cancel
Showing results for 
Search instead for 
Did you mean: 

Replicate SAP Row Level Security on SQL Server

0 Kudos

Hi,

Firstly apologies I have no real experience in SAP, I am a Lead Data Engineer working on SQL Server and Azure.

We are currently in the process of creating a data feed between SAP and our Azure Data Lake using OpenHub to extract the SAP data. As the information is sensitive the Data Lake is locked down so only specific developers can access the data. Upstream from this we will be moving the data to our SQL Server Data Warehouse which is where we need to enforce a strict security layer. As I understand it the SAP security which restricts what someone can see is based on their role, Is there a way to replicate this on a SQL database? Just as an idea, if we had details on SQL Server of each Role, what row level security the role enforced and who was in each role we could use SQL Server row level security to enforce this. Is this possible or is there a better approach?

Many Thanks

former_member27
Community Manager
Community Manager
0 Kudos

Hi

Thank you for visiting SAP Community to get answers to your questions. Since this is your first question, I recommend that you familiarize yourself with: https://community.sap.com/resources/questions-and-answers, as the overview provides tips for preparing questions that draw responses from our members.
Should you wish, you can revise your question by selecting Actions, then Edit.
By adding a picture to your profile you encourage readers to respond: https://developers.sap.com/tutorials/community-profile.html
Regards,
Dedi

Accepted Solutions (0)

Answers (1)

Answers (1)

jurjen_heeck
Active Contributor
0 Kudos

Hi Dave,

I'm afraid the SAP security roles will not (always) give you that information. Security is mostly enforced on functionality (read/write) and data structures within the application software which may or may not correspond to the actual data structures in the database. The granularity of authorizations also differs across the various SAP modules, which all have their own specific authorization objects. I'd say there's no easy or consistent way to query these roles for the information you want from them.

Jurjen