Post on 11-Feb-2017
transcript
HA240Authorization, Security and Scenarios
PARTICIPANT HANDBOOKINSTRUCTOR-LED TRAINING
Course Version: 12
Course Duration: 2 Day(s)
Material Number: 50136479
0For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
0For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
SAP Copyrights and Trademarks
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the
express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other
countries. Please see http://globall2.sap.com/corporate-en/leRal/copvright/index.epx for additional
trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software
components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only,
without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable
for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate
company products and services are those that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein should be construed as constituting an
additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business
outlined in this document or any related presentation, or to develop or release any functionality
mentioned therein. This document, or any related presentation, and SAP SE's or its affiliated companies'
strategy and possible future developments, products, and/or platform directions and functionality are
all subject to change and may be changed by SAP SE or its affiliated companies at any time for any
reason without notice. The information in this document is not a commitment, promise, or legal
obligation to deliver any material, code, or functionality. All forward-looking statements are subject to
various risks and uncertainties that could cause actual results to differ materially from expectations.
Readers are cautioned not to place undue reliance on these forward-looking statements, which speak
only as of their dates, and they should not be relied upon in making purchasing decisions.
iii© Copyright. All rights reserved.
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
Typographic Conventions
American English is the standard used in this handbook.
The following typographic conventions are also used.
Th is information is displayed in the instructor's presentation
Demonstration □
Procedure VVV
Warning or Caution
Hint
A
O
Related or Additional Information
Facilitated Discussion l»
User interface control Example text
Window title Example text
iv © Copyright. All rights reserved.
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
Contents
vii Course Overview
1 U n itl: Security and Authorizations Introduction
2
21
Lesson: Introducing SAP HANA
Exercise 1: Navigate SAP HANA Security Administration
Interfaces
29 Unit 2: SAP HANA Repository
30 Lesson: Introducing SAP HANA Repository
35 Unit 3: SAP HANA Authorizations
37 Lesson: Explaining Authorization in SAP HANA
41 Lesson: Describing Roles
50 Lesson: Assigning Privileges and Roles to Users
63 Exercise 2: Maintain Users and Roles
73 Lesson: Understanding Object Ownership
76 Lesson: Understanding Privileges
95 Exercise 3: Create Classical Analytic Privileges
103 Exercise 4: Create Dynamic Analytic Privileges
107 Exercise 5: Create SQL Analytic Privileges
111 Lesson: Viewing Information about Users and Authorizations
115 Unit 4: Security Requirements and Solutions
117 Lesson: Understanding Authentication and Single Sign-On
131 Lesson: Understanding Multitenant Database Containers
138 Lesson: Describing Encryption
147 Lesson: Outlining SAP GRC Integration for Governance Risk and
Compliance
159 Lesson: Understanding SAP Netweaver Identity Management
Integration
163 Lesson: Describing SAP HANA Extended Application Services
Securityand Application Privileges
171 Lesson: Describing SAP HANA Extended Application Services,
AdvancedModel Security
177 Unit 5: Authorization Trace and Auditing
178 Lesson: Setting up and Analyzing an Authorization Trace
183 Exercise 6: Use an Authorization Trace to Find Authorization
Issues
190 Lesson: Using Audit Logging
201 Exercise 7: Configure Audit Logging
© Copyright. All rights reserved. v
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
207 Unit 6: Integrative Authorization Scenarios
208
216
225
238
245
257
258
264
Lesson: Outlining Security Scenarios
Lesson: Understanding SAP BW Models in SAP HANA
Exercise 8: Replicate Business Warehouse Authorizations from
SAP BW in SAP HANA to Plain SAP HANA
Lesson: Understanding Authentication Options and User
Management Implicationsfor the Integration of SAP Business Object
Bl 4.X and SAP HANA
Lesson: Describing SAP HANA with ERP or S/4HANA and the
Analytics AuthorizationAssistant
Unit 7: SAP HANA Cloud Solutions (Optional)
Lesson: Understanding the Security Architecture of SAP HANA
Cloud Platform
Lesson: Explaining the Security Aspects of SAP HANA Enterprise
Cloud
VI © Copyright. All rights reserved.
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
Course Overview
TARGET AUDIENCE
This course is intended for the following audiences:
• Systems Architect
• Application Consultant
• Development Consultant
• Technology Consultant
• Support Consultant
• Data Consultant
• Database Administrator
• Technology Consultant
© Copyright. All rights reserved.
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
viii © Copyright. All rights reserved.
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
UNIT 1 Security and AuthorizationsIntroduction
Lesson 1
Introducing SAP HANA 2
Exercise 1: Navigate SAP HANA Security Administration Interfaces 21
UNIT OBJECTIVES
• Define SAP HANA
• Outline the security functions in SAP HANA
• Describe the security administration tools
© Copyright. All rights reserved. 1
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
Unit 1
Lesson 1
Introducing SAP HANA
LESSON OBJECTIVES
After completing this lesson, you will be able to:
• Define SAP HANA
• Outline the security functions in SAP HANA
• Describe the security administration tools
SAP HANA
SAP HANA: The Platform for All Applications
SAP HANA PLATFORMo n - p r e m i s e i c l o u d i h y b r i d http://hana.sap.eom
Application Services Processing Services Integration & Quality Services
g < / >
* * Q .
/ f f f r v t H
Web Server JavaScript Spatial Graph Predictive Search Data Virtualization ELT &
Replication
Wh ^ O c <3 s* = t V ill © / S i5 \
Fiorl UX Graphic Application Lifecycle Text Streaming Series Business Data Hadoop & Spark Remote Data
Modeler Management Analytics Analytics Data Functions Quality Integration Sync
Database Services
I"! m c l | GColumnar Multi-Core & Advanced Multi- M ulti-Tier Data Openness Admin & High Availability &
OLTP+OLAP Parallelization Compression tenancy Storage Modeling Security Disaster Recovery
Figure 1: What is SAP HANA?
SAP HANA is an in-memory data platform that is deployable as an on-premise appliance, or in
the cloud. It is a revolutionary platform that's best suited for performing real-time analytics,
and developing and deploying real-time applications. At the core of this real-time data
platform is the SAP HANA database, which is fundamentally different from any other
database engine in the market today.
2 © Copyright. All rights reserved.
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com
For Any SAP / IBM / Oracle - Materials Purchase Visit : www.erpexams.com OR Contact Via Email Directly At : sapmaterials4u@gmail.com