SAP Hana XSA enables different deployments in one single Hana database. However, companies have to consider various security guidelines to ensure diligent access management
Hana XSA makes different deployments (separated development environments) in one single Hana database possible. Every application operates in a separate container and in its own environment, meaning that problems in one application do not affect the others.
Companies have to consider various security guidelines to ensure diligent access management. SAP Hana XSA Cockpit orchestrates the solution, managing users, access and security configurations (e.g. tenants or SAML identity providers).
In user management, admins can create new accounts or convert existing Hana users to XSA users. Access is granted by so-called role collections. For example, for user management the role collection XS User Admin is necessary, and for role management users need the role collection XS Authorization Admin. For viewing only, standard role collections XS Authorization Display and XS User Display are available. Accountability is guaranteed by Hana’s auditing. It is a Total new thing in the SAP HANA method.
How SAP Hana XSA works
The basic structure of SAP Hana
XSA consists of organizations and spaces. In spaces, users can develop applications. Organizations are containers meant to structure the spaces. Developers operate in spaces. After the user master data have been created, developers are assigned spaces and access rights. There are three types of roles: Space Manager (space management as wells as evaluating applications); Space Developer (implementing, activating and deactivating of applications, matching applications to services); and Space Auditor (evaluation of applications and role management).
Regarding organizations, the role Organization Manager enables user management and maintaining the spaces in an organization. Protection Rule in SAP Education
The central development platform for SAPUI5 applications is SAP WebIDE (integrated development environment). It supports various programming languages like Java, Java Script, SAPUI5 HTML5, Node.js and more. WebIDE can be used for on-prem applications (Hana XSA) and as central development application for SAP Cloud Platform (Cloud Foundry).
To leverage WebIDE, developers have to be assigned corresponding access rights in SAP Hana XSA. Two standard templates already exist for this purpose: WebIDE Developer and WebIDE Administrator. To authorize users for application development, a role has to be created from the template WebIDE Developer. Here is Protection Rule in SAP Education
To implement access rights in customized solutions, companies have to define their own rules. They can also integrate actions into customized solutions that can be recorded using Hana’s auditing (category application auditing).
Pingback: SAP S/4 Hana Cloud Or On-Premises: Which Option Is Right For You? - SAP Introduces X+O Analytics Services for Stronger Business Improvement Process