Transcription
PUBLICHow to Define Standard Roles for Administratorsand Developers in SAP HANAApplicable to SAP HANA releases (starting from SAP HANA1.0 SPS 07) which use SAP HANA Extended ApplicationServices, Classic Model (XS Classic) and the SAP HANArepositoryDocument Version : 1.1 – February 2021
DOCUMENT HISTORYVersionRelease DateDescriptionContact1.0March 2014First official release of this guiderichard.bremer@sap.com1.1February 2021Note about procedure template use not being permittedunder the SAP HANA runtime license, new foreword,slight updates to terminology to reflect the existence ofsuccessive componentsAskSAPHANA@sap.com2
TABLE OF CONTENTS11.11.21.31.4SCENARIO INTRODUCTION . 7Note . 7Structure of the Guide . 7Purpose of the Roles . 7Guiding Principles in Designing the Roles . 822.12.2PREREQUISITES . 8Packages in the Repository . 8System Configuration . 933.13.1.13.1.1.13.1.1.23.1.23.1.33.1.4PREPARING A SECURE DEVELOPMENT SYSTEM . 9Proposed Repository Layout . 10Customer / Vendor Packages . 10Special Security Considerations for Application Roles . 10Special Security Considerations for Analytic Privileges . 11Package ‘system-local’ . 11Security Considerations for the ‘system-local’ Package . 11Real-Life Example . 1244.1HIGH-LEVEL OVERVIEW OF TEMPLATE ROLES. 12Typical Role Selection . .2.3.2PROPOSED STANDARD ROLES FOR SAP HANA SYSTEMS . 13Roles for Role Creators . 14role builder native.hdbrole. 14Granted Privileges . 15hdbrole file . 15role editor imported.hdbrole. 15Granted Privileges . 16hdbrole file . 16role builder.hdbrole . 17Granted Privileges . 17hdbrole file . 17security developer protected.hdbrole . 18Granted Privileges . 18hdbrole file . 18Roles for Security Administrators . 19Prerequisite: Wrapper Procedure for Granting of Roles . 19Procedure Source Code – Roles in Common Package . 20Procedure Source Code – Roles in Protected Package . 21Procedure Source Code: Grant SAP INTERNAL HANA SUPPORT Role . 23Procedure Source Code: Revoke SAP INTERNAL HANA SUPPORT Role . 23User Admin Role . 24Granted Privileges . 24hdbrole file . 25User Admin Role (Unrestricted) . 25Granted Privileges . 25hdbrole file . 263
.4.1.1Role Security Admin Basic . 26Granted Privileges . 27hdbrole file . 27Role Security Admin Troubleshooting . 28Granted Privileges . 28hdbrole file . 28Role Security Admin Audit . 29Granted Privileges . 29hdbrole file . 29Role Security Admin . 29Granted Privileges . 29hdbrole file . 30Role Security Admin Extended . 30Granted Privileges . 30hdbrole file . 31Role Security Admin Disk Encryption . 32Granted Privileges . 32hdbrole file . 32Role Audit Operator . 32Granted Privileges . 33hdbrole file . 33Roles for Database Administrators . 33Role basic admin . 33Granted Privileges . 33hdbrole file . 34Role persistence admin . 35Granted Privileges . 35hdbrole file . 35Role backup admin . 36Granted Privileges . 36hdbrole file . 36Role system admin generic . 36Granted Privileges . 37hdbrole file . 37Role system admin preinstalled . 38Granted Privileges . 38hdbrole file . 38Role backup operator . 38Granted Privileges . 38hdbrole file . 39Role database monitoring. 39Granted Privileges . 39hdbrole file . 39Role data admin . 40Granted Privileges . 40hdbrole file . 40Roles for Repository Administrators . 41Role repo manager . 41Granted Privileges .
05.04.2014 · 1.0 March 2014 First official release of this guide richard.bremer@sap.com 1.1 February 2021 Note about procedure template use not being permitted under the SAP HANA
