Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Hana1 slt repli_sec_en
1. SAP HANA Security Guide - Trigger-Based Replication
SAP In-Memory Appliance (SAP HANA) 1.0
Target Audience
Consultants
Administrators
SAP Hardware Partner
Others
Public
Document version 1.0 – 06/27/2011
3. SAP HANA Security Guide – Trigger-Based Replication June 2011
services are those that are set forth in the express warranty statements accompanying such
products and services, if any. Nothing herein should be construed as constituting an
additional warranty.
Icons in Body Text
Icon Meaning
Caution
Example
Note
Recommendation
Syntax
Additional icons are used in SAP Library documentation to help you identify different types of
information at a glance. For more information, see Help on Help General Information
Classes and Information Classes for Business Information Warehouse on the first page of any
version of SAP Library.
Typographic Conventions
Type Style Description
Example text Words or characters quoted from the screen. These include field
names, screen titles, pushbuttons labels, menu names, menu paths,
and menu options.
Cross-references to other documentation.
Example text Emphasized words or phrases in body text, graphic titles, and table
titles.
EXAMPLE TEXT Technical names of system objects. These include report names,
program names, transaction codes, table names, and key concepts of a
programming language when they are surrounded by body text, for
example, SELECT and INCLUDE.
Example text Output on the screen. This includes file and directory names and their
paths, messages, names of variables and parameters, source text, and
names of installation, upgrade and database tools.
Example text Exact user entry. These are words or characters that you enter in the
system exactly as they appear in the documentation.
<Example text> Variable user entry. Angle brackets indicate that you replace these
words and characters with appropriate entries to make entries in the
system.
EXAMPLE TEXT Keys on the keyboard, for example, F2 or ENTER.
SAP In-Memory Appliance (SAP HANA) 2
4. SAP HANA Security Guide – Trigger-Based Replication June 2011
User Administration and Authentication .............................................................................. 6
Authorizations .................................................................................................................... 7
Network and Communication Security................................................................................ 8
Network Security ............................................................................................................ 8
Communication Destinations .......................................................................................... 8
Configuration ..................................................................................................................... 8
Configuration .................................................................................................................. 8
SAP In-Memory Appliance (SAP HANA) 3
5. SAP HANA Security Guide – Trigger-Based Replication June 2011
Technical System Landscape
The Trigger-Based Replication system transfers database activity from source system
databases to replicate databases. The source system is typically an SAP ERP or CRM
system, and the replicate database is the SAP HANA In-Memory Database.
The figures below show the two possible technical system landscapes for the Trigger-Based
Data Replication Using SAP LT (Landscape Transformation) Replicator.
Option 1 - Separate SLT system
With this option the SLT component is installed in its own SAP system consequently there are
two network communication channels in use from this system. Firstly there is an RFC
connection to the source system and a second connection to the SAP HANA system.
Option 2 - SLT installation in Source system
With this option the SLT system component is installed in the source system which means
that only one external network communication channel is required to the SAP HANA system.
An overview of the system landscape components is provided below.
SAP In-Memory Appliance (SAP HANA) 4
6. SAP HANA Security Guide – Trigger-Based Replication June 2011
Source system
The source system tracks database changes via database triggers and copies relevant
changes into the Logging Tables.
SLT component
The SLT system polls the log tables in the source system via an RFC connection on a
scheduled basis. If there is replication data which should be transferred to the SAP HANA
system this is transferred to via the DB connection.
SAP HANA system
The SAP HANA system contains the SAP In-Memory Database; this is used to store the
replicated data. The connections between the SLT component and the SAP HANA system
are provided by the DB connection.
Topic Guide/Tool Quick Link to the SAP Service Marketplace
Trigger- Installation SAP HANA 1.0 Installation Guide – Trigger Based Replication
based Guide
Replication
SAP HANA Guides
For more information about SAP HANA landscape, security, installation and administration,
see the resources listed in the table below.
Topic Guide/Tool Quick Link
SAP HANA SAP HANA Knowledge https://service.sap.com/hana
Landscape, Center on SAP Service
Deployment & Marketplace SAP HANA 1.0 Master Guide
Installation SAP HANA 1.0 Installation Guide
SAP HANA SAP HANA Knowledge http://help.sap.com/hana
Administration & Center on SAP Help
Security Portal SAP HANA 1.0 Technical Operations Manual
SAP HANA 1.0 Security Guide
SAP In-Memory Appliance (SAP HANA) 5
7. SAP HANA Security Guide – Trigger-Based Replication June 2011
User Administration and Authentication
The SAP LT Replicator uses the user management and authentication mechanisms provided
with the SAP NetWeaver platform, in particular the SAP NetWeaver Application Server.
Therefore, the security recommendations and guidelines for user administration and
authentication as described in the SAP NetWeaver Security Guide [SAP Library]
Application Server ABAP Security Guide also apply to the SAP LT Replicator.
This section provides information about user management, administration and authentication
that specifically applies to SAP LT replicator in addition to the standard procedures.
For accessing the source systems by remote function call (RFC), requires a communication
user. As communication user, the access to the source system is exclusively by RFC without
the ability to execute steps in dialog mode directly in a system. For more information about
this user type, see the section User Types in the SAP Web AS ABAP Security Guide.
The following security measures apply with regard to user management for SAP LT
Replicator:
Irrespective of all security measures, the users who have access to the SLT system will have
(indirect) access to the production data in the source system and may be able to see
information stored there. Consequently, we recommend that you limit the number of users in
the SLT system to a minimum to prevent unauthorized access to production data.
SAP In-Memory Appliance (SAP HANA) 6
8. SAP HANA Security Guide – Trigger-Based Replication June 2011
Authorizations
The SAP LT Replicator uses the authorization concept provided by the SAP NetWeaver AS
ABAP. Therefore, the recommendations and guidelines for authorizations as described in the
SAP NetWeaver AS Security Guide ABAP and SAP NetWeaver AS Security Guide Java also
apply to the SAP LT Replicator.
The SAP NetWeaver authorization concept is based on assigning authorizations to users
based on roles. For role maintenance, use the profile generator (transaction PFCG) on the AS
ABAP and the User Management Engine’s user administration console on the AS Java.
For more information about how to create roles, see Role Administration (SAP
Library)
Specific authorizations apply for each system. Authorizations for source system(s) and SLT
system are available in user profiles to control the actions that a user is authorized to perform.
Amongst many other existing SAP NetWeaver based authorization objects, the following
authorization objects are specifically important for the use of SAP LT replicator:
S_DMIS
Description: Authority object for SAP SLO Data migration
Authorization fields
Field name Heading
MBT_PR_ARE MBT PCL: Scenario
MBT_PR_LEV MBT PCL: Processing Role Level
ACTVT Activity
S_DMC_S_R
Description: MWB: Reading / writing authorization in sender / receiver
Authorization fields
Field name Heading
ACTVT Activity
User Roles
With SAP LT replicator, the composite role SAP_IUUC_USER is available that includes the
following roles:
SAP_IUUC_REMOTE
SAP_DMIS_USER
SAP_SLOP_USER
SAP In-Memory Appliance (SAP HANA) 7
9. SAP HANA Security Guide – Trigger-Based Replication June 2011
Network Security
Access to source systems using SAP LT replicator takes place exclusively through RFC
connections. For more information about security issues in connection with RFC, see the
relevant sections in the SAP Library on SAP Help Portal.
Communication Destinations
SAP LT replicator does not come with fixed destinations or user names. The following
destinations need to be created:
Source System(s)
Users in RFC destinations need to be of type Communication / CPIC – and require
authorizations specified by one of the following composite roles:
o SAP_LT_RFC_USER
o SAP_LT_RFC_USER_700
o SAP_IUUC_USER or SAP_IUUC_REMOTE
Configuration
Configuration settings as defined in LT based replication schemas are be stored in SAP LT
replicator control tables on the SLT system.
In source system(s), there is no specific initial configuration data created, however with the
initialization of the data replication, DB triggers and logging tables are created.
For logging tables, it is possible to create a separate table space within the database for
monitoring the size of logging tables.
No specific configuration settings are required on the SAP HANA system.
SAP In-Memory Appliance (SAP HANA) 8