Skip to Content

Security / Authorizations


SAP Product and Cloud Security Strategy

Will all existing SAP Business Suite users get migrated after a HANA DB migration with the correct authorizations?

Absolutely – The ERP database to HANA migration is a full database migration

Will the user administration in ERP on HANA change, how does this impact our security team? Does the Basis Team need to be involved in this HANA research work?

All ERP users / roles are defined through the ERP Application layer. The only change is for the users of the HANA data modeling studio in the HANA datamart, and that also applies to SAP HANA Live.

Yes, it is recommended to train the Basis team in SAP HANA, there are specific technical training classes available.

How does SAP HANA database level security work?

provides all up-to-date links for all SAP HANA-specific security informationSAP HANA Security: An Overview

How does SAP ensure GRC-level Security across the overall architecture: Mobile, Cloud, On-Premise, Hybrid?

Please see the SAP CIO Guide for Security for a comprehensive overview:

Is the authorization for SAP HANA Live rather comparable to the ERP on HANA security model, or to the HANA data mart security model?

The  user privileges in the SAP HANA security model are currently less granular than the authorizations in the application layers for BW on HANA and for SAP Business Suite on HANA.
For SAP HANA Live the HANA based Analytics authorizations (Access from reporting tools to SAP HANA ) are utilized. Each HANA based Analytics user becomes a database user and the authorization check within SAP HANA privileges.

detailed slide deck HANA security

Does SAP provide a tool to migrate SAP Suite application users' privileges to SAP HANA Live authorizations?

The SAP HANA Live Authorization Assistant provides an authorization tool that generates analytic privileges and corresponding roles of the selected ABAP user. The assistant is available as an Eclipes Plug-In for the SAP HANA studio.

The assistant reduces manual effort via a Semi-Automated Generation, where the users’ ABAP authorizations are transformed to SAP HANA analytic privileges.

SAP Note 1796718

Can the  AAA component for HANA Live Authorization can be customized?

We like to use the SAP BusinessObjects tools on top of Suite in HANA and SAP HANA Live in particular, how does the integration work?

Please see this CSA webinar recording about the SAP HANA Security and Integration with the SAP BusinessObjects BI Platform for more details:

Are the in SAP HANA Studio generated security privileges accessible for third-party solutions on top of SAP HANA?

Yes, all SAP HANA-certified BI solutions can access the SAP HANA privileges.

Where can I find more details on the specific SAP HANA security capabilities?

Please see the link to the HANA security guide for more details:

SAP HANA database authorization mechanisms use the following privileges:

●System privileges
Perform system-level operations or administrative tasks

●Object privileges
Perform specified actions on specified database objects

●Analytic privileges
Allow selective access control for database views generated when modeled are activated

●Package Privileges
Allow operations on packages, for example, creation and maintenance. Privileges can differ for native and imported packages.

Database Replication Security Guides

These guides describe how to enable security for the data replication technologies related to the SAP HANA appliance software.

SAP HANA Security Guide - Trigger-Based Replication (SLT)

SAP BusinessObjects Data Services Administrator's Guide. Please see the chapters "Security" and "User and Rights Management: