Designing, configuring, and implementing SAP Security is a complex and resource-intensive task. Hence, companies should identify the right approach before building authorizations. This is also important when it comes to SAP HANA privilege based roles.
I have personally experienced and helped a few organizations with design of role definition approach. From this experience, I can say that identifying the proper security requirements during the system build helps in avoiding the need for redesigning at a later stage.
Before we move on, please note that SAP HANA platform has its own role model, which is more complex than SAP NetWeaver ABAP authorization model. SAP HANA has:
- Analytic Privileges that will restrict user authorization on data
- System Privileges that will control the authorization on administrative tasks
- Object Privileges that allows various authorizations such as SELECT, DELETE, EXECUTE etc., on database objects
- Package Privileges are used for providing read/write authorization on repositories
- Application Privileges are used for managing HANA applications, mostly XS Engine based