SAP Hana XSA enables different deployments in one single Hana database. However, companies have to consider various security guidelines to ensure diligent access management.
With Hana 1.0 SPS11, SAP Hana Extended Application Services, Advanced Model (SAP Hana XSA) was introduced. This model is based on a microservices approach and enables the modulization of software development.
Hana XSA makes different deployments (separated development environments) in one single Hana database possible. Every application operates in a separate container and in its own environment, meaning that problems in one application do not affect the others.
Companies have to consider various security guidelines to ensure diligent access management. SAP Hana XSA Cockpit orchestrates the solution, managing users, access and security configurations (e.g. tenants or SAML identity providers).
How SAP Hana XSA works
The basic structure of SAP Hana XSA consists of organizations and spaces. In spaces, users can develop applications. Organizations are containers meant to structure the spaces. Developers operate in spaces. After the user master data have been created, developers are assigned spaces and access rights. There are three types of roles: Space Manager (space management as wells as evaluating applications); Space Developer (implementing, activating and deactivating of applications, matching applications to services); and Space Auditor (evaluation of applications and role management).
Regarding organizations, the role Organization Manager enables user management and maintaining the spaces in an organization.
Any changes of organizations or spaces are recorded in trace files on the operating system that can be analyzed with e.g. Hana Database Explorer.
The central development platform for SAPUI5 applications is SAP WebIDE (integrated development environment). It supports various programming languages like Java, Java Script, SAPUI5 HTML5, Node.js and more. WebIDE can be used for on-prem applications (Hana XSA) and as central development application for SAP Cloud Platform (Cloud Foundry).
To leverage WebIDE, developers have to be assigned corresponding access rights in SAP Hana XSA. Two standard templates already exist for this purpose: WebIDE Developer and WebIDE Administrator. To authorize users for application development, a role has to be created from the template WebIDE Developer.