SAP HANA 2.0 Security Guide - Part 2
User Management in SAP HANA Database
In SAP HANA the following two types of users exist:
- Standard/Normal users
- Restricted users
When we create restricted user standard PUBLIC role is not assigned and hence they cannot view any data in the database.
They are only able to connect to the database using HTTP(S).
Restricted Users connect via ODBC or JDBC and require the standard role RESTRICTED_USER_ODBC_ACCESS or RESTRICTED_USER_JDBC_ACCESS.
Normal Database users are the standard user who work directly in the database they can create objects in the database.When we create Normal user in the database standard PUBLIC role is assigned by default to standard user
Converting Restricted Users to Standard Users
You can convert restricted users to standard users and vice versa executing the following steps:
Granting / Revoking the PUBLIC role
Granting / Revoking the authorization to create objects in the user´s own schema
Internal database user
In SAP HANA, you can also find internal database users that do not correspond to real people.These users are created during the installation and each one of them has a specific purpose on the system. It is not possible to use them to access the system.
Some of the internal database users are as follows:
SYS - is an internal database user. It is the owner of all objects in the database such as system tables and monitoring views.
Restricted Users connect via ODBC or JDBC and require the standard role RESTRICTED_USER_ODBC_ACCESS or RESTRICTED_USER_JDBC_ACCESS.
Normal Database users are the standard user who work directly in the database they can create objects in the database.When we create Normal user in the database standard PUBLIC role is assigned by default to standard user
Converting Restricted Users to Standard Users
You can convert restricted users to standard users and vice versa executing the following steps:
Granting / Revoking the PUBLIC role
Granting / Revoking the authorization to create objects in the user´s own schema
In SAP HANA, you can also find internal database users that do not correspond to real people.These users are created during the installation and each one of them has a specific purpose on the system. It is not possible to use them to access the system.
Some of the internal database users are as follows:
SYS - is an internal database user. It is the owner of all objects in the database such as system tables and monitoring views.
_SYS_REPO - is an internal database user used by the SAP HANA repository. The repository consists of packages and packages contain design time objects, such as attribute views, analytic views, calculation views, procedures, analytic privileges, and roles. _SYS_REPO is the owner repository objects, as well as their activated runtime versions.
_SYS_STATISTICS - is an internal database user used by the internal monitoring mechanism of the SAP HANA database. It collects data about status, performance, and resource usage from all services of the database system and problems alerts if necessary.
_SYS_AFL - is an internal user that owns all objects for Application Function Libraries.
_SYS_EPM - is an internal database user used by the SAP Performance Management (SAP EPM) application.
SYSTEM database user
The SYSTEM database user is the Bootstrapping-User. With this you can use the initial system, set and create other database users, access system tables, and so on. Note, however, that a SYSTEM database user does not automatically have access to objects created in the SAP HANA repository.The recommendation from SAP is to deactivate this user before starting operation.
_SYS_STATISTICS - is an internal database user used by the internal monitoring mechanism of the SAP HANA database. It collects data about status, performance, and resource usage from all services of the database system and problems alerts if necessary.
_SYS_AFL - is an internal user that owns all objects for Application Function Libraries.
_SYS_EPM - is an internal database user used by the SAP Performance Management (SAP EPM) application.
SYSTEM database user
The SYSTEM database user is the Bootstrapping-User. With this you can use the initial system, set and create other database users, access system tables, and so on. Note, however, that a SYSTEM database user does not automatically have access to objects created in the SAP HANA repository.The recommendation from SAP is to deactivate this user before starting operation.
SAP HANA 2.0 Security Guide - Part 2
Reviewed by NEXT GEN Technologies
on
12:57 PM
Rating:
Reviewed by NEXT GEN Technologies
on
12:57 PM
Rating:
No comments: