Skip to Content

HANA Column Level Encryption

Hi Lars,

Can we implement HANA column level data encryption and decryption (by role) / HANA SQL?

Below is what I am trying to design: please review and advise. Thanks.

–Need the functionality to encrypt column level data in SLT during read/write operation and store encrypted value in HANA table column, decrypt data using HANA security roles for SAP ECC ( ISU and CRM) Data –

–Need the functionality to encrypt column level data within HANA during data transformation ( table to table ) and decrypt data back using HANA security roles for any HANA table.column

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    Jun 19, 2017 at 11:26 PM

    SAP HANA doesn't provide a functionality for column level encryption as of now (HANA2 SPS1).

    What is available is a *column masking* option in the modelling environment.

    Also, there had been modelling approaches to implement data access based on roles/privileges (you should find those, if you look around here on SCN).

    Bottom line on that is: you will have to implement the data access/masking/scrambling scheme yourself in the system. There is no simple function, that would lock/unlock access to certain columns by role membership.

    Add comment
    10|10000 characters needed characters exceeded

  • Jun 20, 2017 at 12:06 AM

    Hi Rama,

    pl, check below links and see if it can help

    https://archive.sap.com/discussions/thread/3799696

    https://archive.sap.com/discussions/thread/3510329

    Regards,

    Nagaraj

    Add comment
    10|10000 characters needed characters exceeded

  • Jun 26, 2017 at 10:39 PM

    Thanks Nagaraj. I already read the above blogs but it does not help with decription. HASH function only encrypts one-way; we can not decrypt. I need to encrypt and decrypt back the value within HANA. That is my requirement.

    Please let me know if you know a secure encrypt and decrypt function.

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 05, 2017 at 09:17 PM

    Thanks Guys. I have developed a custom solution for the encrypt and decrypt feature. FYI - from HANA 20 SP2, the procedure and functions source code can be encrypted. This is a big plus to application developers who build 3rd party applications on HANA platform.

    I hope SAP soon releases standard encrypt and decrypt for table column data which can be customized by AP's and/or roles.

    Cheers!

    Add comment
    10|10000 characters needed characters exceeded

    • Two remarks to this:

      1. If your encryption/decryption solution is based on a secret mechanism in an encrypted procedure, it's not secure. Not sure, if you meant to indicate that this is the case, but your mentioning of the source encryption makes it look like it is.
      2. The code encryption for sqlscript in HANA 2 SP2 only covers the runtime-objects. So, to hide the source code from anyone, the usual transport mechanisms cannot be used, since the unencrypted source code then shows up in the repository.
        That means a person who is allowed to know the source code has to run a SQL script manually on every database that should have the encrypted code. Not sure how your distribution model works, but this clearly puts limits to a product that should be installed/maintained on more than a couple of instances.
        Also: in case you have multiple versions of an encrypted procedure, there's no built-in way to identify which version is present in a database - not too nice for supporting this code in production.
  • avatar image
    Former Member
    Nov 08, 2017 at 11:18 AM

    Hi Rama,

    please check below link for encrypt and decrypt feature.

    https://blogs.sap.com/2017/10/07/column-encryption-decryption-on-hana/

    Regards,

    Sathya

    Add comment
    10|10000 characters needed characters exceeded