sap hana 2.0 sps04 - authorizations, scenarios & security
TRANSCRIPT
HA240SAP HANA 2.0 SPS04 - Authorizations, Scenarios & Security Requirements
..
COURSE OUTLINE.
Course Version: 16Course Duration:
SAP Copyrights, Trademarks and Disclaimers
© 2019 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
This course may have been machine translated and may contain grammatical errors or inaccuracies.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
© Copyright. All rights reserved. iii
Typographic Conventions
American English is the standard used in this handbook.
The following typographic conventions are also used.
This information is displayed in the instructor’s presentation
Demonstration
Procedure
Warning or Caution
Hint
Related or Additional Information
Facilitated Discussion
User interface control Example text
Window title Example text
iv © Copyright. All rights reserved.
Contents
ix Course Overview
1 Unit 1: Introducing SAP HANA Security
1 Lesson: Introducing SAP HANA1 Lesson: Describing SAP HANA implementation scenarios1 Lesson: Outlining security functions
3 Unit 2: Using SAP HANA administration tools
3 Lesson: Using security administration tools
5 Unit 3: Securing SAP HANA network and communications
5 Lesson: Describing communication channels5 Lesson: Securing Data Communications
7 Unit 4: Managing certificates
7 Lesson: Managing certificates
9 Unit 5: Securing data storage
9 Lesson: Describing Data-at-Rest Encryption
11 Unit 6: Managing users
11 Lesson: Comparing User Types11 Lesson: Describing User Administration Tools11 Lesson: Managing User Groups
13 Unit 7: Managing authentication
13 Lesson: Managing Authentication
15 Unit 8: Developing applications in XS Advanced
15 Lesson: Explain the reason why the security administrator develops applications
15 Lesson: Introducing the Application Architecture15 Lesson: Describing the Application Development Tools15 Lesson: Introducing the Multi-Target Application15 Lesson: Describing the MTA Development Descriptor File mta.yaml
© Copyright. All rights reserved. v
17 Unit 9: Creating the persistence data model using Core Data Services
17 Lesson: Introducing the SAP HANA Database Module17 Lesson: Introducing Core Data Services17 Lesson: Using the CDS Entity17 Lesson: Using the CDS Context, Association, and View
19 Unit 10: Implementing authorizations in the SAP HANA Database
19 Lesson: Describing object ownership rules19 Lesson: Introducing Authorizations in the SAP HANA Database19 Lesson: Introducing database roles management19 Lesson: Creating HDI roles for system privileges19 Lesson: Creating HDI roles to access objects in a remote schema19 Lesson: Using Data Masking20 Lesson: Describing Anonymization20 Lesson: Using LDAP Group Authorization20 Lesson: Describing Cross-Database Authorizations in Tenant
Databases
21 Unit 11: Analyzing users and authorizations
21 Lesson: Tracing authorization errors21 Lesson: Viewing Information about Users and Authorizations
23 Unit 12: Using Audit Logging
23 Lesson: Using Audit Logging
25 Unit 13: Defining the application security in XS Advanced
25 Lesson: Creating a Basic HTML5 Module25 Lesson: Introducing Application Security in XS Advanced25 Lesson: Creating a User with authorization for development in the
SAP Web IDE for SAP HANA25 Lesson: Creating the Security Concept Within an HTML5 Module
27 Unit 14: Integration with SAP BusinessObjects BI (optional)
27 Lesson: Understanding Authentication Options and User Management Implicationsfor the Integration of SAP BusinessObjects BI 4.X and SAP HANA (optional)
29 Unit 15: SAP HANA with ERP or S/4HANA and the Analytics Authorization Assistant (optional)
29 Lesson: Describing SAP HANA with ERP or SAP S/4HANA and the Analytics Authorization Assistant (optional)
vi © Copyright. All rights reserved.
31 Unit 16: Integration with SAP GRC (optional)
31 Lesson: Outlining SAP GRC Integration for Governance, Risk and Compliance
33 Unit 17: Integration with SAP Identity Management (optional)
33 Lesson: Understanding SAP Identity Management Integration
© Copyright. All rights reserved. vii
viii © Copyright. All rights reserved.
Course Overview
TARGET AUDIENCEThis course is intended for the following audiences:
● Database Administrator
● System Administrator
© Copyright. All rights reserved. ix
x © Copyright. All rights reserved.
UNIT 1 Introducing SAP HANA Security
Lesson 1: Introducing SAP HANALesson ObjectivesAfter completing this lesson, you will be able to:
● Describe basic features of SAP HANA
Lesson 2: Describing SAP HANA implementation scenariosLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe SAP HANA implementation scenarios
Lesson 3: Outlining security functionsLesson ObjectivesAfter completing this lesson, you will be able to:
● Outline the security functions in SAP HANA
© Copyright. All rights reserved. 1
Unit 1: Introducing SAP HANA Security
2 © Copyright. All rights reserved.
UNIT 2 Using SAP HANA administration tools
Lesson 1: Using security administration toolsLesson ObjectivesAfter completing this lesson, you will be able to:
● Use security administration tools
© Copyright. All rights reserved. 3
Unit 2: Using SAP HANA administration tools
4 © Copyright. All rights reserved.
UNIT 3 Securing SAP HANA network and communications
Lesson 1: Describing communication channelsLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe SAP HANA communication channels
Lesson 2: Securing Data CommunicationsLesson ObjectivesAfter completing this lesson, you will be able to:
● Recognize the options to secure data communications in SAP HANA
© Copyright. All rights reserved. 5
Unit 3: Securing SAP HANA network and communications
6 © Copyright. All rights reserved.
UNIT 4 Managing certificates
Lesson 1: Managing certificatesLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe in-database certificate management process and tools
© Copyright. All rights reserved. 7
Unit 4: Managing certificates
8 © Copyright. All rights reserved.
UNIT 5 Securing data storage
Lesson 1: Describing Data-at-Rest EncryptionLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe use of data-at-rest encryption in SAP HANA
© Copyright. All rights reserved. 9
Unit 5: Securing data storage
10 © Copyright. All rights reserved.
UNIT 6 Managing users
Lesson 1: Comparing User TypesLesson ObjectivesAfter completing this lesson, you will be able to:
● Compare the different user types in SAP HANA
Lesson 2: Describing User Administration ToolsLesson ObjectivesAfter completing this lesson, you will be able to:
● Understand which tools are available for user management tasks
Lesson 3: Managing User GroupsLesson ObjectivesAfter completing this lesson, you will be able to:
● Manage user groups
© Copyright. All rights reserved. 11
Unit 6: Managing users
12 © Copyright. All rights reserved.
UNIT 7 Managing authentication
Lesson 1: Managing AuthenticationLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the different authentication mechanisms availablein SAP HANA
© Copyright. All rights reserved. 13
Unit 7: Managing authentication
14 © Copyright. All rights reserved.
UNIT 8 Developing applications in XS Advanced
Lesson 1: Explain the reason why the security administrator develops applicationsLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the reason why the security administrator develops applications
Lesson 2: Introducing the Application ArchitectureLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the basic concepts of application architecture in SAP HANA
Lesson 3: Describing the Application Development ToolsLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the tools used by the application developer in SAP HANA
Lesson 4: Introducing the Multi-Target ApplicationLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the basic concepts about the MTA development project
Lesson 5: Describing the MTA Development Descriptor File mta.yamlLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the information contained in the MTA Development Descriptor mta.yaml file
© Copyright. All rights reserved. 15
Unit 8: Developing applications in XS Advanced
16 © Copyright. All rights reserved.
UNIT 9 Creating the persistence data model using Core Data Services
Lesson 1: Introducing the SAP HANA Database ModuleLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the main features of the SAP HANA Database module
Lesson 2: Introducing Core Data ServicesLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain the basic concepts of Core Data Services
Lesson 3: Using the CDS EntityLesson ObjectivesAfter completing this lesson, you will be able to:
● Create a Core Data Services Entity, converted at runtime into a database table
Lesson 4: Using the CDS Context, Association, and ViewLesson ObjectivesAfter completing this lesson, you will be able to:
● Use context, association, and view in Core Data Services
© Copyright. All rights reserved. 17
Unit 9: Creating the persistence data model using Core Data Services
18 © Copyright. All rights reserved.
UNIT 10 Implementing authorizations in the SAP HANA Database
Lesson 1: Describing object ownership rulesLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe object ownership rules and effects
Lesson 2: Introducing Authorizations in the SAP HANA DatabaseLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the basic authorization concepts of the SAP HANA database
Lesson 3: Introducing database roles managementLesson ObjectivesAfter completing this lesson, you will be able to:
● Define, create, and manage roles
Lesson 4: Creating HDI roles for system privilegesLesson ObjectivesAfter completing this lesson, you will be able to:
● Create HDI Roles for System Privileges
Lesson 5: Creating HDI roles to access objects in a remote schemaLesson ObjectivesAfter completing this lesson, you will be able to:
● Create HDI Roles to access database objects located in a different SAP HANA instance or schema
Lesson 6: Using Data MaskingLesson Objectives
© Copyright. All rights reserved. 19
After completing this lesson, you will be able to:
● Describe how dynamic data masking works in SAP HANA
Lesson 7: Describing AnonymizationLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain what anonymization is
Lesson 8: Using LDAP Group AuthorizationLesson ObjectivesAfter completing this lesson, you will be able to:
● Decribe LDAP Group authorization functionality in SAP HANA
Lesson 9: Describing Cross-Database Authorizations in Tenant DatabasesLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe Cross-Database Authorizations in Tenant Databases
Unit 10: Implementing authorizations in the SAP HANA Database
20 © Copyright. All rights reserved.
UNIT 11 Analyzing users and authorizations
Lesson 1: Tracing authorization errorsLesson ObjectivesAfter completing this lesson, you will be able to:
● Trace authorization errors
Lesson 2: Viewing Information about Users and AuthorizationsLesson ObjectivesAfter completing this lesson, you will be able to:
● View information about users and authorizations
© Copyright. All rights reserved. 21
Unit 11: Analyzing users and authorizations
22 © Copyright. All rights reserved.
UNIT 12 Using Audit Logging
Lesson 1: Using Audit LoggingLesson ObjectivesAfter completing this lesson, you will be able to:
● Use audit logging
© Copyright. All rights reserved. 23
Unit 12: Using Audit Logging
24 © Copyright. All rights reserved.
UNIT 13 Defining the application security in XS Advanced
Lesson 1: Creating a Basic HTML5 ModuleLesson ObjectivesAfter completing this lesson, you will be able to:
● Create and run an HTML5 module saying Hello World
Lesson 2: Introducing Application Security in XS AdvancedLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe basic concepts of application security in XS Advanced
Lesson 3: Creating a User with authorization for development in the SAP Web IDE for SAP HANALesson ObjectivesAfter completing this lesson, you will be able to:
● Create the user with authorization for development in the SAP Web IDE for SAP HANA
Lesson 4: Creating the Security Concept Within an HTML5 ModuleLesson ObjectivesAfter completing this lesson, you will be able to:
● Create the security concept within an HTML5 module
© Copyright. All rights reserved. 25
Unit 13: Defining the application security in XS Advanced
26 © Copyright. All rights reserved.
UNIT 14 Integration with SAP BusinessObjects BI (optional)
Lesson 1: Understanding Authentication Options and User Management Implicationsfor the Integration of SAP BusinessObjects BI 4.X and SAP HANA (optional)Lesson ObjectivesAfter completing this lesson, you will be able to:
● Understand authentication options and user management implications for the integration of SAP BusinessObjects BI 4.X and SAP HANA
© Copyright. All rights reserved. 27
Unit 14: Integration with SAP BusinessObjects BI (optional)
28 © Copyright. All rights reserved.
UNIT 15 SAP HANA with ERP or S/4HANA and the Analytics Authorization Assistant (optional)
Lesson 1: Describing SAP HANA with ERP or SAP S/4HANA and the Analytics Authorization Assistant (optional)Lesson ObjectivesAfter completing this lesson, you will be able to:
● Describe different scenarios for SAP HANA with ERP or SAP S/4HANA
● Describe the Analytics Authorization Assistant (AAA)
© Copyright. All rights reserved. 29
Unit 15: SAP HANA with ERP or S/4HANA and the Analytics Authorization Assistant (optional)
30 © Copyright. All rights reserved.
UNIT 16 Integration with SAP GRC (optional)
Lesson 1: Outlining SAP GRC Integration for Governance, Risk and ComplianceLesson ObjectivesAfter completing this lesson, you will be able to:
● Outline the integration options with SAP Access Control
© Copyright. All rights reserved. 31
Unit 16: Integration with SAP GRC (optional)
32 © Copyright. All rights reserved.
UNIT 17 Integration with SAP Identity Management (optional)
Lesson 1: Understanding SAP Identity Management IntegrationLesson ObjectivesAfter completing this lesson, you will be able to:
● Understand possible integrations with SAP Identity Management
© Copyright. All rights reserved. 33