Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Dear Reader Notes on Usage Table of Contents   Preface
  Purpose   Who Should Read This Book?   Structure of This Book   Acknowledgments
  Introduction
  Overview of SAP HANA   Introduction to SAP HANA Security   Importance of Securing Your SAP HANA System   Summary
1   Managing Security with the SAP HANA Cockpit
1.1   What Is the SAP HANA Cockpit?
1.1.1   SAP HANA Cockpit Architecture 1.1.2   Getting Started with the SAP HANA Cockpit 1.1.3   Navigating SAP HANA Cockpit
1.2   Security Areas in SAP HANA Cockpit
1.2.1   User & Role Management Area 1.2.2   Data Encryption 1.2.3   Authentication 1.2.4   Security Related Links 1.2.5   Anonymization Report 1.2.6   Auditing
1.3   SAP HANA Database Explorer and SQL Console 1.4   Summary
2   Introduction to SAP HANA Privileges
2.1   Privileges within SAP HANA
2.1.1   System Privileges 2.1.2   Object Privileges 2.1.3   Analytic Privileges 2.1.4   Package Privileges 2.1.5   Application Privileges
2.2   Privilege Validation and Assignment
2.2.1   Assigning Privileges 2.2.2   Validating Privileges
2.3   Summary
3   Catalog Objects
3.1   What Are SAP HANA Catalog Objects? 3.2   Creating and Managing Native Catalog Objects
3.2.1   Creating Schemas 3.2.2   Creating Catalog Tables 3.2.3   Creating Other Catalog Objects
3.3   Creating and Managing Repository Catalog Objects
3.3.1   Creating Repository Schemas 3.3.2   Creating Repository Tables
3.4   Deploying Repository Objects 3.5   Case Study 3.6   Summary
4   User Accounts
4.1   What Are User Accounts?
4.1.1   Standard User Accounts 4.1.2   Technical User Accounts 4.1.3   Restricted User Accounts 4.1.4   LDAP User Accounts
4.2   Creating and Managing User Accounts
4.2.1   Creating and Managing Users with SQL Statements 4.2.2   Creating and Managing Users in the SAP HANA Cockpit 4.2.3   Creating and Managing Users with the SAP HANA Web-Based Development Workbench 4.2.4   User Account System Views 4.2.5   Deleting User Accounts
4.3   Granting and Revoking Privileges
4.3.1   Granting and Revoking Privileges with SQL 4.3.2   Granting and Revoking Privileges with the SAP HANA Cockpit 4.3.3   Granting and Revoking Privileges with the SAP HANA Web-Based Development Workbench 4.3.4   Effective Privileges System View
4.4   Managing User Role Assignments
4.4.1   Granting and Revoking Roles with SQL 4.4.2   Granting and Revoking Roles with the SAP HANA Cockpit 4.4.3   Granting and Revoking Roles with the SAP HANA Web-Based Development Workbench 4.4.4   Effective Roles System View
4.5   Case Study: Provisioning Users with SQL Scripts and Stored Procedures
4.5.1   Creating a Repository Schema 4.5.2   Creating a Repository Table 4.5.3   Importing a CSV File into a Table 4.5.4   Creating a Repository Role to Access the Table 4.5.5   Creating Repository Stored Procedures 4.5.6   Executing the Repository Stored Procedure
4.6   Summary
5   Database Roles
5.1   What Are Roles? 5.2   Creating and Managing Roles
5.2.1   Creating and Deleting Roles with SQL Statements 5.2.2   Creating and Deleting Roles with the SAP HANA Cockpit 5.2.3   Creating and Deleting Roles with the SAP HANA Web-Based Development Workbench
5.3   Granting and Revoking Privileges
5.3.1   Methodologies for Granting Privileges to Roles 5.3.2   Granting and Revoking Privileges with SQL 5.3.3   Granting and Revoking Privileges with the SAP HANA Cockpit 5.3.4   Granting and Revoking Privileges with the SAP HANA Web-Based Development Workbench
5.4   Managing Nested Roles
5.4.1   Granting and Revoking Roles with SQL 5.4.2   Granting and Revoking Roles with the SAP HANA Cockpit 5.4.3   Granting and Revoking Roles with the SAP HANA Web-Based Development Workbench
5.5   Mapping LDAP Groups to Roles
5.5.1   Mapping Roles with SQL 5.5.2   Mapping Roles with the SAP HANA Cockpit
5.6   Summary
6   Repository Roles
6.1   What Are Repository Roles?
6.1.1   User Account _SYS_REPO and Repository Roles 6.1.2   Grantors and Privileges 6.1.3   Grantors and Roles 6.1.4   Why Use Repository Roles?
6.2   Managing Repository Roles with Design-Time Scripts
6.2.1   Creating a Repository Package 6.2.2   Creating Repository Roles within a Package 6.2.3   Defining the Role Name Tag 6.2.4   Extending Roles 6.2.5   Assigning Privileges 6.2.6   Save and Activate 6.2.7   Runtime Repository Roles
6.3   Granting and Revoking Privileges in Design-Time Scripts
6.3.1   System Privileges 6.3.2   Schema Privileges 6.3.3   Object Privileges 6.3.4   Structured Privileges 6.3.5   Remote Source Privileges 6.3.6   Analytic Privileges 6.3.7   Application Privileges 6.3.8   Package Privileges
6.4   Managing Repository Roles with the SAP HANA Web-Based Development Workbench
6.4.1   Accessing and Navigating the SAP HANA Web-Based Development Workbench Editor 6.4.2   System Privileges 6.4.3   Object Privileges 6.4.4   Analytic Privileges 6.4.5   Package Privileges 6.4.6   Application Privileges
6.5   Granting Repository Roles to Users
6.5.1   Granting and Revoking Repository Roles with Stored Procedures 6.5.2   Granting and Revoking Repository Roles with SAP HANA Cockpit 6.5.3   Granting and Revoking Repository Roles with the SAP HANA Web-Based Development Workbench
6.6   Case Study: Creating Basic Repository Roles
6.6.1   Consumer Repository Role 6.6.2   Power User Repository Role 6.6.3   Developer Repository Role 6.6.4   Security Administrator Repository Role
6.7   Summary
7   System Privileges
7.1   What Are System Privileges? 7.2   Default System Privileges
7.2.1   Developer-Related System Privileges 7.2.2   Security Admin-Related System Privileges 7.2.3   System Admin-Related System Privileges 7.2.4   Environment Monitoring-Related System Privileges 7.2.5   Environment Performance-Related System Privileges
7.3   Granting System Privileges
7.3.1   Granting System Privileges with SQL 7.3.2   Granting System Privileges with the SAP HANA Cockpit 7.3.3   Granting System Privileges with the SAP HANA Web-Based Development Workbench 7.3.4   Granting System Privileges with Repository Roles
7.4   Case Study: Security Administrator System Privileges
7.4.1   User Management Role 7.4.2   Role Management Role 7.4.3   Data and Communication Encryption Role 7.4.4   System Auditing Role
7.5   Summary
8   Object Privileges
8.1   What Are Object Privileges?
8.1.1   Catalog Object Privileges 8.1.2   Security Considerations for Catalog Objects
8.2   Granting Object Privileges with SQL
8.2.1   Securing Schemas with SQL 8.2.2   Securing Individual Catalog Objects with SQL
8.3   Granting Object Privileges with the SAP HANA Cockpit 8.4   Granting Object Privileges with the SAP HANA Web-Based Development Workbench 8.5   Granting Object Privileges with Repository Roles
8.5.1   Script-Based Repository Roles 8.5.2   SAP HANA Web-Based Development Workbench GUI
8.6   Case Study: Updating Repository Roles to Access Information Views
8.6.1   Consumer 8.6.2   Power User 8.6.3   Developer
8.7   Summary
9   Package Privileges
9.1   What Is the SAP HANA Development Repository?
9.1.1   Structure of the Development Repository 9.1.2   Creating Packages and Subpackages 9.1.3   Overview of Delivery Units
9.2   What Are Package Privileges? 9.3   Granting Package Privileges
9.3.1   Granting Package Privileges with SQL 9.3.2   Granting Package Privileges with the SAP HANA Cockpit 9.3.3   Granting Package Privileges with the SAP HANA Web-Based Development Workbench 9.3.4   Granting Package Privileges within Repository-Based Roles
9.4   Case Study: Preventing Content Developers from Elevating Their Privileges
9.4.1   Assessing the Current Configuration 9.4.2   Recommendations
9.5   Summary
10   Analytic Privileges
10.1   What Are SAP HANA Information Views?
10.1.1   Attribute Views 10.1.2   Analytic Views 10.1.3   Calculation Views
10.2   What Are Analytic Privileges?
10.2.1   XML-Based Analytic Privileges 10.2.2   SQL-Based Analytic Privileges
10.3   _SYS_BI_CP_ALL: A System-Generated Analytic Privilege 10.4   Managing Static Analytic Privileges
10.4.1   Creating Static XML-Based Analytic Privileges 10.4.2   Creating Static SQL-Based Analytic Privileges
10.5   Managing Dynamic Analytic Privileges
10.5.1   Dynamic XML-Based Analytic Privileges 10.5.2   Dynamic SQL-Based Analytic Privileges
10.6   Managing Dynamic Expression-Based SQL Analytic Privileges 10.7   Troubleshooting Effective Analytic Privileges and Filter Conditions 10.8   Granting Analytic Privileges
10.8.1   Granting Analytic Privileges with SQL 10.8.2   Granting Analytic Privileges with the SAP HANA Cockpit 10.8.3   Granting Analytic Privileges with the SAP HANA Web-Based Development Workbench 10.8.4   Granting Analytic Privileges with Repository Roles
10.9   Summary
11   Application Privileges
11.1   What Are Application Privileges? 11.2   Creating Application Privileges 11.3   Granting Application Privileges
11.3.1   Granting Application Privileges with SQL 11.3.2   Granting Application Privileges with the SAP HANA Cockpit 11.3.3   Granting Application Privileges with the SAP HANA Web-Based Development Workbench Security Manager 11.3.4   Granting Application Privileges within Repository Roles
11.4   Privileges on Users
11.4.1   Granting Privileges on Users with the SAP HANA Cockpit 11.4.2   Granting Privileges on Users with SQL
11.5   Summary
12   Authentication
12.1   SAP HANA Internal Authentication Mechanism
12.1.1   Protecting SAP HANA Passwords with Encryption 12.1.2   Configuring the Internal Authentication Password Policy 12.1.3   Managing Password Policy Settings with SQL 12.1.4   Managing Password Policy Settings in GUIs
12.2   SAP HANA and LDAP Authentication 12.3   Supported Third-Party Authentication Providers
12.3.1   Kerberos Authentication 12.3.2   SAML Authentication 12.3.3   X.509 Authentication 12.3.4   SAP Logon Tickets 12.3.5   SAP Assertion Tickets 12.3.6   JWT Identity Providers
12.4   Case Study: Adding SAML Identity User Accounts 12.5   Summary
13   Certificate Management and Encryption
13.1   SSL Certificates
13.1.1   In-Database Certificate Management 13.1.2   External SAP HANA PSE File and Certificate Management
13.2   Client Encryption Settings
13.2.1   SAP HANA Studio 13.2.2   XS Engine Web-Based Applications 13.2.3   JDBC and ODBC Drivers 13.2.4   SAP HANA Cockpit
13.3   Encrypting Data
13.3.1   Server-Side Data Encryption 13.3.2   Managing Root Keys within the SSFS 13.3.3   Encrypting the Data Volume 13.3.4   Encrypting the Log Volume 13.3.5   Encryption the Backup Media
13.4   Summary
14   Security Lifecycle Management
14.1   Maintaining a Consistent Security Model
14.1.1   Best Practices 14.1.2   Testing Security Model Changes 14.1.3   Keeping Repository Roles in Sync
14.2   Creating Delivery Units for Security-Related Packages
14.2.1   Creating a Delivery Unit with SAP HANA Studio 14.2.2   Creating a Delivery Unit with SAP HANA Application Lifecycle Management 14.2.3   Importing and Exporting Delivery Units with SAP HANA Application Lifecycle Management
14.3   Transporting Security Packages to Other SAP HANA Systems
14.3.1   Transporting a Delivery Unit with SAP HANA Application Lifecycle Management 14.3.2   Exporting a Delivery Unit to a File 14.3.3   Importing a Delivery Unit from a File
14.4   Additional Options in SAP HANA Application Lifecycle Management
14.4.1   Change Recording 14.4.2   Using the Change and Transport System
14.5   Summary
15   Auditing
15.1   Why Do You Need Auditing? 15.2   Configuring Auditing
15.2.1   Enable Auditing with the SAP HANA Cockpit 15.2.2   Audit Log Targets and Options in the SAP HANA Cockpit 15.2.3   Viewing Audit Logs in the SAP HANA Cockpit 15.2.4   Enabling Auditing with the SAP HANA Web-Based Development Workbench 15.2.5   Enabling Auditing with SQL
15.3   Creating Audit Policies
15.3.1   Components of the Audit Policy 15.3.2   Managing Policies with the SAP HANA Web-Based Development Workbench 15.3.3   Managing Audit Policies with SQL 15.3.4   Creating Policies with the SAP HANA Cockpit
15.4   Querying Audit Data 15.5   Case Study: Defining Audit Policies
15.5.1   Proactive Event Monitoring 15.5.2   Audit Reporting 15.5.3   Authentication Auditing 15.5.4   Unauthorized Action Auditing 15.5.5   System Change Auditing 15.5.6   Security Management Task Auditing 15.5.7   Super User Event Auditing
15.6   Summary
16   Security Tracing and Troubleshooting
16.1   Authorization Tracing
16.1.1   Enabling Tracing with the SAP HANA Cockpit 16.1.2   Enabling Tracing with SQL 16.1.3   Viewing the Trace File in the SAP HANA Cockpit
16.2   Querying the System to Review Effective Privileges
16.2.1   Granted Privileges 16.2.2   Granted Roles 16.2.3   Accessible Views 16.2.4   Effective Privilege Grantees 16.2.5   Effective Structured Privileges 16.2.6   Effective Privileges 16.2.7   Effective Role Grantees 16.2.8   Effective Roles
16.3   Case Study: Identifying Deficiencies in Information View Access
16.3.1   Troubleshooting the Problem 16.3.2   Reviewing the Results 16.3.3   Reviewing the Solution
16.4   Summary
17   Security Recommendations
17.1   Password Authentication Settings
17.1.1   Standard User Password Policies 17.1.2   Service Accounts
17.2   Encryption Settings 17.3   Identifying Users with Elevated Privileges
17.3.1   System Privileges 17.3.2   Root Package Privileges 17.3.3   Bypass Analytic Privileges 17.3.4   Default Standard Roles 17.3.5   WITH GRANT or WITH ADMIN 17.3.6   Trace, Dump File, and Debug Access
17.4   Disabling the SYSTEM Account 17.5   Identifying Privilege Escalation Vulnerabilities 17.6   Handover from Hardware Vendors 17.7   Creating Audit Policies 17.8   Summary
18   SAP HANA XSA Security
18.1   Overview of SAP HANA XSA 18.2   Managing Space Access, Users, and Roles Collections in SAP HANA XSA
18.2.1   Accessing Applications 18.2.2   Managing SAP HANA XSA Users 18.2.3   Managing SAP HANA XSA Role Collections 18.2.4   Managing Organization and Space Access
18.3   Working with SAP Web IDE for SAP HANA
18.3.1   SAP Web IDE for SAP HANA Overview 18.3.2   SAP HANA Database Explorer in SAP Web IDE for SAP HANA
18.4   HDI Containers and Security
18.4.1   Security Architecture of the HDI Container 18.4.2   HDI Container Roles 18.4.3   Granting the HDI Container Access to External Objects
18.5   Summary
The Author Index Service Pages Legal Notes
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion