Security / Authorization
Do I need to upgrade from BW 3.x Authorizations to BW 7.x Authorizations prior to a BW on HANA migration?
Yes, with BW 7.3 the BW 7.x Analysis Authorizations are mandatory. This is independent of a BW to HANA migration.
Do all existing users get migrated to BW on HANA during the DB migration, with the correct authorizations?
Absolutely – The BW to BW on HANA migration is a full database migration.
Will the user administration in BW on HANA change? How does this impact our security team? Do they need to be involved in this HANA research work?
All BW users / roles are defined through the BW application layer. The only change is for users of the HANA Studio and HANA data modeling.
Are authorization of HANA data models in a BW on HANA system comparable to the BW security model?
Currently the HANA privileges applicable to HANA data models are less detailed than BW authorizations. If more complex security is required, the recommendation is to consume the HANA data models via BW Transient or Virtual InfoProviders.
Please see the link to the HANA security guide for more details.
Some information can also be found in the HANA Admin Guide.
There is also a white paper about native HANA security configuration.
What is the impact for Single Sign On for SAP BusinessObjects connecting to SAP BW on HANA? Are any changes to the existing configuration required?
All this happens through the BW application layer which remains untouched – It works exactly the same as before.
If consumption of BW data is implemented directly against the HANA database layer e.g. for exploration or discovery tools like Explorer or Lumira, can BW authorizations be applied to that consumption model as well?
Please have a look to the corresponding FAQ page that describes Explorer integration with BW on HANA.
There is also a HowTo guide that describes how to create Dynamic Analytic Privileges in SAP HANA based on Analysis Authorizations in SAP BW.