on 06-12-2015 9:17 PM
Hi,
Until now I have done quite a bit of authorization stuff in SAP ERP and BW, i.e. in the ABAP world. Recently, I have been introduced to SAP HANA and somehow somebody thought I should do authorization here as well. When I first read about catalog roles, I was genuinely shocked. How on earth could someone create something like that! Later, I discovered that repository roles exist which are much better.
But, I still haven't been able to find all the tools and reports that I used for authorizations, roles and users in SAP ERP and BW.
So here are my questions:
I realize that a competent SQL programmer can code a solution to these tasks. But I hope that there are some readymade tools which will make my life easier.
I'm looking forward to your replies,
Martin
I'm not too much involved in the security area, but perhaps the following remarks are useful for you (although e.g. my reply to 1. is not more than the "competent programmer" solution you already mentioned as an option):
Ad 1. You can use SQL: "HANA_Security_GrantedRolesAndPrivileges" (SAP Note 1969700) with a properly configured "Modification section" to check for privilege and role assignments.
Ad 3. The database trace (SAP Note 2119087) can be activated for certain authorization related traces (e.g. authentication or xsauthentication). Also an "authorization" trace is available there. The trace information will be part of the normal service trace files.
You may also have a look at SAP Note 2159014 which is supposed to be an entry point in the world of SAP HANA security.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Martin,
Thanks for your answer. It seems that the authorization cockpit that I was looking for doesn't exist in SAP HANA. All the notes you have listed refer to tables, views and SQL code.
Do you happen to know what priority SAP has given to developing these tools? Anything to look forward to in SPS10?
Regards,
Martin
Hi Martin,
the HANA Administration Guide also mentions some system views for checking user authorizations (System Views for Verifying Users' Authorization - SAP HANA Administration Guide - SAP Library) and the Authorization Dependency Viewer (http://help.sap.com/saphelp_hanaplatform/helpdata/en/e8/fc62ef07cb46988504692a65de85bd/content.htm?f...).
An authorization trace concept is on our roadmap but will not be available with SPS10.
Best wishes,
Martin.
Hi Martin K,
is there any news regarding an authorization trace in SPS11? Or SPS12?
I have tried the trace configuration according to 2151612 - How to activate and deactivate the authorization database trace for indexserver in a Hana...
And it has worked a few times. But recently, when I tried to delete a repository role, all I could find in the trace file, were the set and the unset commands, not my role deletion attempt.
Regards,
Martin C
Hello,
You could try this?
http://scn.sap.com/community/hana-in-memory/blog/2015/07/07/authorization-dependency-viewer
KR
Michael
Hi,
Please use the below document from Richard Bremer for reference and create the roles to customize the user access
The document is very detail and precise to all kinds of roles that are required for an organization
Hope ths helps
Sunil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.