SlideShare a Scribd company logo
What´s New? SAP HANA SPS 07
Security
(Delta from SPS 06 to SPS 07)
SAP HANA Product Management

November, 2013
Agenda
Authentication
User/role management
Authorization

Encryption
Audit logging
Documentation

© 2013 SAP AG. All rights reserved.

Public

2
Authentication
What’s New in SAP HANA SPS 07: Security
SPNEGO support for SAP HANA XS
SPNEGO (Kerberos with Simple and Protected GSSAPI Negotiation Mechanism) is now
available as an authentication option for SAP HANA XS
Configuration
1. In Microsoft Active Directory, for each host and alias register new service principal names and map them to the
(potentially already existing) SAP HANA service user
2. On the SAP HANA server, add the keys for the new service principal names to the keytab
3. In SAP HANA, configure the Kerberos user mapping for the user
Note: If the user mapping has already been set up for Kerberos authentication for SQL access, you do not
have to change anything here
4. Using the SAP HANA XS Administration Tool (http://<host>:80<sysno>/sap/hana/xs/admin/), select SPNEGO
as authentication method for the user

© 2013 SAP AG. All rights reserved.

Public

4
What’s New in SAP HANA SPS 07: Security
SAP Logon Ticket and SAP Assertion Ticket support
SAP Logon Tickets and SAP Assertion Tickets are now supported for both SQL and XS access
Prerequisites
 A separate trust store for SAP Logon and Assertion tickets
has been configured
 System privilege USER ADMIN

Configuration
1. In the Systems view in SAP HANA studio, choose Security
2. Create a new user by right-clicking on Users and choosing
New User
3. Select the authentication method(s) and choose the
(Deploy) button

Notes
 Prior to SPS 07, SAP HANA implicitly selected both user name/password and SAP Logon Tickets as
authentication methods for new users. Now you have to explicitly set authentication options for new users
 To re-enable the old behavior for SAP Logon Tickets, a new configuration parameter has been introduced
(Indexserver.ini -> authentication -> SapLogonTicketEnabledForNewUsers). See also SAP Note 1927949
© 2013 SAP AG. All rights reserved.

Public

5
What’s New in SAP HANA SPS 07: Security
Password policy changes/additions (I)
The mandatory periodic password change can now be re-enabled using SQL
 In some situations it may be required to exclude specific users from the mandatory periodic password change,
for example the technical user that is used by an application server to connect to the database
 Prerequisites: System privilege USER ADMIN
 Syntax:

ALTER USER <user_name> DISABLE PASSWORD LIFETIME
ALTER USER <user_name> ENABLE PASSWORD LIFETIME
Changed default for maximum_unused_initial_password_lifetime
 This parameter specifies the number of days for which initial user passwords are valid. If a user has not logged
on within this period of time, the password becomes invalid; the user administrator can reset it if still needed.
 New default: 7 days (formerly 28 days)
 Prerequisites: System privilege USER ADMIN
 To change this parameter, in the Systems view of SAP HANA studio choose Security -> Password Policy ->
Lifetime of Initial Password
© 2013 SAP AG. All rights reserved.

Public

6
What’s New in SAP HANA SPS 07: Security
Password policy changes/additions (II)
Option to set configuration parameter password_lock_time to infinity
Time for which a user is locked after having exhausted the maximum number of failed logon attempts
Prerequisites:
 System privilege USER ADMIN

Configuration
– In the Systems view in SAP HANA studio, choose Security -> Password Policy and in the User Lock Settings
select Lock indefinitely

– When setting the parameter using SQL, use the value -1
© 2013 SAP AG. All rights reserved.

Public

7
User/role management
What’s New in SAP HANA SPS 07: Security
Set validity period for user in SAP HANA studio
You can now set the validity period for a user in SAP HANA studio
Prerequisites
 System privilege USER ADMIN

Configuration
1. In the Systems view in SAP HANA studio, choose Security
2. Expand Users and double-click on the user for which you want to set the validity period,
or create a new user by right-clicking on Users and choosing New User
3. Enter the validity period and choose the
(Deploy) button

© 2013 SAP AG. All rights reserved.

Public

9
What’s New in SAP HANA SPS 07: Security
Copy user
You can now create a new user by copying an
existing user. The roles granted to the existing
user are automatically granted to the new user
Prerequisites
 System privilege USER ADMIN, SQL privilege
EXECUTE on procedure GRANT_ACTIVATED_ROLE

Restrictions
 Only roles created as design-time roles are copied
 Only available in SAP HANA studio

Procedure
1. In the Systems view in SAP HANA studio, choose
Security -> Users, right-click the user to be copied
and choose Copy User
2. Enter the details for the new user
3. Choose the (Deploy) button to create the user
© 2013 SAP AG. All rights reserved.

Public

10
Authorization
What’s New in SAP HANA SPS 07: Security
New system privileges for repository change management
New system privileges for repository change management are available
Repository change management provides the infrastructure for tracked development. If enabled, the
activation of a repository object prompts the developer to assign it to a container or “Change”. A
developer must then approve and release his changes in order for the objects in his change to be
marked as released. This enables the creation of a delivery unit (DU) that is composed of only
released objects. Releasing a change does not trigger any automatic semantic checks but is a manual
assurance by the developer that the objects are consistent and ready for transport.
Prerequisites
 System privilege USER ADMIN

Granting system privileges
1. In the Systems view in SAP HANA studio, double-click on the user
2. On the System Privileges tab, add the required system privileges:
o REPO.CONFIGURE, REPO.MODIFY_CHANGE, REPO.MODIFY_FOREIGN_CONTRIBUTION, REPO.MODIFY_OWN_C
ONTRIBUTION,

3. Choose the

(Deploy) button

© 2013 SAP AG. All rights reserved.

Public

12
What’s New in SAP HANA SPS 07: Security
New privilege for debugging SQLScript code
You can now allow other users to debug
SQLScript code (e.g. a procedure) that is being
executed in your session
1. In the Systems view in SAP HANA studio, expand
Security -> Users and double-click the user to whom
you want to grant debugging privileges
o On the Object Privileges tab, add your procedure and
select DEBUG
o On the Privileges on Users tab, choose the
(Add)
button and select ATTACH DEBUGGER (see screenshot)

2. Choose the

(Deploy) button

Example
 BOB grants ALICE debugging privileges

Note
 It is not possible to grant the ATTACH DEBUGGER
privilege on behalf of other users
© 2013 SAP AG. All rights reserved.

Public

13
What’s New in SAP HANA SPS 07: Security
SAP HANA studio: Support for smart data access privilege assignment
SQL privileges for Smart Data Access scenarios can now be granted using SAP HANA studio
Smart data access is SAP HANA’s capability to connect to remote sources and present data in those
remote sources as though they were local SAP HANA tables. In SAP HANA, virtual tables are created
that represent the tables in the remote source. Via these virtual tables, joins can be executed between
tables in SAP HANA and tables in the remote source.
The following SQL privileges can now be granted using SAP HANA studio:
 CREATE VIRTUAL TABLE (in selected remote source)
 DROP (selected remote source)

Prerequisites
 Remote source has been created

Example
 User SYSTEM grants a user the privileges to
– Create virtual tables for remote source ASE2
– Drop remote source ASE2
© 2013 SAP AG. All rights reserved.

Public

14
Encryption
What’s New in SAP HANA SPS 07: Security
Support for SAP’s new cryptographic library CommonCryptoLib
SAP HANA now supports SAP’s new cryptographic library CommonCryptoLib for operations
that require cryptography, for example data volume encryption and SSL communication
encryption
CommonCryptoLib is the successor of SAPCRYPTOLIB
Notes:
 CommonCryptoLib will be made available via SAP Service Marketplace
 Because the library includes encryption routines, CommonCryptoLib distribution is subject to and controlled by
German export regulations and may not be available to all customers. The library may also be subject to local
regulations of your own country that may further restrict the import, use, and (re-)export of cryptographic
software.

© 2013 SAP AG. All rights reserved.

Public

16
What’s New in SAP HANA SPS 07: Security
SAP HANA studio: Configure data volume encryption (I)
Data volume encryption on disk can now be configured using SAP HANA studio
After activating encryption, new data that is saved to disk will be encrypted starting with the next
savepoint. Existing data starts being encrypted in the background. Depending on the size of the SAP
HANA system, this process can take some time. Only after this process has completed is all your data
encrypted. You can monitor the encryption progress in SAP HANA studio.
Notes
 If you want to use data volume encryption, it is recommended to activate it directly after installing the system
 The root key for data volume encryption is automatically created during installation. If you have received SAP
HANA as an appliance, we recommend to change this key after handover from the hardware vendor

© 2013 SAP AG. All rights reserved.

Public

17
What’s New in SAP HANA SPS 07: Security
SAP HANA studio: Configure data volume encryption (II)
Prerequisites
 System privilege RESOURCE ADMIN

Activating/deactivating data volume encryption
1. In the Systems view in SAP HANA studio, choose
Security
2. Open the Data Volume Encryption tab
– To activate encryption, select Activate encryption of
data volumes
– To deactivate encryption, de-select this option
3. Choose the
(Deploy) button

© 2013 SAP AG. All rights reserved.

Public

18
What’s New in SAP HANA SPS 07: Security
SSFS: Change master key (I)
SSFS master key

SAP HANA now provides the ability to change
the SSFS master key
SSFS (SAP NetWeaver secure storage in the file
system) is used by SAP HANA to store
 The root key for the data volume encryption
 The root key for the internal data protection API
(DPAPI). Note: DPAPI is used by the secure internal
credential store, which is needed in some scenarios
such as smart data access to securely store additional
user credentials (e.g. for access to remote systems)

SSFS
Data volume encryption
(root key)
Internal data protection API
(root key)

The keys stored in SSFS are themselves encrypted
using the SSFS master key.
It is recommended to periodically change the SSFS
master key, re-encrypt the SSFS with the new key, SAP HANA
file system
and save the new key to a secure location.
© 2013 SAP AG. All rights reserved.

Data volume encryption
(savepoint-specific key)

Secure credential store
(key)

SAP HANA database
Public

19
What’s New in SAP HANA SPS 07: Security
SSFS: Change master key (II)
Prerequisites
 Credentials of the operating system user (<sid>adm user) that was created when the system was installed
 Database user with system privilege INIFILE ADMIN
 In a distributed SAP HANA system, every host must be able to access the key file location

Changing the SSFS master key
1. Stop the SAP HANA system
2. Log on to the SAP HANA system host as the operating system user <sid>adm
3. Generate a new master key by entering the following command:

rsecssfx generatekey
4. Re-encrypt the SSFS with the new master key and save the key file to a secure location as follows:

RSEC_SSFS_DATAPATH=/usr/sap/<SID>/global/hdb/security/ssfs
RSEC_SSFS_KEYPATH<PATH TO KEYFILE> rsecssfx changekey <NEWKEY>
5. Configure the specified key file location in the cryptography section of the global.ini configuration file with the
parameter ssfs_key_file_path
© 2013 SAP AG. All rights reserved.

Public

20
What’s New in SAP HANA SPS 07: Security
SSFS: Data volume encryption root key included in backup
If storage snapshots are used for data backup, the root key for the data volume encryption is
now included in the automatic backup of the SSFS
The SSFS is always part of the data backup, but for file system or BACKINT backups it does not
include the data volume encryption root key.
The root key is only needed in recovery scenarios where a storage snapshot is used as the basis for
the recovery.

© 2013 SAP AG. All rights reserved.

Public

21
What’s New in SAP HANA SPS 07: Security
SSFS: Alert if SSFS is missing
An alert is triggered if the SSFS is missing
SSFS is used by SAP HANA to store
 The root key for the data volume encryption
 The root key for the internal data protection API

New check
 Determines whether the secure storage in the file system (SSFS) is accessible to the database
 Alert priority: HIGH
 Recommended user action: Check and make sure that the secure storage in the file system (SSFS) is
accessible to the database

© 2013 SAP AG. All rights reserved.

Public

22
What’s New in SAP HANA SPS 07: Security
Communication encryption: Force SSL for client SQL connections
There is a new configuration parameter which enforces SSL encryption for all client SQL
connections to the SAP HANA database
Prerequisites
 SSL has been configured for the SAP HANA database
 System privilege INIFILE ADMIN
 You have migrated to the new statistics server implementation (see SAP Note 1917938). Do not enforce SSL for
client connections otherwise.

Configuration
1.
2.
3.
4.

In the Administration editor in SAP HANA studio, open the Configuration tab
Navigate to the global.ini file and expand the communication section
Set the sslEnforce parameter to true (default: false)
New SQL connection attempts by clients without SSL will now be rejected by the SAP HANA database. Note
though that existing connections will not be terminated, so if you want to enforce SSL for all connections, it is
recommended to restart the database.

© 2013 SAP AG. All rights reserved.

Public

23
What’s New in SAP HANA SPS 07: Security
Communication encryption: SSL support for system replication scenarios
The Secure Sockets Layer (SSL) protocol can be used to secure network communication
between the primary site and secondary site in system replication scenarios
Prerequisites
 SSL has been configured for both SAP HANA systems (key creation and CA).
 System privilege INIFILE ADMIN

Configuration
1. For a scenario involving two systems, carry out the following steps in both systems
1. In the Administration editor in SAP HANA studio, open the Configuration tab
2. In the configuration file global.ini -> section system_replication_communication: Set the parameter enable_ssl to on

2. SSL will be used from the next reconnect between primary and secondary. The easiest way to achieve a
reconnect is to restart the secondary system.

© 2013 SAP AG. All rights reserved.

Public

24
Audit Logging
What’s New in SAP HANA SPS 07: Security
Mandatory audit actions
If auditing is active, certain actions are always audited and are therefore not available for
inclusion in user-defined audit policies
In the audit trail, these action are labeled with the internal audit policy MandatoryAuditPolicy.
Action
CREATE AUDIT POLICY

Description
Creation, modification, or deletion of audit policies

ALTER AUDIT POLICY
DROP AUDIT POLICY

ALTER SYSTEM CLEAR AUDIT LOG UNITL <timestamp>

Deletion of audit entries from the audit trail. This only applies if
audit entries are written to column store database tables.

ALTER SYSTEM ALTER CONFIGURATION ('global.ini','SYSTEM') set ('auditing
configuration','global_auditing_state' ) = <value> with reconfigure;

Changes to auditing configuration, that is:

ALTER SYSTEM ALTER CONFIGURATION ('global.ini','SYSTEM') set ('auditing
configuration','default_audit_trail_type' ) = '<audit_trail_type>' with
reconfigure;
ALTER SYSTEM ALTER CONFIGURATION ('global.ini','SYSTEM') set ('auditing
configuration','default_audit_trail_path' ) = '<path>' with reconfigure;

© 2013 SAP AG. All rights reserved.

Enabling or disabling auditing
Changing the audit trail target
Changing the location of the audit trail target if it is a CSV text
file

Public

26
What’s New in SAP HANA SPS 07: Security
Database table as audit trail target (I)
As an alternative to syslog, SAP HANA can now write the audit trail to tables within the
database itself
When an audit policy is triggered, an audit entry is created in the audit trail
Audit trail types for production systems:
 syslog (logging system of the Linux operating system)
o syslog is a secure storage location for the audit trail because not even the database administrator can access or change it.
There are also numerous storage possibilities for the syslog, including storing it on other systems. In addition, syslog is the
default log daemon in UNIX systems. syslog therefore provides a high degree of flexibility and security, as well as
integration into a larger system landscape.

 Database table
o Using an SAP HANA database table as the target for the audit trail makes it possible to query and analyze auditing
information quickly. It also provides a secure and tamper-proof storage location.
o Internal column store table in the _SYS_AUDIT schema of the SAP HANA database
o Audit entries are only accessible through the public system view AUDIT_LOG. Only SELECT operations can be performed
on this view by users with system privilege AUDIT ADMIN or AUDIT OPERATOR
o To avoid the audit table growing too large, it is possible to delete old audit entries
© 2013 SAP AG. All rights reserved.

Public

27
What’s New in SAP HANA SPS 07: Security
Database table as audit trail target (II)
Prerequisites
 System privilege AUDIT ADMIN or INIFILE ADMIN

Configuring the audit trail
1. In the Systems view, double-click on Security and
open the Auditing tab
2. In the System Settings for Auditing area, set the
auditing status to Enabled
3. Configure the target of the audit trail by choosing
Database Table
4. Choose the (Deploy) button

© 2013 SAP AG. All rights reserved.

Public

28
What’s New in SAP HANA SPS 07: Security
Database table as audit trail target (III)
Prerequisites
 System privilege AUDIT ADMIN or AUDIT OPERATOR

Viewing the audit trail
 In the Systems view of SAP HANA studio, expand the
catalog and display the system view AUDIT_LOG
 Alternatively, display the system view using SQL
commands:

SELECT * FROM "PUBLIC"."AUDIT_LOG"

© 2013 SAP AG. All rights reserved.

Public

29
What’s New in SAP HANA SPS 07: Security
Database table as audit trail target (IV)
Prerequisites
 System privilege AUDIT ADMIN or AUDIT OPERATOR

Truncating the audit trail
1. In the Systems view, double-click on Security and
open the Auditing tab
2. Choose the (Truncate) button
3. Specify a date/time and click OK
Caution: All information in the audit trail that is older will
be immediately deleted

© 2013 SAP AG. All rights reserved.

Public

30
What’s New in SAP HANA SPS 07: Security
New audit actions
Two additional data definition (DDL) actions
can now be audited: CREATE TABLE and
ALTER TABLE
Prerequisites
 System privilege AUDIT ADMIN

Creating an audit policy
1. In the Systems view, double-click on Security and
open the Auditing tab
2. In the Audit Policies area, choose Create New Policy
3. Enter the policy name
4. Specify the audit actions and further options if
required
5. Choose the
(Deploy) button

© 2013 SAP AG. All rights reserved.

Public

31
What’s New in SAP HANA SPS 07: Security
Firefighter logging
You can log all actions performed by a specific
user
This covers not only all actions that can be audited
individually, but also actions that cannot otherwise
be audited. Such a policy is useful if you want to
audit the actions of a particularly privileged user.
Note
 Some actions cannot be audited using database
auditing even with a policy that includes all actions, in
particular, system restart and system recovery

Caution
 Firefighter logging may generate a lot of audit entries,
so only enable it if required

© 2013 SAP AG. All rights reserved.

Public

32
What’s New in SAP HANA SPS 07: Security
Exempt user from audit policy
You can now exempt individual users from an
audit policy
This can be useful, for example, if you want to
exclude the technical user account used by an
application server for connections to the SAP
HANA database
Prerequisites
 System privilege AUDIT ADMIN

Exempting a user from an audit policy
 When creating the audit policy, choose in the Users
column
 Select the users to be excluded from the audit policy

© 2013 SAP AG. All rights reserved.

Public

33
What’s New in SAP HANA SPS 07: Security
SAP HANA studio: Improved audit action configuration
The dialog for selecting audit actions for an
audit policy has been improved
Not all actions can be combined together in the
same policy, therefore compatible audit actions
have been grouped together
When you select an action, those actions that are
not compatible with the selected action become
unavailable for selection
If you need to two audit incompatible audit
actions, you need to create two separate audit
policies

© 2013 SAP AG. All rights reserved.

Public

34
Documentation
What’s New in SAP HANA SPS 07: Security
Context-sensitive help in SAP HANA studio
SAP HANA studio now provides contextsensitive help for many topic areas, including
security
To open the context-sensitive help, press F1, or
choose Help -> Dynamic Help

© 2013 SAP AG. All rights reserved.

Public

36
More Information
What’s New in SAP HANA SPS 07: Security
More Information
SAP HANA documentation
Available on the SAP Help Portal
 SAP HANA Security Guide, Master Guide (network topics),
Developer Guide, SQL Reference Guide (privilege details)

Important SAP notes







1598623: SAP HANA appliance: Security (Central Security Note)
1514967: SAP HANA appliance (Central Appliance Note)
1730928: Using external software in a HANA appliance
1730929: Using external tools in an SAP HANA appliance
1730930: Using antivirus software in an SAP HANA appliance
1730999: Configuration changes in HANA appliance

Security whitepaper
 http://www.saphana.com/docs/DOC-3751

© 2013 SAP AG. All rights reserved.

Public

38
Disclaimer
This presentation outlines our general product direction and should not be relied on in making
a purchase decision. This presentation is not subject to your license agreement or any other
agreement with SAP.
SAP has no obligation to pursue any course of business outlined in this presentation or to
develop or release any functionality mentioned in this presentation. This presentation and
SAP’s strategy and possible future developments are subject to change and may be changed
by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including
but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or
non-infringement. SAP assumes no responsibility for errors or omissions in this
document, except if such damages were caused by SAP intentionally or grossly negligent.

© 2013 SAP AG. All rights reserved.

Public

39
Thank you
Contact information
Andrea Kristen
SAP HANA Product Management
AskSAPHANA@sap.com
To get the best overview of what’s new in SAP HANA SPS 07, read this blog.
© 2013 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG.
The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and
SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in
the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other
countries.
Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

© 2013 SAP AG. All rights reserved.

Public

41
© 2013 SAP AG. Alle Rechte vorbehalten.
Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche
Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankündigung geändert werden.
Einige der von der SAP AG und ihren Distributoren vermarkteten Softwareprodukte enthalten proprietäre Softwarekomponenten anderer Softwareanbieter.
Produkte können länderspezifische Unterschiede aufweisen.
Die vorliegenden Unterlagen werden von der SAP AG und ihren Konzernunternehmen („SAP-Konzern“) bereitgestellt und dienen ausschließlich zu Informationszwecken.
Der SAP-Konzern übernimmt keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation. Der SAP-Konzern steht lediglich für Produkte
und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin
enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren.
SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP
AG in Deutschland und verschiedenen anderen Ländern weltweit. Weitere Hinweise und Informationen zum Markenrecht finden Sie unter http://www.sap.com/corporateen/legal/copyright/index.epx#trademark.

© 2013 SAP AG. All rights reserved.

Public

42

More Related Content

What's hot

Benefit SAP S4HANA.pptx
Benefit SAP S4HANA.pptxBenefit SAP S4HANA.pptx
Benefit SAP S4HANA.pptx
AlexYuniarto1
 
Technical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionTechnical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System Conversion
Akilesh Kumaran
 
Principles of SAP HANA Sizing - on premise and cloud-1.pdf
Principles of SAP HANA Sizing - on premise and cloud-1.pdfPrinciples of SAP HANA Sizing - on premise and cloud-1.pdf
Principles of SAP HANA Sizing - on premise and cloud-1.pdf
CharithNilangaWeeras
 
Building the Business Case for SAP HANA
Building the Business Case for SAP HANABuilding the Business Case for SAP HANA
Building the Business Case for SAP HANA
John Appleby
 
Power BI & SAP - Integration Options and possible Pifalls
Power BI & SAP - Integration Options and possible PifallsPower BI & SAP - Integration Options and possible Pifalls
Power BI & SAP - Integration Options and possible Pifalls
JJDE
 
SAP A1 Vs SAP B1
SAP A1 Vs SAP B1SAP A1 Vs SAP B1
SAP A1 Vs SAP B1
ITChamps Software Pvt. Ltd
 
L1_RISE_with_SAP_NNN_V3.4.pptx
L1_RISE_with_SAP_NNN_V3.4.pptxL1_RISE_with_SAP_NNN_V3.4.pptx
L1_RISE_with_SAP_NNN_V3.4.pptx
Guruprasad Bellary
 
SAP HANA Overview
SAP HANA OverviewSAP HANA Overview
SAP HANA Overview
Sitaram Kotnis
 
Snowflake + Power BI: Cloud Analytics for Everyone
Snowflake + Power BI: Cloud Analytics for EveryoneSnowflake + Power BI: Cloud Analytics for Everyone
Snowflake + Power BI: Cloud Analytics for Everyone
Angel Abundez
 
SAP PPM 6.0 powered by HANA
SAP PPM 6.0 powered by HANASAP PPM 6.0 powered by HANA
SAP PPM 6.0 powered by HANA
Espedia Consulting
 
Accelerate your journey to SAP S/4HANA with SAP’s Business Technology Platform
Accelerate your journey to SAP S/4HANA with SAP’s Business Technology PlatformAccelerate your journey to SAP S/4HANA with SAP’s Business Technology Platform
Accelerate your journey to SAP S/4HANA with SAP’s Business Technology Platform
SAP Technology
 
Tableau data terminology
Tableau   data terminologyTableau   data terminology
Tableau data terminology
Learnbay Datascience
 
GV2-TM-CM-PR-Cutover Strategy Template-V1.ppt
GV2-TM-CM-PR-Cutover Strategy Template-V1.pptGV2-TM-CM-PR-Cutover Strategy Template-V1.ppt
GV2-TM-CM-PR-Cutover Strategy Template-V1.ppt
CarlosRodriguez703287
 
Project Management on SAP Business One for Consulting and Software Companies
Project Management on SAP Business One for Consulting and Software CompaniesProject Management on SAP Business One for Consulting and Software Companies
Project Management on SAP Business One for Consulting and Software Companies
Blue Ocean Systems Pte Ltd
 
Best Practices to Administer, Operate, and Monitor an SAP HANA System
Best Practices to Administer, Operate, and Monitor an SAP HANA SystemBest Practices to Administer, Operate, and Monitor an SAP HANA System
Best Practices to Administer, Operate, and Monitor an SAP HANA System
SAPinsider Events
 
Building the Business Case for SAP S/4HANA
Building the Business Case for SAP S/4HANABuilding the Business Case for SAP S/4HANA
Building the Business Case for SAP S/4HANA
Bluefin Solutions
 
Snowflake for Data Engineering
Snowflake for Data EngineeringSnowflake for Data Engineering
Snowflake for Data Engineering
Harald Erb
 
Wp sap data_migration
Wp sap data_migrationWp sap data_migration
Wp sap data_migration
Biswajit Kar
 
Snowflake essentials
Snowflake essentialsSnowflake essentials
Snowflake essentials
qureshihamid
 
What's new on SAP HANA Smart Data Access
What's new on SAP HANA Smart Data AccessWhat's new on SAP HANA Smart Data Access
What's new on SAP HANA Smart Data Access
SAP Technology
 

What's hot (20)

Benefit SAP S4HANA.pptx
Benefit SAP S4HANA.pptxBenefit SAP S4HANA.pptx
Benefit SAP S4HANA.pptx
 
Technical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionTechnical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System Conversion
 
Principles of SAP HANA Sizing - on premise and cloud-1.pdf
Principles of SAP HANA Sizing - on premise and cloud-1.pdfPrinciples of SAP HANA Sizing - on premise and cloud-1.pdf
Principles of SAP HANA Sizing - on premise and cloud-1.pdf
 
Building the Business Case for SAP HANA
Building the Business Case for SAP HANABuilding the Business Case for SAP HANA
Building the Business Case for SAP HANA
 
Power BI & SAP - Integration Options and possible Pifalls
Power BI & SAP - Integration Options and possible PifallsPower BI & SAP - Integration Options and possible Pifalls
Power BI & SAP - Integration Options and possible Pifalls
 
SAP A1 Vs SAP B1
SAP A1 Vs SAP B1SAP A1 Vs SAP B1
SAP A1 Vs SAP B1
 
L1_RISE_with_SAP_NNN_V3.4.pptx
L1_RISE_with_SAP_NNN_V3.4.pptxL1_RISE_with_SAP_NNN_V3.4.pptx
L1_RISE_with_SAP_NNN_V3.4.pptx
 
SAP HANA Overview
SAP HANA OverviewSAP HANA Overview
SAP HANA Overview
 
Snowflake + Power BI: Cloud Analytics for Everyone
Snowflake + Power BI: Cloud Analytics for EveryoneSnowflake + Power BI: Cloud Analytics for Everyone
Snowflake + Power BI: Cloud Analytics for Everyone
 
SAP PPM 6.0 powered by HANA
SAP PPM 6.0 powered by HANASAP PPM 6.0 powered by HANA
SAP PPM 6.0 powered by HANA
 
Accelerate your journey to SAP S/4HANA with SAP’s Business Technology Platform
Accelerate your journey to SAP S/4HANA with SAP’s Business Technology PlatformAccelerate your journey to SAP S/4HANA with SAP’s Business Technology Platform
Accelerate your journey to SAP S/4HANA with SAP’s Business Technology Platform
 
Tableau data terminology
Tableau   data terminologyTableau   data terminology
Tableau data terminology
 
GV2-TM-CM-PR-Cutover Strategy Template-V1.ppt
GV2-TM-CM-PR-Cutover Strategy Template-V1.pptGV2-TM-CM-PR-Cutover Strategy Template-V1.ppt
GV2-TM-CM-PR-Cutover Strategy Template-V1.ppt
 
Project Management on SAP Business One for Consulting and Software Companies
Project Management on SAP Business One for Consulting and Software CompaniesProject Management on SAP Business One for Consulting and Software Companies
Project Management on SAP Business One for Consulting and Software Companies
 
Best Practices to Administer, Operate, and Monitor an SAP HANA System
Best Practices to Administer, Operate, and Monitor an SAP HANA SystemBest Practices to Administer, Operate, and Monitor an SAP HANA System
Best Practices to Administer, Operate, and Monitor an SAP HANA System
 
Building the Business Case for SAP S/4HANA
Building the Business Case for SAP S/4HANABuilding the Business Case for SAP S/4HANA
Building the Business Case for SAP S/4HANA
 
Snowflake for Data Engineering
Snowflake for Data EngineeringSnowflake for Data Engineering
Snowflake for Data Engineering
 
Wp sap data_migration
Wp sap data_migrationWp sap data_migration
Wp sap data_migration
 
Snowflake essentials
Snowflake essentialsSnowflake essentials
Snowflake essentials
 
What's new on SAP HANA Smart Data Access
What's new on SAP HANA Smart Data AccessWhat's new on SAP HANA Smart Data Access
What's new on SAP HANA Smart Data Access
 

Similar to HANA SPS07 Security

SAP HANA SPS08 Security
SAP HANA SPS08 SecuritySAP HANA SPS08 Security
SAP HANA SPS08 Security
SAP Technology
 
SAP HANA SPS09 - Security
SAP HANA SPS09 - SecuritySAP HANA SPS09 - Security
SAP HANA SPS09 - Security
SAP Technology
 
SAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and RecoverySAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and Recovery
SAP Technology
 
SAP HANA SPS10- Security
SAP HANA SPS10- SecuritySAP HANA SPS10- Security
SAP HANA SPS10- Security
SAP Technology
 
What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)
What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)
What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)
SAP Technology
 
What's new in SAP HANA SPS 11 Security
What's new in SAP HANA SPS 11 SecurityWhat's new in SAP HANA SPS 11 Security
What's new in SAP HANA SPS 11 Security
SAP Technology
 
SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & MonitoringSAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring
SAP Technology
 
SAP HANA SPS09- Administration Monitoring
SAP HANA SPS09- Administration MonitoringSAP HANA SPS09- Administration Monitoring
SAP HANA SPS09- Administration Monitoring
SAP Technology
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docx
juancusa
 
Hana e2 e_adminmonitoring_sps08
Hana e2 e_adminmonitoring_sps08Hana e2 e_adminmonitoring_sps08
Hana e2 e_adminmonitoring_sps08
RAJAT123523
 
HANA SPS07 Administration & Monitoring
HANA SPS07 Administration & MonitoringHANA SPS07 Administration & Monitoring
HANA SPS07 Administration & Monitoring
SAP Technology
 
What's New in SAP HANA SPS 11 Backup and Recovery (Operations)
What's New in SAP HANA SPS 11 Backup and Recovery (Operations)What's New in SAP HANA SPS 11 Backup and Recovery (Operations)
What's New in SAP HANA SPS 11 Backup and Recovery (Operations)
SAP Technology
 
HANA SPS07 Backup & Recovery
HANA SPS07 Backup & RecoveryHANA SPS07 Backup & Recovery
HANA SPS07 Backup & Recovery
SAP Technology
 
SAP HANA SPS10- Backup/Recovery
SAP HANA SPS10- Backup/RecoverySAP HANA SPS10- Backup/Recovery
SAP HANA SPS10- Backup/Recovery
SAP Technology
 
What's New in SAP HANA SPS 11 Mission Critical Data Center Operations
What's New in SAP HANA SPS 11 Mission Critical Data Center OperationsWhat's New in SAP HANA SPS 11 Mission Critical Data Center Operations
What's New in SAP HANA SPS 11 Mission Critical Data Center Operations
SAP Technology
 
SAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database ContainersSAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database Containers
SAP Technology
 
SAP HANA SPS09 - SAP HANA Workload Management
SAP HANA SPS09 - SAP HANA Workload ManagementSAP HANA SPS09 - SAP HANA Workload Management
SAP HANA SPS09 - SAP HANA Workload Management
SAP Technology
 
SAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster RecoverySAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP Technology
 
SAP HANA SPS10- SAP HANA Platform Lifecycle Management
SAP HANA SPS10- SAP HANA Platform Lifecycle ManagementSAP HANA SPS10- SAP HANA Platform Lifecycle Management
SAP HANA SPS10- SAP HANA Platform Lifecycle Management
SAP Technology
 
SAP HANA SPS10- SAP HANA Dynamic Tiering
SAP HANA SPS10- SAP HANA Dynamic TieringSAP HANA SPS10- SAP HANA Dynamic Tiering
SAP HANA SPS10- SAP HANA Dynamic Tiering
SAP Technology
 

Similar to HANA SPS07 Security (20)

SAP HANA SPS08 Security
SAP HANA SPS08 SecuritySAP HANA SPS08 Security
SAP HANA SPS08 Security
 
SAP HANA SPS09 - Security
SAP HANA SPS09 - SecuritySAP HANA SPS09 - Security
SAP HANA SPS09 - Security
 
SAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and RecoverySAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and Recovery
 
SAP HANA SPS10- Security
SAP HANA SPS10- SecuritySAP HANA SPS10- Security
SAP HANA SPS10- Security
 
What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)
What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)
What's New in SAP HANA SPS 11 Platform Lifecycle Management (Operations)
 
What's new in SAP HANA SPS 11 Security
What's new in SAP HANA SPS 11 SecurityWhat's new in SAP HANA SPS 11 Security
What's new in SAP HANA SPS 11 Security
 
SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & MonitoringSAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring
 
SAP HANA SPS09- Administration Monitoring
SAP HANA SPS09- Administration MonitoringSAP HANA SPS09- Administration Monitoring
SAP HANA SPS09- Administration Monitoring
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docx
 
Hana e2 e_adminmonitoring_sps08
Hana e2 e_adminmonitoring_sps08Hana e2 e_adminmonitoring_sps08
Hana e2 e_adminmonitoring_sps08
 
HANA SPS07 Administration & Monitoring
HANA SPS07 Administration & MonitoringHANA SPS07 Administration & Monitoring
HANA SPS07 Administration & Monitoring
 
What's New in SAP HANA SPS 11 Backup and Recovery (Operations)
What's New in SAP HANA SPS 11 Backup and Recovery (Operations)What's New in SAP HANA SPS 11 Backup and Recovery (Operations)
What's New in SAP HANA SPS 11 Backup and Recovery (Operations)
 
HANA SPS07 Backup & Recovery
HANA SPS07 Backup & RecoveryHANA SPS07 Backup & Recovery
HANA SPS07 Backup & Recovery
 
SAP HANA SPS10- Backup/Recovery
SAP HANA SPS10- Backup/RecoverySAP HANA SPS10- Backup/Recovery
SAP HANA SPS10- Backup/Recovery
 
What's New in SAP HANA SPS 11 Mission Critical Data Center Operations
What's New in SAP HANA SPS 11 Mission Critical Data Center OperationsWhat's New in SAP HANA SPS 11 Mission Critical Data Center Operations
What's New in SAP HANA SPS 11 Mission Critical Data Center Operations
 
SAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database ContainersSAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database Containers
 
SAP HANA SPS09 - SAP HANA Workload Management
SAP HANA SPS09 - SAP HANA Workload ManagementSAP HANA SPS09 - SAP HANA Workload Management
SAP HANA SPS09 - SAP HANA Workload Management
 
SAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster RecoverySAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
 
SAP HANA SPS10- SAP HANA Platform Lifecycle Management
SAP HANA SPS10- SAP HANA Platform Lifecycle ManagementSAP HANA SPS10- SAP HANA Platform Lifecycle Management
SAP HANA SPS10- SAP HANA Platform Lifecycle Management
 
SAP HANA SPS10- SAP HANA Dynamic Tiering
SAP HANA SPS10- SAP HANA Dynamic TieringSAP HANA SPS10- SAP HANA Dynamic Tiering
SAP HANA SPS10- SAP HANA Dynamic Tiering
 

More from SAP Technology

SAP Integration Suite L1
SAP Integration Suite L1SAP Integration Suite L1
SAP Integration Suite L1
SAP Technology
 
Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...
Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...
Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...
SAP Technology
 
7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...
7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...
7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...
SAP Technology
 
Extend SAP S/4HANA to deliver real-time intelligent processes
Extend SAP S/4HANA to deliver real-time intelligent processesExtend SAP S/4HANA to deliver real-time intelligent processes
Extend SAP S/4HANA to deliver real-time intelligent processes
SAP Technology
 
Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...
Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...
Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...
SAP Technology
 
Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...
Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...
Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...
SAP Technology
 
Transform your business with intelligent insights and SAP S/4HANA
Transform your business with intelligent insights and SAP S/4HANATransform your business with intelligent insights and SAP S/4HANA
Transform your business with intelligent insights and SAP S/4HANA
SAP Technology
 
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Technology
 
Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...
Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...
Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...
SAP Technology
 
The IoT Imperative for Consumer Products
The IoT Imperative for Consumer ProductsThe IoT Imperative for Consumer Products
The IoT Imperative for Consumer Products
SAP Technology
 
The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...
The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...
The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...
SAP Technology
 
IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...
IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...
IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...
SAP Technology
 
The IoT Imperative in Government and Healthcare
The IoT Imperative in Government and HealthcareThe IoT Imperative in Government and Healthcare
The IoT Imperative in Government and Healthcare
SAP Technology
 
SAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital CoreSAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital Core
SAP Technology
 
Five Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANA
Five Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANAFive Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANA
Five Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANA
SAP Technology
 
SAP Helps Reduce Silos Between Business and Spatial Data
SAP Helps Reduce Silos Between Business and Spatial DataSAP Helps Reduce Silos Between Business and Spatial Data
SAP Helps Reduce Silos Between Business and Spatial Data
SAP Technology
 
Why SAP HANA?
Why SAP HANA?Why SAP HANA?
Why SAP HANA?
SAP Technology
 
Spotlight on Financial Services with Calypso and SAP ASE
Spotlight on Financial Services with Calypso and SAP ASESpotlight on Financial Services with Calypso and SAP ASE
Spotlight on Financial Services with Calypso and SAP ASE
SAP Technology
 
SAP ASE 16 SP02 Performance Features
SAP ASE 16 SP02 Performance FeaturesSAP ASE 16 SP02 Performance Features
SAP ASE 16 SP02 Performance Features
SAP Technology
 
Spark Usage in Enterprise Business Operations
Spark Usage in Enterprise Business OperationsSpark Usage in Enterprise Business Operations
Spark Usage in Enterprise Business Operations
SAP Technology
 

More from SAP Technology (20)

SAP Integration Suite L1
SAP Integration Suite L1SAP Integration Suite L1
SAP Integration Suite L1
 
Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...
Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...
Future-Proof Your Business Processes by Automating SAP S/4HANA processes with...
 
7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...
7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...
7 Top Reasons to Automate Processes with SAP Intelligent Robotic Processes Au...
 
Extend SAP S/4HANA to deliver real-time intelligent processes
Extend SAP S/4HANA to deliver real-time intelligent processesExtend SAP S/4HANA to deliver real-time intelligent processes
Extend SAP S/4HANA to deliver real-time intelligent processes
 
Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...
Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...
Process optimization and automation for SAP S/4HANA with SAP’s Business Techn...
 
Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...
Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...
Accelerate Your Move to an Intelligent Enterprise with SAP Cloud Platform and...
 
Transform your business with intelligent insights and SAP S/4HANA
Transform your business with intelligent insights and SAP S/4HANATransform your business with intelligent insights and SAP S/4HANA
Transform your business with intelligent insights and SAP S/4HANA
 
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
SAP Cloud Platform for SAP S/4HANA: Accelerate your move to an Intelligent En...
 
Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...
Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...
Innovate collaborative applications with SAP Jam Collaboration & SAP Cloud Pl...
 
The IoT Imperative for Consumer Products
The IoT Imperative for Consumer ProductsThe IoT Imperative for Consumer Products
The IoT Imperative for Consumer Products
 
The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...
The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...
The IoT Imperative for Discrete Manufacturers - Automotive, Aerospace & Defen...
 
IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...
IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...
IoT is Enabling a New Era of Shareholder Value in Energy and Natural Resource...
 
The IoT Imperative in Government and Healthcare
The IoT Imperative in Government and HealthcareThe IoT Imperative in Government and Healthcare
The IoT Imperative in Government and Healthcare
 
SAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital CoreSAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital Core
 
Five Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANA
Five Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANAFive Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANA
Five Reasons To Skip SAP Suite on HANA and Go Directly to SAP S/4HANA
 
SAP Helps Reduce Silos Between Business and Spatial Data
SAP Helps Reduce Silos Between Business and Spatial DataSAP Helps Reduce Silos Between Business and Spatial Data
SAP Helps Reduce Silos Between Business and Spatial Data
 
Why SAP HANA?
Why SAP HANA?Why SAP HANA?
Why SAP HANA?
 
Spotlight on Financial Services with Calypso and SAP ASE
Spotlight on Financial Services with Calypso and SAP ASESpotlight on Financial Services with Calypso and SAP ASE
Spotlight on Financial Services with Calypso and SAP ASE
 
SAP ASE 16 SP02 Performance Features
SAP ASE 16 SP02 Performance FeaturesSAP ASE 16 SP02 Performance Features
SAP ASE 16 SP02 Performance Features
 
Spark Usage in Enterprise Business Operations
Spark Usage in Enterprise Business OperationsSpark Usage in Enterprise Business Operations
Spark Usage in Enterprise Business Operations
 

Recently uploaded

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 

Recently uploaded (20)

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 

HANA SPS07 Security

  • 1. What´s New? SAP HANA SPS 07 Security (Delta from SPS 06 to SPS 07) SAP HANA Product Management November, 2013
  • 4. What’s New in SAP HANA SPS 07: Security SPNEGO support for SAP HANA XS SPNEGO (Kerberos with Simple and Protected GSSAPI Negotiation Mechanism) is now available as an authentication option for SAP HANA XS Configuration 1. In Microsoft Active Directory, for each host and alias register new service principal names and map them to the (potentially already existing) SAP HANA service user 2. On the SAP HANA server, add the keys for the new service principal names to the keytab 3. In SAP HANA, configure the Kerberos user mapping for the user Note: If the user mapping has already been set up for Kerberos authentication for SQL access, you do not have to change anything here 4. Using the SAP HANA XS Administration Tool (http://<host>:80<sysno>/sap/hana/xs/admin/), select SPNEGO as authentication method for the user © 2013 SAP AG. All rights reserved. Public 4
  • 5. What’s New in SAP HANA SPS 07: Security SAP Logon Ticket and SAP Assertion Ticket support SAP Logon Tickets and SAP Assertion Tickets are now supported for both SQL and XS access Prerequisites  A separate trust store for SAP Logon and Assertion tickets has been configured  System privilege USER ADMIN Configuration 1. In the Systems view in SAP HANA studio, choose Security 2. Create a new user by right-clicking on Users and choosing New User 3. Select the authentication method(s) and choose the (Deploy) button Notes  Prior to SPS 07, SAP HANA implicitly selected both user name/password and SAP Logon Tickets as authentication methods for new users. Now you have to explicitly set authentication options for new users  To re-enable the old behavior for SAP Logon Tickets, a new configuration parameter has been introduced (Indexserver.ini -> authentication -> SapLogonTicketEnabledForNewUsers). See also SAP Note 1927949 © 2013 SAP AG. All rights reserved. Public 5
  • 6. What’s New in SAP HANA SPS 07: Security Password policy changes/additions (I) The mandatory periodic password change can now be re-enabled using SQL  In some situations it may be required to exclude specific users from the mandatory periodic password change, for example the technical user that is used by an application server to connect to the database  Prerequisites: System privilege USER ADMIN  Syntax: ALTER USER <user_name> DISABLE PASSWORD LIFETIME ALTER USER <user_name> ENABLE PASSWORD LIFETIME Changed default for maximum_unused_initial_password_lifetime  This parameter specifies the number of days for which initial user passwords are valid. If a user has not logged on within this period of time, the password becomes invalid; the user administrator can reset it if still needed.  New default: 7 days (formerly 28 days)  Prerequisites: System privilege USER ADMIN  To change this parameter, in the Systems view of SAP HANA studio choose Security -> Password Policy -> Lifetime of Initial Password © 2013 SAP AG. All rights reserved. Public 6
  • 7. What’s New in SAP HANA SPS 07: Security Password policy changes/additions (II) Option to set configuration parameter password_lock_time to infinity Time for which a user is locked after having exhausted the maximum number of failed logon attempts Prerequisites:  System privilege USER ADMIN Configuration – In the Systems view in SAP HANA studio, choose Security -> Password Policy and in the User Lock Settings select Lock indefinitely – When setting the parameter using SQL, use the value -1 © 2013 SAP AG. All rights reserved. Public 7
  • 9. What’s New in SAP HANA SPS 07: Security Set validity period for user in SAP HANA studio You can now set the validity period for a user in SAP HANA studio Prerequisites  System privilege USER ADMIN Configuration 1. In the Systems view in SAP HANA studio, choose Security 2. Expand Users and double-click on the user for which you want to set the validity period, or create a new user by right-clicking on Users and choosing New User 3. Enter the validity period and choose the (Deploy) button © 2013 SAP AG. All rights reserved. Public 9
  • 10. What’s New in SAP HANA SPS 07: Security Copy user You can now create a new user by copying an existing user. The roles granted to the existing user are automatically granted to the new user Prerequisites  System privilege USER ADMIN, SQL privilege EXECUTE on procedure GRANT_ACTIVATED_ROLE Restrictions  Only roles created as design-time roles are copied  Only available in SAP HANA studio Procedure 1. In the Systems view in SAP HANA studio, choose Security -> Users, right-click the user to be copied and choose Copy User 2. Enter the details for the new user 3. Choose the (Deploy) button to create the user © 2013 SAP AG. All rights reserved. Public 10
  • 12. What’s New in SAP HANA SPS 07: Security New system privileges for repository change management New system privileges for repository change management are available Repository change management provides the infrastructure for tracked development. If enabled, the activation of a repository object prompts the developer to assign it to a container or “Change”. A developer must then approve and release his changes in order for the objects in his change to be marked as released. This enables the creation of a delivery unit (DU) that is composed of only released objects. Releasing a change does not trigger any automatic semantic checks but is a manual assurance by the developer that the objects are consistent and ready for transport. Prerequisites  System privilege USER ADMIN Granting system privileges 1. In the Systems view in SAP HANA studio, double-click on the user 2. On the System Privileges tab, add the required system privileges: o REPO.CONFIGURE, REPO.MODIFY_CHANGE, REPO.MODIFY_FOREIGN_CONTRIBUTION, REPO.MODIFY_OWN_C ONTRIBUTION, 3. Choose the (Deploy) button © 2013 SAP AG. All rights reserved. Public 12
  • 13. What’s New in SAP HANA SPS 07: Security New privilege for debugging SQLScript code You can now allow other users to debug SQLScript code (e.g. a procedure) that is being executed in your session 1. In the Systems view in SAP HANA studio, expand Security -> Users and double-click the user to whom you want to grant debugging privileges o On the Object Privileges tab, add your procedure and select DEBUG o On the Privileges on Users tab, choose the (Add) button and select ATTACH DEBUGGER (see screenshot) 2. Choose the (Deploy) button Example  BOB grants ALICE debugging privileges Note  It is not possible to grant the ATTACH DEBUGGER privilege on behalf of other users © 2013 SAP AG. All rights reserved. Public 13
  • 14. What’s New in SAP HANA SPS 07: Security SAP HANA studio: Support for smart data access privilege assignment SQL privileges for Smart Data Access scenarios can now be granted using SAP HANA studio Smart data access is SAP HANA’s capability to connect to remote sources and present data in those remote sources as though they were local SAP HANA tables. In SAP HANA, virtual tables are created that represent the tables in the remote source. Via these virtual tables, joins can be executed between tables in SAP HANA and tables in the remote source. The following SQL privileges can now be granted using SAP HANA studio:  CREATE VIRTUAL TABLE (in selected remote source)  DROP (selected remote source) Prerequisites  Remote source has been created Example  User SYSTEM grants a user the privileges to – Create virtual tables for remote source ASE2 – Drop remote source ASE2 © 2013 SAP AG. All rights reserved. Public 14
  • 16. What’s New in SAP HANA SPS 07: Security Support for SAP’s new cryptographic library CommonCryptoLib SAP HANA now supports SAP’s new cryptographic library CommonCryptoLib for operations that require cryptography, for example data volume encryption and SSL communication encryption CommonCryptoLib is the successor of SAPCRYPTOLIB Notes:  CommonCryptoLib will be made available via SAP Service Marketplace  Because the library includes encryption routines, CommonCryptoLib distribution is subject to and controlled by German export regulations and may not be available to all customers. The library may also be subject to local regulations of your own country that may further restrict the import, use, and (re-)export of cryptographic software. © 2013 SAP AG. All rights reserved. Public 16
  • 17. What’s New in SAP HANA SPS 07: Security SAP HANA studio: Configure data volume encryption (I) Data volume encryption on disk can now be configured using SAP HANA studio After activating encryption, new data that is saved to disk will be encrypted starting with the next savepoint. Existing data starts being encrypted in the background. Depending on the size of the SAP HANA system, this process can take some time. Only after this process has completed is all your data encrypted. You can monitor the encryption progress in SAP HANA studio. Notes  If you want to use data volume encryption, it is recommended to activate it directly after installing the system  The root key for data volume encryption is automatically created during installation. If you have received SAP HANA as an appliance, we recommend to change this key after handover from the hardware vendor © 2013 SAP AG. All rights reserved. Public 17
  • 18. What’s New in SAP HANA SPS 07: Security SAP HANA studio: Configure data volume encryption (II) Prerequisites  System privilege RESOURCE ADMIN Activating/deactivating data volume encryption 1. In the Systems view in SAP HANA studio, choose Security 2. Open the Data Volume Encryption tab – To activate encryption, select Activate encryption of data volumes – To deactivate encryption, de-select this option 3. Choose the (Deploy) button © 2013 SAP AG. All rights reserved. Public 18
  • 19. What’s New in SAP HANA SPS 07: Security SSFS: Change master key (I) SSFS master key SAP HANA now provides the ability to change the SSFS master key SSFS (SAP NetWeaver secure storage in the file system) is used by SAP HANA to store  The root key for the data volume encryption  The root key for the internal data protection API (DPAPI). Note: DPAPI is used by the secure internal credential store, which is needed in some scenarios such as smart data access to securely store additional user credentials (e.g. for access to remote systems) SSFS Data volume encryption (root key) Internal data protection API (root key) The keys stored in SSFS are themselves encrypted using the SSFS master key. It is recommended to periodically change the SSFS master key, re-encrypt the SSFS with the new key, SAP HANA file system and save the new key to a secure location. © 2013 SAP AG. All rights reserved. Data volume encryption (savepoint-specific key) Secure credential store (key) SAP HANA database Public 19
  • 20. What’s New in SAP HANA SPS 07: Security SSFS: Change master key (II) Prerequisites  Credentials of the operating system user (<sid>adm user) that was created when the system was installed  Database user with system privilege INIFILE ADMIN  In a distributed SAP HANA system, every host must be able to access the key file location Changing the SSFS master key 1. Stop the SAP HANA system 2. Log on to the SAP HANA system host as the operating system user <sid>adm 3. Generate a new master key by entering the following command: rsecssfx generatekey 4. Re-encrypt the SSFS with the new master key and save the key file to a secure location as follows: RSEC_SSFS_DATAPATH=/usr/sap/<SID>/global/hdb/security/ssfs RSEC_SSFS_KEYPATH<PATH TO KEYFILE> rsecssfx changekey <NEWKEY> 5. Configure the specified key file location in the cryptography section of the global.ini configuration file with the parameter ssfs_key_file_path © 2013 SAP AG. All rights reserved. Public 20
  • 21. What’s New in SAP HANA SPS 07: Security SSFS: Data volume encryption root key included in backup If storage snapshots are used for data backup, the root key for the data volume encryption is now included in the automatic backup of the SSFS The SSFS is always part of the data backup, but for file system or BACKINT backups it does not include the data volume encryption root key. The root key is only needed in recovery scenarios where a storage snapshot is used as the basis for the recovery. © 2013 SAP AG. All rights reserved. Public 21
  • 22. What’s New in SAP HANA SPS 07: Security SSFS: Alert if SSFS is missing An alert is triggered if the SSFS is missing SSFS is used by SAP HANA to store  The root key for the data volume encryption  The root key for the internal data protection API New check  Determines whether the secure storage in the file system (SSFS) is accessible to the database  Alert priority: HIGH  Recommended user action: Check and make sure that the secure storage in the file system (SSFS) is accessible to the database © 2013 SAP AG. All rights reserved. Public 22
  • 23. What’s New in SAP HANA SPS 07: Security Communication encryption: Force SSL for client SQL connections There is a new configuration parameter which enforces SSL encryption for all client SQL connections to the SAP HANA database Prerequisites  SSL has been configured for the SAP HANA database  System privilege INIFILE ADMIN  You have migrated to the new statistics server implementation (see SAP Note 1917938). Do not enforce SSL for client connections otherwise. Configuration 1. 2. 3. 4. In the Administration editor in SAP HANA studio, open the Configuration tab Navigate to the global.ini file and expand the communication section Set the sslEnforce parameter to true (default: false) New SQL connection attempts by clients without SSL will now be rejected by the SAP HANA database. Note though that existing connections will not be terminated, so if you want to enforce SSL for all connections, it is recommended to restart the database. © 2013 SAP AG. All rights reserved. Public 23
  • 24. What’s New in SAP HANA SPS 07: Security Communication encryption: SSL support for system replication scenarios The Secure Sockets Layer (SSL) protocol can be used to secure network communication between the primary site and secondary site in system replication scenarios Prerequisites  SSL has been configured for both SAP HANA systems (key creation and CA).  System privilege INIFILE ADMIN Configuration 1. For a scenario involving two systems, carry out the following steps in both systems 1. In the Administration editor in SAP HANA studio, open the Configuration tab 2. In the configuration file global.ini -> section system_replication_communication: Set the parameter enable_ssl to on 2. SSL will be used from the next reconnect between primary and secondary. The easiest way to achieve a reconnect is to restart the secondary system. © 2013 SAP AG. All rights reserved. Public 24
  • 26. What’s New in SAP HANA SPS 07: Security Mandatory audit actions If auditing is active, certain actions are always audited and are therefore not available for inclusion in user-defined audit policies In the audit trail, these action are labeled with the internal audit policy MandatoryAuditPolicy. Action CREATE AUDIT POLICY Description Creation, modification, or deletion of audit policies ALTER AUDIT POLICY DROP AUDIT POLICY ALTER SYSTEM CLEAR AUDIT LOG UNITL <timestamp> Deletion of audit entries from the audit trail. This only applies if audit entries are written to column store database tables. ALTER SYSTEM ALTER CONFIGURATION ('global.ini','SYSTEM') set ('auditing configuration','global_auditing_state' ) = <value> with reconfigure; Changes to auditing configuration, that is: ALTER SYSTEM ALTER CONFIGURATION ('global.ini','SYSTEM') set ('auditing configuration','default_audit_trail_type' ) = '<audit_trail_type>' with reconfigure; ALTER SYSTEM ALTER CONFIGURATION ('global.ini','SYSTEM') set ('auditing configuration','default_audit_trail_path' ) = '<path>' with reconfigure; © 2013 SAP AG. All rights reserved. Enabling or disabling auditing Changing the audit trail target Changing the location of the audit trail target if it is a CSV text file Public 26
  • 27. What’s New in SAP HANA SPS 07: Security Database table as audit trail target (I) As an alternative to syslog, SAP HANA can now write the audit trail to tables within the database itself When an audit policy is triggered, an audit entry is created in the audit trail Audit trail types for production systems:  syslog (logging system of the Linux operating system) o syslog is a secure storage location for the audit trail because not even the database administrator can access or change it. There are also numerous storage possibilities for the syslog, including storing it on other systems. In addition, syslog is the default log daemon in UNIX systems. syslog therefore provides a high degree of flexibility and security, as well as integration into a larger system landscape.  Database table o Using an SAP HANA database table as the target for the audit trail makes it possible to query and analyze auditing information quickly. It also provides a secure and tamper-proof storage location. o Internal column store table in the _SYS_AUDIT schema of the SAP HANA database o Audit entries are only accessible through the public system view AUDIT_LOG. Only SELECT operations can be performed on this view by users with system privilege AUDIT ADMIN or AUDIT OPERATOR o To avoid the audit table growing too large, it is possible to delete old audit entries © 2013 SAP AG. All rights reserved. Public 27
  • 28. What’s New in SAP HANA SPS 07: Security Database table as audit trail target (II) Prerequisites  System privilege AUDIT ADMIN or INIFILE ADMIN Configuring the audit trail 1. In the Systems view, double-click on Security and open the Auditing tab 2. In the System Settings for Auditing area, set the auditing status to Enabled 3. Configure the target of the audit trail by choosing Database Table 4. Choose the (Deploy) button © 2013 SAP AG. All rights reserved. Public 28
  • 29. What’s New in SAP HANA SPS 07: Security Database table as audit trail target (III) Prerequisites  System privilege AUDIT ADMIN or AUDIT OPERATOR Viewing the audit trail  In the Systems view of SAP HANA studio, expand the catalog and display the system view AUDIT_LOG  Alternatively, display the system view using SQL commands: SELECT * FROM "PUBLIC"."AUDIT_LOG" © 2013 SAP AG. All rights reserved. Public 29
  • 30. What’s New in SAP HANA SPS 07: Security Database table as audit trail target (IV) Prerequisites  System privilege AUDIT ADMIN or AUDIT OPERATOR Truncating the audit trail 1. In the Systems view, double-click on Security and open the Auditing tab 2. Choose the (Truncate) button 3. Specify a date/time and click OK Caution: All information in the audit trail that is older will be immediately deleted © 2013 SAP AG. All rights reserved. Public 30
  • 31. What’s New in SAP HANA SPS 07: Security New audit actions Two additional data definition (DDL) actions can now be audited: CREATE TABLE and ALTER TABLE Prerequisites  System privilege AUDIT ADMIN Creating an audit policy 1. In the Systems view, double-click on Security and open the Auditing tab 2. In the Audit Policies area, choose Create New Policy 3. Enter the policy name 4. Specify the audit actions and further options if required 5. Choose the (Deploy) button © 2013 SAP AG. All rights reserved. Public 31
  • 32. What’s New in SAP HANA SPS 07: Security Firefighter logging You can log all actions performed by a specific user This covers not only all actions that can be audited individually, but also actions that cannot otherwise be audited. Such a policy is useful if you want to audit the actions of a particularly privileged user. Note  Some actions cannot be audited using database auditing even with a policy that includes all actions, in particular, system restart and system recovery Caution  Firefighter logging may generate a lot of audit entries, so only enable it if required © 2013 SAP AG. All rights reserved. Public 32
  • 33. What’s New in SAP HANA SPS 07: Security Exempt user from audit policy You can now exempt individual users from an audit policy This can be useful, for example, if you want to exclude the technical user account used by an application server for connections to the SAP HANA database Prerequisites  System privilege AUDIT ADMIN Exempting a user from an audit policy  When creating the audit policy, choose in the Users column  Select the users to be excluded from the audit policy © 2013 SAP AG. All rights reserved. Public 33
  • 34. What’s New in SAP HANA SPS 07: Security SAP HANA studio: Improved audit action configuration The dialog for selecting audit actions for an audit policy has been improved Not all actions can be combined together in the same policy, therefore compatible audit actions have been grouped together When you select an action, those actions that are not compatible with the selected action become unavailable for selection If you need to two audit incompatible audit actions, you need to create two separate audit policies © 2013 SAP AG. All rights reserved. Public 34
  • 36. What’s New in SAP HANA SPS 07: Security Context-sensitive help in SAP HANA studio SAP HANA studio now provides contextsensitive help for many topic areas, including security To open the context-sensitive help, press F1, or choose Help -> Dynamic Help © 2013 SAP AG. All rights reserved. Public 36
  • 38. What’s New in SAP HANA SPS 07: Security More Information SAP HANA documentation Available on the SAP Help Portal  SAP HANA Security Guide, Master Guide (network topics), Developer Guide, SQL Reference Guide (privilege details) Important SAP notes       1598623: SAP HANA appliance: Security (Central Security Note) 1514967: SAP HANA appliance (Central Appliance Note) 1730928: Using external software in a HANA appliance 1730929: Using external tools in an SAP HANA appliance 1730930: Using antivirus software in an SAP HANA appliance 1730999: Configuration changes in HANA appliance Security whitepaper  http://www.saphana.com/docs/DOC-3751 © 2013 SAP AG. All rights reserved. Public 38
  • 39. Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or to develop or release any functionality mentioned in this presentation. This presentation and SAP’s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP intentionally or grossly negligent. © 2013 SAP AG. All rights reserved. Public 39
  • 40. Thank you Contact information Andrea Kristen SAP HANA Product Management AskSAPHANA@sap.com To get the best overview of what’s new in SAP HANA SPS 07, read this blog.
  • 41. © 2013 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. © 2013 SAP AG. All rights reserved. Public 41
  • 42. © 2013 SAP AG. Alle Rechte vorbehalten. Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankündigung geändert werden. Einige der von der SAP AG und ihren Distributoren vermarkteten Softwareprodukte enthalten proprietäre Softwarekomponenten anderer Softwareanbieter. Produkte können länderspezifische Unterschiede aufweisen. Die vorliegenden Unterlagen werden von der SAP AG und ihren Konzernunternehmen („SAP-Konzern“) bereitgestellt und dienen ausschließlich zu Informationszwecken. Der SAP-Konzern übernimmt keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation. Der SAP-Konzern steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren. SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP AG in Deutschland und verschiedenen anderen Ländern weltweit. Weitere Hinweise und Informationen zum Markenrecht finden Sie unter http://www.sap.com/corporateen/legal/copyright/index.epx#trademark. © 2013 SAP AG. All rights reserved. Public 42

Editor's Notes

  1. XS Administration Tool: Web-based tool that enables you to configure and maintain the basic administration-related elements of the application-development process and environment
  2. User mapping is not supported.
  3. In SPS 6, this functionality was only available as an SQL command.
  4. The design-time objects that are stored in the SAP HANA database repository can be transported to other SAP HANA database repository installations and delivered to customers. The transport granularity is the delivery unit (DU). Every repository object belongs to a package. A package can contain an arbitrary number of objects of different types. A package can be assigned to a DU.
  5. Use case: development of SAP HANA applications, e.g. if something works for everyone else, but not in your sessionExample: Developer Bob wants to authorize developer Alice to debug a procedure in Bob’s session
  6. SAP HANA smart data access can be used, for example, in SAP Business Warehouse installations running on SAP HANA to integrate data from remote sources. Note: There are also system privileges required for Smart Data access, but they have been available in SAP HANA studio in SAP HANA SPS 6 already and are therefore not listed here.
  7. Data volume encryption was introduced with SPS 5, but could only be configured using SQL until now. Data volume encryption uses the AEC-256-CBC algorithm. During database start-up, administrator interaction is not required. The data volume root key is stored using the SAP NetWeaver secure storage in the file system (SSFS) functionality and is automatically retrieved from there.
  8. For access to the SAP HANA database via XS, SSL encryption could already be enforced for client connections in SPS 6For internal communication between nodes in a scale-out instance, communication automatically uses SSL if this has been configured
  9. System replication is a mechanism for ensuring the high availability of SAP HANA systems. Through the continuous replication of data from a primary to a secondary system, including in-memory loading, system replication facilitates rapid failover in the event of a disaster. Productive operations can be resumed with minimal downtime.For more information (e.g. for scenarios involving more than two systems), see the SAP HANA Security Guide
  10. Auditing allows you to monitor and record selected actions performed in your system. In other words, it provides you with visibility on who did what (or tried to do what) and when. The following actions are typically audited:Changes to user authorizationCreation or deletion of database objectsAuthentication of usersChanges to system configurationAccess to or changing of sensitive information
  11. Note:For test purposes in non-production systems, you can also use a CSV text file as the audit trail. A separate CSV file is created for every service that executes SQL
  12. Note: Users must exist before they can be specified in an audit policy