Designing, configuring, and implementing SAP Security is a complex and resource-intensive task. Hence, companies should identify the right approach before building authorizations. This is also important when it comes to SAP HANA privilege based roles.

I have personally experienced and helped a few organizations with design of role definition approach. From this experience, I can say that identifying the proper security requirements during the system build helps in avoiding the need for redesigning at a later stage.

Before we move on, please note that SAP HANA platform has its own role model, which is more complex than SAP NetWeaver ABAP authorization model. SAP HANA has:

  • Analytic Privileges that will restrict user authorization on data
  • System Privileges that will control the authorization on administrative tasks
  • Object Privileges that allows various authorizations such as SELECT, DELETE, EXECUTE etc., on database objects
  • Package Privileges are used for providing read/write authorization on repositories
  • Application Privileges are used for managing HANA applications, mostly XS Engine based