Synchronization mechanisms between SAP BW and SAP HANA authorizations

Similar documents
SAP HANA Operation Expert Summit BUILD User Management & Security Overview Andrea Kristen/SAP HANA Product Management May 2014.

Vendor: SAP. Exam Code: C_HANAIMP_1. Exam Name: SAP Certified Application Associate - SAP HANA 1.0. Version: Demo

SAP HANA Authorization (HA2)

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

SAP- HANA ADMIN. SAP HANA Landscape SAP HANA components, editions scenarios and guides

VCETorrent. Reliable exam torrent & valid VCE PDF materials & dumps torrent files

SAP C_HANATEC_12 Exam

Vendor: SAP. Exam Code: C_HANAIMP151. Exam Name: SAP Certified Application Associate - SAP HANA (Edition 2015) Version: Demo

Vendor: SAP. Exam Code: C_HANATEC131. Exam Name: SAP Certified Technology Associate (Edition 2013) -SAP HANA. Version: Demo

C_HANAIMP142

/ / SAP BODS TRAINING

SAP HANA database is. What is SAP HANA Appliance?

HA240 SAP HANA 2.0 SPS02

SAP HANA Leading Marketplace for IT and Certification Courses

Testkings.C_GRCAC_10.91 questions

MIS 5121:Business Processes, ERP Systems & Controls Week 13: Special System Access. Edward Beaver ff

SAP HANA Extended Application Services Native Development: Lockheed Martin

SAP Assurance and Compliance Software Release 1.2 SP04

SAP HANA ADMINISTRATION

HA240 Authorization, Security and Scenarios

How to Deploy Enterprise Analytics Applications With SAP BW and SAP HANA

TIMP Tax Intelligence and Management Platform V1.0. Installation Guide

This download file shows detailed view for all updates from BW 7.5 SP00 to SP05 released from SAP help portal.

Trigger-Based Data Replication Using SAP Landscape Transformation Replication Server

Access Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions

SAP TechEd. Open Sesame: How Lockheed Paved the Way to Enterprise Procurement Analytics. Pit C. Tan Session DMM218

MIS 5121:Business Processes, ERP Systems & Controls Week 12: Table Security. Edward Beaver ff

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

Access Control. Protects against accidental and malicious threats by

Oracle Warehouse Builder 10g Release 2 Integrating Packaged Applications Data

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

Armor Training offers a 10 days SAP HANA course. The SAP HANA enables you to implement the main processes of HANA.

Session 41660: Using Hyperion Data Integration Management with Hyperion Planning and Hyperion Essbase

Importing BW Objects

Maintaining Configuration Settings in Access Control

SAP Landscape Transformation for SAP HANA (HA1)

Acten (Action Entity) Model

SAP HANA ONLINE TRAINING. Modelling. Abstract This Course deals with SAP HANA Introduction, Advanced Modelling, and Data provision with SAP HANA

Power BI on SAP HANA. by Gerhard Brueckl and Markus Begerow

How To Grant Access To All Tables In A Schema Db2

Preface 7. 1 Data warehousing and database technologies 9

Optimizing and Modeling SAP Business Analytics for SAP HANA. Iver van de Zand, Business Analytics

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

Advanced Solutions of Microsoft SharePoint 2013

CSE 565 Computer Security Fall 2018

Microsoft SQL Installation and Setup

Empowering DBA's with IBM Data Studio. Deb Jenson, Data Studio Product Manager,

Real Application Security Administration

Azure SQL Database. Indika Dalugama. Data platform solution architect Microsoft datalake.lk

SAP BW on HANA Architecture

How-to Guide for Exercise Familiarize Yourself with SAP Fiori UX (Week 1, Unit 6, Part 2)

POWL: Infoset Generation with Web Dynpro ABAP

Advanced Solutions of Microsoft SharePoint Server 2013

Oktober 2018 Dell Tech. Forum München

SAP HANA Inspirience Day

COURSE LISTING. Courses Listed. with HANA Programming. 13 February 2018 (04:51 GMT) HA100 - SAP HANA

Changing the Source System Assignments in SAP BW Objects without Affecting the Data Modeling

Extending the Reach of LSA++ Using New SAP BW 7.40 Artifacts Pravin Gupta, TekLink International Inc. Bhanu Gupta, Molex SESSION CODE: BI2241

1. You want to update a productive SAP HANA system to the next support package stack (SPS).

Other terms Homogenous system copy, BW, migration, sp_attach_db, sp_detach_db

Db2 Analytics Accelerator V5.1 What s new in PTF 5

Simplifying your upgrade and consolidation to BW/4HANA. Pravin Gupta (Teklink International Inc.) Bhanu Gupta (Molex LLC)

Oracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites

Software and Delivery Requirements

BW350H. SAP BW Powered by SAP HANA - Data Acquisition COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

MIS 5121: Business Process, ERP Systems & Controls Week 9: Security: User Management, Segregation of Duties (SOD)

SAP HANA SPS 08 - What s New? SAP HANA Modeling (Delta from SPS 07 to SPS 08) SAP HANA Product Management May, 2014

Acknowledgments Introduction to Database Systems p. 1 Objectives p. 1 Functions of a Database p. 1 Database Management System p.

Azure SQL Database Training. Complete Practical & Real-time Trainings. A Unit of SequelGate Innovative Technologies Pvt. Ltd.

Manufacturing Process Intelligence DELMIA Apriso 2017 Installation Guide

SAP HANA SAP HANA Introduction Description:

COURSE LISTING. Courses Listed. with SAP HANA. 15 February 2018 (05:18 GMT) HA100 - SAP HANA. HA250 - Migration to SAP HANA using DMO

CA RC/Secure for DB2 for z/os

BW C SILWOOD TECHNOLOGY LTD. Safyr Metadata Discovery Software. Safyr User Guide

SILWOOD TECHNOLOGY LTD. Safyr Metadata Discovery Software. Safyr Getting Started Guide

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

Policy Manager for IBM WebSphere DataPower 8.0: Installation Guide

SAP Landscape Transformation Replication Server

SAP Certified Technology Associate - System Administration (SAP HANA) with SAP NetWeaver 7.5

SAP EDUCATION SAMPLE QUESTIONS: C_HANAIMP142. Questions

Focus mainly on the technical part of things Foundation to manage Azure resources

SDN Community Contribution

SAP BO/BI Course Content

E_HANAAW_12. SAP ABAP for HANA Certification Questions & Answers. E_HANAAW_12

Microsoft Architecting Microsoft Azure Solutions.

DB2 Security Overview

SAP NETWEAVER - TRANSPORT MANAGEMENT

Survey - Governance, Risk and Compliance

Integration Guide. Document Version:

Chapter 10 Advanced topics in relational databases

DecisionCAMP 2016: Solving the last mile in model based development

BW362. SAP BW Powered by SAP HANA COURSE OUTLINE. Course Version: 11 Course Duration: 5 Day(s)

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Informatica Cloud Data Integration Winter 2017 December. What's New

S/4HANA Embedded Analytics and SAP Digital Boardroom

Oracle Database Vault

SDN Community Contribution

Supplemental Material

How-To Guide SAP NetWeaver Document Version: How To... Configure CM Services in SAP NetWeaver 7.3 and up

MIS 5121:Business Processes, ERP Systems & Controls Week 11: Change Management: SAP Landscape Instance and Clients

Transcription:

Synchronization mechanisms between SAP BW and SAP HANA authorizations April 25 th, 2017 Christophe Decamps

What we will cover Introduction SAP Security and HANA Authorizations Scenarios SAP HANA Security: authorizations SAP HANA Security Administration SAP HANA Authorizations Replication Tools for BW SAP HANA Custom Replication Tool for BW 2

Introduction SAP Authorizations : Roles (What? Where?) DATA PROCESSES

What we will cover Introduction SAP Security and HANA Authorizations Scenarios SAP HANA Security: authorizations SAP HANA Security Administration SAP HANA Authorizations Replication Tools for BW SAP HANA Custom Replication Tool for BW 4

SAP Security and HANA Client Client HANA Studio Client Application Application server Application Authentication Authorization Identity Store Encryption Audit Logging Authentication Identity Store XS Engine Encryption Application Server Authorization Audit Logging SAP HANA DB Traditional HANA

What we will cover Introduction SAP Security and HANA Authorizations Scenarios SAP HANA Security: authorizations SAP HANA Security Administration SAP HANA Authorizations Replication Tools for BW SAP HANA Custom Replication Tool for BW 6

Authorizations scenarios Client Client Client Client Application Server (e.g. ECC or BW) Application Server (e.g. ECC or BW) SAP HANA Source replication SAP HANA SAP HANA Traditional DB migration to HANA No changes to security model Data mart (3-tier or 2-tier) Reporting ERP or BW data in HANA Direct user access to HANA Modified security model Native 2-tier application HANA act as DB & Application Server Direct user access to HANA Integrated security model

What we will cover Introduction SAP Security and HANA Authorizations Scenarios SAP HANA Security: authorizations SAP HANA Security Administration SAP HANA Authorizations Replication Tools for BW SAP HANA Custom Replication Tool for BW 8

Authorizations approach ECC - Tcodes - Auth. objects SR CR BW - InfoProv. - BW Analysis Authorizations SR CR HANA - Privileges Roles consistency

Authorizations: roles HANA roles Role hierarchy is possible Roles in roles in roles in roles. is possible! 2 layer model does not exists in HANA (no Composite Roles & Single Roles) Create a design like the 2 layer model to keep it clear Function: Role: edit & activate model Tasks: Role: Edit model Role: Activate model Package priv.: create / edit models Object priv.: Select / update Package priv.: activate Object priv.: Write runtime object

SAP HANA Privileges Client SAP HANA Application Application privilege XS Engine Package privilege package tables / views Object privilege row level access Analytic privilege System privilege

Entities relations owns Object Role granted to Privilege Role Role Attention Action grant is also considered as an object! grant is owned by his creator Best practice : Role Privilege

Repository vs Catalog concept Object definition (e.g. table def.) Object (e.g. table) +/- DB definition Design time Packages & subpackages Package privilege Rep. object type: data models (views) analytical privileges repository roles +/- DB content Run-time Not transportable Creator = user Creator deleted -> all linked objects deleted Transportable (DEV, QA, PRD) Owner = technical user _SYS_REPO When activated, owner of run-time object = _SYS_REPO

Authorizations entities: roles REPOSITORY (design time) ROLES CATALOG (runtime) ROLES Owner: _SYS_REPO Use with grant option for _SYS_REPO Grantor can grant/revoke all roles if he can execute the Grant Activated Role stored procedure No need to have privilege to grant it to the role but _SYS_REPO does!! SOD possible btw creation, ownership & granting Transportable (DEV, QA, PRD) Owner = creator. Delete Owner = delete role Only grantor can revoke role If grantor is deleted -> privileges are revoked Need to have privilege to grant it to the role Privileges are transitive (removed from grantor -> removed from role) Not transportable Best practice Not recommended

Repository Role assignment Design time Run-time Repository Role activate Repository Role own owner = _SYS_REPO _SYS_REPO stored procedure

What we will cover Introduction SAP Security and HANA Authorizations Scenarios SAP HANA Security: authorizations SAP HANA Security Administration SAP HANA Authorizations Replication Tools for BW SAP HANA Custom Replication Tool for BW 16

SAP HANA Security Administration SAP HANA Studio or XS Web Interface SAP HANA studio Client Admin Application Admin XS Engine SAP HANA

What we will cover Introduction SAP Security and HANA Authorizations Scenarios SAP HANA Security: authorizations SAP HANA Security Administration SAP HANA Authorizations Replication Tools for BW SAP HANA Custom Replication Tool for BW 18

SAP HANA replication tools When is it needed? Direct connection to SAP HANA For BW authorizations: SAP HANA Model Generation part of BW replicate ABAP authorizations (BW Analysis Authorizations) in HANA Analytic Privileges Client Application Server (e.g. ECC or BW) Client For ECC authorizations: SAP HANA Live Analytics Authorization Assistant SAP HANA Studio add-on Replicate ABAP PFCG authorizations in HANA Analytic Privileges Source replication SAP HANA

SAP HANA Model Generation Prerequisite The BW user has to have a DBMS user (SU01) or a user with the same name has to exist on HANA side: With the Transaction DBCO create a connection with the SAP<SID> to the underlying HANA database and assign this connection in the User DBMS System View (SM30 on Table USR_DBMS_SYSTEM). After this, you can assign the user in the Transaction SU01 in the DMBS-Tab. BW users can also be synchronized in mass using program RSUSR_DBMS_USERS.

SAP HANA Model Generation Prerequisite Single user maintenance via DBMS tab:

SAP HANA Model Generation Prerequisite Result in HANA:

SAP HANA Model Generation Prerequisite Mass maintenance via RSUSR_DBMS_USERS:

SAP HANA Model Generation Prerequisite Result in HANA:

SAP HANA Model Generation Set the Content Package, Assignment Type and HANA User Mapping In RS2HAN_VIEW Default Content Package = system-local.bw.bw2hana Assignment Type = - D for Direct Assignment to a User (default) HANA User [Analytic Privileges] - R for Roles HANA User [Granted Roles] HANA User Mapping = - D for DBMS-User in SU01 (default) - C for mapping to the user with the same name

SAP HANA Model Generation Some general Object Privileges and Package Privileges are required To be able to access SAP HANA views that have been generated from the BW system, you need the following authorizations: Object privilege: SELECT on _SYS_BI Object privilege: EXECUTE on REPOSITORY_REST(SYS) Package privilege: REPO.READ on the Content Package where generated SAP HANA views are stored.

SAP HANA Model Generation Check prerequisites Transaction RS2HANA_CHECK allows you to check all prerequisites for successful replication of BW authorizations to SAP HANA.

SAP HANA Model Generation Authorizations generation Analytic privileges are created during BW object activation after the view has been deployed, or by running the program RS2HANA_AUTH_RUN. The view itself is always created with a certain privilege type, either XML based privileges or SQL based privileges. The required Analytic Privileges themselves are created from the existing BW Analysis Authorizations, and assigned to a role which is automatically created and attached to the DB user. Should no BW Analysis Authorization exist, no Analytic Privileges are created and it is not possible to query the HANA view since Analytic Privileges are always required for access.

SAP HANA Model Generation Results

What we will cover Introduction SAP Security and HANA Authorizations Scenarios SAP HANA Security: authorizations SAP HANA Security Administration SAP HANA Authorizations Replication Tools for BW SAP HANA Custom Replication Tool for BW 30

SAP HANA Custom Replication Tool Problem The standard replication tools does not work in the following scenario: ECC on HANA BW on regular DB Direct reporting with on HANA DB with same access as in BW required Client Client Client ECC replication BW SAP HANA Regular DB

SAP HANA Custom Replication Tool Solution: create a custom program to: Replicate BW data to ECC tables Creation/update in HANA User creation Analytic Privileges creation Analytic & Object Privileges assignment to users

SAP HANA Custom Replication Tool Solution: create a custom program The tool is accessible from ECC

Thanks for listening! Any questions? Christophe Decamps Senior Consultant Governance, Risk & Compliance +32 473 720 125 christophe.decamps@expertum.net www.expertum.net Inspire by Experience.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback