6   Summary
2   Introduction to SAP HANA Privileges
2.1   Privileges within SAP HANA
2.1.1   System Privileges 2.1.2   Object Privileges 2.1.3   Analytic Privileges 2.1.4   Package Privileges 2.1.5   Application Privileges
2.2   Privilege Validation and Assignment
2.2.1   Assigning Privileges 2.2.2   Validating Privileges
2.3   Summary
3   Catalog Objects
3.1   What Are SAP HANA Catalog Objects? 3.2   Creating and Managing Native Catalog Objects
3.2.1   Creating Schemas 3.2.2   Creating Catalog Tables 3.2.3   Creating Other Catalog Objects
3.3   Creating and Managing Repository Catalog Objects
3.3.1   Creating Repository Schemas 3.3.2   Creating Repository Tables
3.4   Deploying Repository Objects 3.5   Case Study 3.6   Summary
4   User Accounts
4.1   What Are User Accounts?
4.1.1   Standard User Accounts 4.1.2   Technical User Accounts 4.1.3   Restricted User Accounts
4.2   Creating and Managing User Accounts
4.2.1   Creating and Managing Users with SQL Statements 4.2.2   Creating and Managing Users in SAP HANA Studio 4.2.3   Creating and Managing Users with SAP HANA Web-Based Development Workbench 4.2.4   User Account System Views 4.2.5   Deleting User Accounts
4.3   Granting and Revoking Privileges
4.3.1   Granting and Revoking Privileges with SQL 4.3.2   Granting and Revoking Privileges with SAP HANA Studio 4.3.3   Granting and Revoking Privileges with SAP HANA Web-Based Development Workbench 4.3.4   Effective Privileges System View
4.4   Managing User Role Assignments
4.4.1   Granting and Revoking Roles with SQL 4.4.2   Granting and Revoking Roles with SAP HANA Studio 4.4.3   Granting and Revoking Roles with SAP HANA Web-Based Development Workbench 4.4.4   Effective Roles System View
4.5   Case Study: Provisioning Users with SQL Scripts and Stored Procedures
4.5.1   Creating a Repository Schema 4.5.2   Creating a Repository Table 4.5.3   Importing a CSV File into a Table 4.5.4   Creating Repository Stored Procedures 4.5.5   Executing the Repository Stored Procedure
4.6   Summary
5   Database Roles
5.1   What Are Roles? 5.2   Creating and Managing Roles
5.2.1   Creating and Deleting Roles with SQL Statements 5.2.2   Creating and Deleting Roles with SAP HANA Studio 5.2.3   Creating and Deleting Roles with SAP HANA Web-Based Development Workbench
5.3   Granting and Revoking Privileges
5.3.1   Methodologies for Granting Privileges to Roles 5.3.2   Granting and Revoking Privileges with SQL 5.3.3   Granting and Revoking Privileges with SAP HANA Studio 5.3.4   Granting and Revoking Privileges with SAP HANA Web-Based Development Workbench
5.4   Managing Nested Roles
5.4.1   Granting and Revoking Roles with SQL 5.4.2   Granting and Revoking Roles with SAP HANA Studio 5.4.3   Granting and Revoking Roles with SAP HANA Web-Based Development Workbench
5.5   Summary
6   Repository Roles
6.1   What Are Repository Roles?
6.1.1   User Account _SYS_REPO and Repository Roles 6.1.2   Grantor and Privileges 6.1.3   Grantor and Roles 6.1.4   Why Use Repository Roles?
6.2   Managing Repository Roles with Design-Time Scripts
6.2.1   Creating Repository Roles within a Package 6.2.2   Defining the Role Name Tag 6.2.3   Extending Roles 6.2.4   Assigning Privileges 6.2.5   Save and Activate 6.2.6   Runtime Repository Roles
6.3   Granting and Revoking Privileges in Design-Time Scripts
6.3.1   System Privileges 6.3.2   Schema Privileges 6.3.3   Object Privileges 6.3.4   Structured Privileges 6.3.5   Remote Sources 6.3.6   Analytic Privileges 6.3.7   Application Privileges 6.3.8   Package Privileges
6.4   Managing Repository Roles with SAP HANA Web-Based Development Workbench
6.4.1   Accessing and Navigating the SAP HANA Web-Based Development Workbench Editor 6.4.2   System Privileges 6.4.3   Object Privileges 6.4.4   Analytic Privileges 6.4.5   Package Privileges 6.4.6   Application Privileges
6.5   Granting Repository Roles to Users
6.5.1   Granting and Revoking Repository Roles with Stored Procedures 6.5.2   Granting and Revoking Repository Roles with SAP HANA Studio 6.5.3   Granting and Revoking Repository Roles with SAP HANA Web-Based Development Workbench
6.6   Case Study: Creating Basic Repository Roles
6.6.1   Consumer Repository Role 6.6.2   Power User Repository Role 6.6.3   Developer Repository Role 6.6.4   Security Administrator Repository Role
6.7   Summary
7   System Privileges
7.1   What Are System Privileges? 7.2   Default System Privileges
7.2.1   Developer-Related System Privileges 7.2.2   Security Admin-Related System Privileges 7.2.3   System Admin-Related System Privileges 7.2.4   Environment Monitoring-Related System Privileges 7.2.5   Environment Performance-Related System Privileges
7.3   Granting System Privileges
7.3.1   Granting System Privileges with SQL 7.3.2   Granting System Privileges with SAP HANA Studio 7.3.3   Granting System Privileges with SAP HANA Web-Based Development Workbench 7.3.4   Granting System Privileges with Repository Roles
7.4   Case Study: Security Administrator System Privileges
7.4.1   User Management Role 7.4.2   Role Management Role 7.4.3   Data and Communication Encryption Role 7.4.4   System Auditing Role
7.5   Summary
8   Object Privileges
8.1   Overview of Object Privileges
8.1.1   Catalog Object Privileges 8.1.2   Security Considerations for Catalog Objects
8.2   Granting Object Privileges with SQL
8.2.1   Securing Schemas with SQL 8.2.2   Securing Individual Catalog Objects with SQL
8.3   Granting Object Privileges with SAP HANA Studio 8.4   Granting Object Privileges with Repository Roles
8.4.1   Script-Based Repository Roles 8.4.2   SAP HANA Web-Based Development Workbench
8.5   Case Study: Updating Repository Roles to Access Information Views
8.5.1   Consumer 8.5.2   Power User 8.5.3   Developer
8.6   Summary
9   Package Privileges
9.1   The SAP HANA Development Repository
9.1.1   Structure of the Development Repository 9.1.2   Creating Packages and Subpackages 9.1.3   Overview of Delivery Units
9.2   Overview of Package Privileges 9.3   Granting Package Privileges
9.3.1   Granting Package Privileges with SQL 9.3.2   Granting Package Privileges with SAP HANA Studio 9.3.3   Granting Package Privileges with SAP HANA Web-Based Development Workbench 9.3.4   Granting Package Privileges within Repository-Based Roles
9.4   Case Study: Preventing Content Developers from Elevating Their Privileges
9.4.1   Assessing the Current Configuration 9.4.2   Recommendations
9.5   Summary
10   Analytic Privileges
10.1   Overview of SAP HANA Information Views
10.1.1   Attribute Views 10.1.2   Analytic Views 10.1.3   Calculation Views
10.2   Overview of Analytic Privileges
10.2.1   XML-Based Analytic Privileges 10.2.2   SQL-Based Analytic Privileges
10.3   _SYS_BI_CP_ALL: A System-Generated Analytic Privilege 10.4   Managing Static Analytic Privileges
10.4.1   Creating Static XML-Based Analytic Privileges 10.4.2   Creating Static SQL-Based Analytic Privileges
10.5   Managing Dynamic Analytic Privileges
10.5.1   Dynamic XML-Based Analytic Privileges 10.5.2   Dynamic SQL-Based Analytic Privileges
10.6   Managing Dynamic Expression-Based SQL Analytic Privileges
10.6.1   Creating a Repository-Based Security Table 10.6.2   Defining Dynamic Expression-Based SQL Analytic Privileges
10.7   Troubleshooting Effective Analytic Privileges and Filter Conditions 10.8   Granting Analytic Privileges
10.8.1   Granting Analytic Privileges with SQL 10.8.2   Granting Analytic Privileges with SAP HANA Studio 10.8.3   Granting Analytic Privileges with SAP HANA Web-Based Development Workbench 10.8.4   Granting Analytic Privileges within Repository Roles
10.9   Summary
11   Application Privileges
11.1   Application Privileges in SAP HANA 11.2   Creating Application Privileges 11.3   Granting Application Privileges
11.3.1   Granting Application Privileges with SQL 11.3.2   Granting Application Privileges with SAP HANA Studio 11.3.3   Granting Application Privileges with SAP HANA Web-Based Development Workbench 11.3.4   Granting Application Privileges within Repository Roles
11.4   Privileges on Users
11.4.1   Granting Privileges on Users with SAP HANA Studio 11.4.2   Granting Privileges on Users with SQL
11.5   Summary
12   Authentication
12.1   SAP HANA Internal Authentication Mechanism
12.1.1   Protecting SAP HANA Passwords with Encryption 12.1.2   Configuring the Internal Authentication Password Policy 12.1.3   Managing Password Policy Settings with SQL 12.1.4   Managing Password Policy Settings in GUIs
12.2   Supported Third-Party Authentication Providers
12.2.1   Kerberos Authentication 12.2.2   SAML Authentication 12.2.3   X509 Authentication 12.2.4   SAP Logon Ticket 12.2.5   SAP Assertion Ticket
12.3   Case Study: Adding SAML Identity User Accounts 12.4   Summary
13   Certificate Management and Encryption
13.1   SSL Certificates
13.1.1   In-Database Certificate Management 13.1.2   External SAP HANA PSE File and Certificate Management
13.2   Client Encryption Settings
13.2.1   SAP HANA Studio 13.2.2   XS Engine Web-Based Applications 13.2.3   JDBC and ODBC Drivers
13.3   Encrypting Data
13.3.1   Server-Side Data Encryption 13.3.2   Changing New Root Keys within the SSFS 13.3.3   Encrypting the Data Volume 13.3.4   Encrypting the Log Volume
13.4   Summary
14   Security Lifecycle Management
14.1   Maintaining a Consistent Security Model
14.1.1   Best Practices 14.1.2   Testing Security Model Changes 14.1.3   Keeping Repository Roles in Sync
14.2   Create Delivery Units for Security-Related Packages
14.2.1   Creating a Delivery Unit with SAP HANA Studio 14.2.2   Creating a DU with SAP HANA Application Lifecycle Management
14.3   Transport Security Packages to Other SAP HANA Systems
14.3.1   Transport a DU with SAP HANA Application Lifecycle Management 14.3.2   Export a DU to a File 14.3.3   Import a DU from a File
14.4   Additional Options in SAP HANA Application Lifecycle Management
14.4.1   Change Recording 14.4.2   Using SAP CTS
14.5   Summary
15   Auditing
15.1   Why Do We Need Auditing? 15.2   Configuring Auditing
15.2.1   Enable Auditing with SAP HANA Studio 15.2.2   Enable Auditing with SAP HANA Web-Based Development Workbench 15.2.3   Enable Auditing with SQL
15.3   Creating Audit Policies
15.3.1   Components of the Audit Policy 15.3.2   Managing Policies with SAP HANA Web-Based Development Workbench 15.3.3   Managing Audit Policies with SQL 15.3.4   Creating Policies with SAP HANA Studio
15.4   Querying Audit Data
15.4.1   AUDIT_ACTIONS 15.4.2   AUDIT_LOG 15.4.3   AUDIT_POLICIES
15.5   Case Study: Defining Audit Policies
15.5.1   Proactive Event Monitoring 15.5.2   Audit Reporting 15.5.3   Authentication Auditing 15.5.4   Unauthorized Action Auditing 15.5.5   System Change Auditing 15.5.6   Security Management Task Auditing 15.5.7   Super User Event Auditing
15.6   Summary
16   Security Tracing and Troubleshooting
16.1   Authorization Tracing
16.1.1   Enable Tracing with SAP HANA Studio 16.1.2   Enable Tracing with SQL 16.1.3   Viewing the Trace File in SAP HANA Studio
16.2   Query the System to Review Effective Privileges
16.2.1   Granted Privileges 16.2.2   Granted Roles 16.2.3   Accessible Views 16.2.4   Effective Privilege Grantees 16.2.5   Effective Structured Privileges 16.2.6   Effective Privileges 16.2.7   Effective Role Grantees 16.2.8   Effective Roles
16.3   Case Study: Identifying Deficiencies in Information View Access
16.3.1   Troubleshooting the Problem 16.3.2   Reviewing the Results 16.3.3   Reviewing the Solution
16.4   Summary
17   Security Recommendations
17.1   Password Authentication Settings
17.1.1   Standard User Password Policies 17.1.2   Service Accounts
17.2   Encryption Settings 17.3   Identifying Users with Elevated Privileges
17.3.1   System Privileges 17.3.2   Root Package Privileges 17.3.3   Bypass Analytic Privileges 17.3.4   Default Standard Roles 17.3.5   WITH GRANT or WITH ADMIN
17.4   Disabling the SYSTEM Account 17.5   Identify Privilege Escalation Vulnerabilities 17.6   Handover from Hardware Vendors 17.7   Create Audit Policies 17.8   Summary
18   SAP HANA 2.0 Security
18.1   Authorizations
18.1.1   Granting or Revoking the PUBLIC Role 18.1.2   Granting or Revoking Access to a User’s Own Schema 18.1.3   Map LDAP Groups to SAP HANA Roles
18.2   Encryption
18.2.1   Log Volume Encryption 18.2.2   Root Key Backup and Password 18.2.3   Using SQL to Update All Encryption Keys
18.3   XS Engine Applications and Roles 18.4   SAP HANA 2.0 Cockpit 18.5   Summary
A   The Author Index Service Pages Legal Notes
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion