cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HANA Column Level Encryption

Go to solution
rama_shankar3
Active Contributor

on ‎06-19-2017 8:00 PM

0 Kudos

Hi Lars,

Can we implement HANA column level data encryption and decryption (by role) / HANA SQL?

Below is what I am trying to design: please review and advise. Thanks.

–Need the functionality to encrypt column level data in SLT during read/write operation and store encrypted value in HANA table column, decrypt data using HANA security roles for SAP ECC ( ISU and CRM) Data –

–Need the functionality to encrypt column level data within HANA during data transformation ( table to table ) and decrypt data back using HANA security roles for any HANA table.column

Show replies
Show replies
former_member664588
Discoverer
‎03-05-2020 12:46 AM
0 Kudos

Hi,

I see that you try to find out an encryption and decryption feature for a column, I see that you have visited the same places I've been. On the last link there is half the answer for encryption. Did you manage to solve it?

Thank you

Alejandro Raitarsky

Answer

Accepted Solutions (1)

Accepted Solutions (1)

lbreddemann
Active Contributor
‎06-20-2017 12:26 AM
0 Kudos

SAP HANA doesn't provide a functionality for column level encryption as of now (HANA2 SPS1).

What is available is a *column masking* option in the modelling environment.

Also, there had been modelling approaches to implement data access based on roles/privileges (you should find those, if you look around here on SCN).

Bottom line on that is: you will have to implement the data access/masking/scrambling scheme yourself in the system. There is no simple function, that would lock/unlock access to certain columns by role membership.

Show replies
Show replies
lbreddemann
Active Contributor
‎01-18-2019 12:41 AM
0 Kudos

Yes, to use the data masking and anonymisation feautures the scriptserver needs to be set up. Read the documentation- it’s all in there.

Answers (4)

Answers (4)

former_member183334
Active Participant
‎11-08-2017 11:18 AM
0 Kudos

Hi Rama,

please check below link for encrypt and decrypt feature.

https://blogs.sap.com/2017/10/07/column-encryption-decryption-on-hana/

Regards,

Sathya

Show replies
Show replies
rama_shankar3
Active Contributor
‎08-05-2017 10:17 PM
0 Kudos

Thanks Guys. I have developed a custom solution for the encrypt and decrypt feature. FYI - from HANA 20 SP2, the procedure and functions source code can be encrypted. This is a big plus to application developers who build 3rd party applications on HANA platform.

I hope SAP soon releases standard encrypt and decrypt for table column data which can be customized by AP's and/or roles.

Cheers!

Show replies
Show replies
lbreddemann
Active Contributor
‎08-06-2017 3:25 AM
0 Kudos

Two remarks to this:

  1. If your encryption/decryption solution is based on a secret mechanism in an encrypted procedure, it's not secure. Not sure, if you meant to indicate that this is the case, but your mentioning of the source encryption makes it look like it is.
  2. The code encryption for sqlscript in HANA 2 SP2 only covers the runtime-objects. So, to hide the source code from anyone, the usual transport mechanisms cannot be used, since the unencrypted source code then shows up in the repository.
    That means a person who is allowed to know the source code has to run a SQL script manually on every database that should have the encrypted code. Not sure how your distribution model works, but this clearly puts limits to a product that should be installed/maintained on more than a couple of instances.
    Also: in case you have multiple versions of an encrypted procedure, there's no built-in way to identify which version is present in a database - not too nice for supporting this code in production.
rama_shankar3
Active Contributor
‎06-26-2017 11:39 PM
0 Kudos

Thanks Nagaraj. I already read the above blogs but it does not help with decription. HASH function only encrypts one-way; we can not decrypt. I need to encrypt and decrypt back the value within HANA. That is my requirement.

Please let me know if you know a secure encrypt and decrypt function.

Show replies
Show replies
former_member213277
Active Participant
‎06-27-2017 7:10 PM
0 Kudos

Hi Rama,

I am not sure there is a feature available currently in HANA to encrypt and Decrypt the data

Regards,

Nag

former_member213277
Active Participant
‎06-20-2017 1:06 AM
0 Kudos

Hi Rama,

pl, check below links and see if it can help

https://archive.sap.com/discussions/thread/3799696

https://archive.sap.com/discussions/thread/3510329

Regards,

Nagaraj

Show replies
Show replies
Ask a Question