SECURITY

HANA AND BW INTEGRATION

Settings in BW for creation of DBMS USER
SAP HANA authorizations are assigned to one user. You can define how the corresponding SAP HANA user is determined. In Customizing, under SAP Net Weaver Business
Warehouse General Settings Settings for Generating SAP HANA Views of Info Providers, you have the following options:
• Option C: The BW user must have a DBMS user, or there must be a SAP HANA user with exactly the same name. If the BW user has a DBMS user, this is taken as the SAP
HANA user. If no DBMS user has been created, the SAP HANA user is taken with exactly the same name as the BW user. In this case, the SAP HANA user must not be a DBMS
user of a BW user. More information: DBMS User Management
• Option D: The SAP HANA user is the DBMS user created for the BW user in user administration (transaction SU01).
RS2HANA_VIEW Report/SPRO
Create DB Connection with Net weaver AS
• Add a database connection in table DBCON with Change View
"Description of Database Connections": Overview (transaction
DBCO) for the database user and database type HDB.
• Enter the name of the database connection and the client in the
USR_DBMS_SYSTEM view with Maintain Table View (transaction
SM30).

• https://help.sap.com/viewer/c6e6d078ab99452db94ed7b3b7bbcccf/
7.4.19/en-US/743ef0e24417493a8bf2b50fb0199d64.html
RSUSR_DBMS_USERS for Mass Maintenance of USERS

When you enable the synchronization between user management of SAP Net Weaver Application Server (SAP Net Weaver AS) ABAP and the user
management of a database management system some functions of user management work differently. When you customize an ABAP client for
DBMS user management, user management activities change as listed in the following table.

Activity Behavior
Creating users SAP NetWeaver AS for ABAP uses the user ID and initial password you entered for the DBMS user by
default. You can override these entries.
Note If you enter lowercase letters (a-z), User Maintenance (transaction SU01) converts lowercase
letters to uppercase letters (A-Z).
Changing users Changes to the ABAP user do not effect the DBMS user with the following exceptions:
•Administrative lock
•Locking or unlocking the ABAP user locks or unlocks the DBMS user.
•Initial password
•As the administrator, you set the initial passwords independently. Users change their own
passwords in the separate password change facilities of the different systems.
You cannot change the DBMS user mapped to the ABAP user directly. You must delete the DBMS user
assignment and save before you can assign an existing DBMS user.

Deleting users SAP NetWeaver AS for ABAP deletes the DBMS user with the ABAP user.

Mass maintenance Use the RSUSR_DBMS_USERS report to perform mass maintenance of users on SAP NetWeaver
AS for ABAP and a DBMS. Mass Maintenance (transaction SU10) does not support the creation or
maintenance of DBMS users.

https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.00/en-US/c0555f0bbb5710148faabb0a6e35c457.html
 Managing HANA views from BW
• Transaction RS2HANA_ADMIN (see SAP note 2031522) is used as the general entry point when
maintaining already generated SAP HANA views, general settings or checking the authorization
replication for errors. Upon opening the transaction you get an overview of all BW objects with
enabled “External SAP HANA view” setting. You can check the consistency of each view and
regenerate if required. Also you can navigate to the general settings or the authorization check
tool.
• In case there are problems when querying the HANA view you can use the transaction
RS2HANA_CHECK (seeSAP note 2031522 and SAP note 2103553). When navigating to the
authorization check tool you have several options to check for possible errors which may cause
the framework to not replicate maintained BW Analysis Authorizations for a specific user. You can
enter a specific BW object and BW user you would like to check all requirements for. You may also
specify a secondary DB connection which used the corresponding SAP HANA user to access the
database. This allows to also run further checks like accessing the generated view and checking
the result of the generated stored procedure. If the tool finds requirements which are not yet met
an error message is displayed. The long text of the error

Generation of SAP HANA Views from BW - https://help.sap.com/viewer/04030263a0d041309a039fa3ea586720/7.4.19/en-US/a0f2b32ffcaa40deb60ba4515bbb559e.html

 HANA Security and Privileges
• Recommendation for database user, role and priviliges
https://help.sap.com/viewer/742945a940f240f4a2a0e39f93d3e2d4/2.0.03/en-US/45955420940c4e80a1379bc7270cead6.html
• Recommendations for tenant database management
https://help.sap.com/viewer/742945a940f240f4a2a0e39f93d3e2d4/2.0.03/en-US/a6e033bd909948d5b12caeb2ceba20d4.html
• System Privilege – Reference
https://help.sap.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.03/en-US/2a942546f16846d597177b3bfbd1df04.html
• Object Privilege – Reference
https://help.sap.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.03/en-US/2ab44c34eb5047a8899955bd1caae867.html

https://help.sap.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.03/en-US/fb0f9b103d6940f28f3479b533c351e9.html
https://help.sap.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.03/en-US/dcac3839bb571014bc23bca06f173e18.html