Depending on
business needs and configuration of HANA system, there are different user
activities that can be performed using user administration tool like HANA
studio.
Most common
activities include −
·
Create Users
·
Grant roles to users
·
Define and Create Roles
·
Deleting Users
·
Resetting user passwords
·
Reactivating users after too
many failed logon attempts
·
Deactivating users when it is required
Create
Users in HANA Studio
Database users can be created with either using the SAP HANA Studio
/cockpit, or the CREATE USER or CREATE RESTRICTED USER statement
Standard Users
Standard users correspond to users created with the
CREATE USER statement. By default they can create objects in their own schema
and read data in system views. Read access to system views is granted by the
PUBLIC role, which is granted to every standard user.
Restricted Users
Restricted users are intended for provisioning users who access SAP
HANA through client applications and who are not intended to have full SQL
access via an SQL console. If the privileges required to use the application
are encapsulated within an application-specific role, then it is necessary to
grant the user only this role. In this way, it can be ensured that users have
only those privileges that are essential to their work.
When
you expand security tab, it gives option of User and Roles. To create a new
user right click on User and go to New User. New window will open where you
define User and User parameters
Enter User
name and in Authentication
field enter password. Password is applied, while saving password for
a new user. You can also choose to create a restricted user.
Different
Authorization methods can be configured like SAML, X509 certificates, SAP Logon
ticket, etc. Users in the database can be authenticated by varying mechanisms Internal
authentication mechanism using a password.
External
mechanisms such as Kerberos, SAML, SAP Logon Ticket, SAP Assertion Ticket or
X.509
Some users that
are, by default, delivered with the SAP HANA database are − SYS, SYSTEM,
_SYS_REPO,
_SYS_STATISTICS
Once
this is done, the next step is to define privileges for user profile. There are
different types of privileges that can be added to a user profile
Configure
“Session client”
Create SAP HANA information models (attribute views, analytic views,
and calculation views), it is possible to filter the data according to the
client specified in table fields such as MANDT or CLIENT. You can specify the
client relevant for the user here
Granted
Roles to a User
SAP.HANA
roles to user profile or to add custom roles created under Roles tab. Custom
roles allow you to define roles as per access requirement and you can add these
roles directly to user profile. This removes need to remember and add objects
to a user profile every time for different access types
There
are different types of privileges that can be added to a user profile. To add a
system privileges to a user profile, click on + sign
System
privileges are used for Backup/Restore, User Administration, Instance start and
stop, etc
Several
privilege types are used in SAP HANA (system, object, analytic, package, and
application).
No comments:
Post a Comment