SAP HANA SPS 07: Security

Topics: SQL, Auditing, Password Pages: 24 (4051 words) Published: December 2, 2014
What´s New? SAP HANA SPS 07
Security
(Delta from SPS 06 to SPS 07)
SAP HANA Product Management

November, 2013

Agenda
Authentication
User/role management
Authorization
Encryption
Audit logging
Documentation

© 2013 SAP AG. All rights reserved.

Public

2

Authentication

What’s New in SAP HANA SPS 07: Security
SPNEGO support for SAP HANA XS
SPNEGO (Kerberos with Simple and Protected GSSAPI Negotiation Mechanism) is now available as an authentication option for SAP HANA XS
Configuration
1. In Microsoft Active Directory, for each host and alias register new service principal names and map them to the (potentially already existing) SAP HANA service user
2. On the SAP HANA server, add the keys for the new service principal names to the keytab 3. In SAP HANA, configure the Kerberos user mapping for the user Note: If the user mapping has already been set up for Kerberos authentication for SQL access, you do not have to change anything here

4. Using the SAP HANA XS Administration Tool (http://:80/sap/hana/xs/admin/), select SPNEGO as authentication method for the user

© 2013 SAP AG. All rights reserved.

Public

4

What’s New in SAP HANA SPS 07: Security
SAP Logon Ticket and SAP Assertion Ticket support
SAP Logon Tickets and SAP Assertion Tickets are now supported for both SQL and XS access Prerequisites
 A separate trust store for SAP Logon and Assertion tickets has been configured
 System privilege USER ADMIN

Configuration
1. In the Systems view in SAP HANA studio, choose Security
2. Create a new user by right-clicking on Users and choosing New User
3. Select the authentication method(s) and choose the
(Deploy) button

Notes
 Prior to SPS 07, SAP HANA implicitly selected both user name/password and SAP Logon Tickets as authentication methods for new users. Now you have to explicitly set authentication options for new users  To re-enable the old behavior for SAP Logon Tickets, a new configuration parameter has been introduced (Indexserver.ini -> authentication -> SapLogonTicketEnabledForNewUsers). See also SAP Note 1927949 © 2013 SAP AG. All rights reserved.

Public

5

What’s New in SAP HANA SPS 07: Security
Password policy changes/additions (I)
The mandatory periodic password change can now be re-enabled using SQL  In some situations it may be required to exclude specific users from the mandatory periodic password change, for example the technical user that is used by an application server to connect to the database  Prerequisites: System privilege USER ADMIN

 Syntax:

ALTER USER DISABLE PASSWORD LIFETIME
ALTER USER ENABLE PASSWORD LIFETIME
Changed default for maximum_unused_initial_password_lifetime  This parameter specifies the number of days for which initial user passwords are valid. If a user has not logged on within this period of time, the password becomes invalid; the user administrator can reset it if still needed.  New default: 7 days (formerly 28 days)

 Prerequisites: System privilege USER ADMIN
 To change this parameter, in the Systems view of SAP HANA studio choose Security -> Password Policy -> Lifetime of Initial Password
© 2013 SAP AG. All rights reserved.

Public

6

What’s New in SAP HANA SPS 07: Security
Password policy changes/additions (II)
Option to set configuration parameter password_lock_time to infinity Time for which a user is locked after having exhausted the maximum number of failed logon attempts Prerequisites:
 System privilege USER ADMIN

Configuration
– In the Systems view in SAP HANA studio, choose Security -> Password Policy and in the User Lock Settings select Lock indefinitely

– When setting the parameter using SQL, use the value -1
© 2013 SAP AG. All rights reserved.

Public

7

User/role management

What’s New in SAP HANA SPS 07: Security
Set validity period for user in SAP HANA studio
You can now set the validity period for a user in SAP...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Sap Bods-Hana Essay
  • Security Proposal Essay
  • Big Data Sap Hana Essay
  • Essay on 07
  • Research on SAP HANA Essay
  • Essay about security
  • Saps Essay
  • Big Data SAP HANA Essay

Become a StudyMode Member

Sign Up - It's Free