Skip to Content
0

HANA Column Level Encryption

Jun 19, 2017 at 07:00 PM

607

avatar image

Hi Lars,

Can we implement HANA column level data encryption and decryption (by role) / HANA SQL?

Below is what I am trying to design: please review and advise. Thanks.

–Need the functionality to encrypt column level data in SLT during read/write operation and store encrypted value in HANA table column, decrypt data using HANA security roles for SAP ECC ( ISU and CRM) Data –

–Need the functionality to encrypt column level data within HANA during data transformation ( table to table ) and decrypt data back using HANA security roles for any HANA table.column

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Best Answer
Lars Breddemann
Jun 19, 2017 at 11:26 PM
0

SAP HANA doesn't provide a functionality for column level encryption as of now (HANA2 SPS1).

What is available is a *column masking* option in the modelling environment.

Also, there had been modelling approaches to implement data access based on roles/privileges (you should find those, if you look around here on SCN).

Bottom line on that is: you will have to implement the data access/masking/scrambling scheme yourself in the system. There is no simple function, that would lock/unlock access to certain columns by role membership.

Share
10 |10000 characters needed characters left characters exceeded
Nagaraj G Jun 20, 2017 at 12:06 AM
0

Hi Rama,

pl, check below links and see if it can help

https://archive.sap.com/discussions/thread/3799696

https://archive.sap.com/discussions/thread/3510329

Regards,

Nagaraj

Share
10 |10000 characters needed characters left characters exceeded
Rama Shankar Jun 26, 2017 at 10:39 PM
0

Thanks Nagaraj. I already read the above blogs but it does not help with decription. HASH function only encrypts one-way; we can not decrypt. I need to encrypt and decrypt back the value within HANA. That is my requirement.

Please let me know if you know a secure encrypt and decrypt function.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Rama,

I am not sure there is a feature available currently in HANA to encrypt and Decrypt the data

Regards,

Nag

0
Rama Shankar Aug 05, 2017 at 09:17 PM
0

Thanks Guys. I have developed a custom solution for the encrypt and decrypt feature. FYI - from HANA 20 SP2, the procedure and functions source code can be encrypted. This is a big plus to application developers who build 3rd party applications on HANA platform.

I hope SAP soon releases standard encrypt and decrypt for table column data which can be customized by AP's and/or roles.

Cheers!

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Two remarks to this:

  1. If your encryption/decryption solution is based on a secret mechanism in an encrypted procedure, it's not secure. Not sure, if you meant to indicate that this is the case, but your mentioning of the source encryption makes it look like it is.
  2. The code encryption for sqlscript in HANA 2 SP2 only covers the runtime-objects. So, to hide the source code from anyone, the usual transport mechanisms cannot be used, since the unencrypted source code then shows up in the repository.
    That means a person who is allowed to know the source code has to run a SQL script manually on every database that should have the encrypted code. Not sure how your distribution model works, but this clearly puts limits to a product that should be installed/maintained on more than a couple of instances.
    Also: in case you have multiple versions of an encrypted procedure, there's no built-in way to identify which version is present in a database - not too nice for supporting this code in production.
0
avatar image
Former Member Nov 08, 2017 at 11:18 AM
0

Hi Rama,

please check below link for encrypt and decrypt feature.

https://blogs.sap.com/2017/10/07/column-encryption-decryption-on-hana/

Regards,

Sathya

Share
10 |10000 characters needed characters left characters exceeded