cancel
Showing results for 
Search instead for 
Did you mean: 

Synchronizing HANA DB Users

fralarsen
Participant
0 Kudos

I'm working on a requirement to provision Users to HANA DB from a 3rd party IDM tool. Each user requires both a user in the ABAP system and a database user in SAP HANA to enable access to the relevant views. We have custom services built to provision Users tor ABAP system. But could anyone guide on how to achieve the User Management functionality to HANA DB ? SAP does support the following methods for synchronizing datatabase users with the existing users in the ABAP system:

  • User synchronization using SAP NetWeaver Identity Management or an existing Identity Management (IDM) solution implemented in your organization
  • Mass user synchronization using ABAP DBMS user management tools
  • Manual user creation in SAP HANA

First option is pretty much what I'm looking for.

Does anyone has worked on such a requirement ? Any APIs on how to achieve this ?

Accepted Solutions (1)

Accepted Solutions (1)

former_member183326
Active Contributor
0 Kudos

SAP IDM can provision to SAP HANA. This is provided as standard via the frameworks. You can also use LDAP with the newer revisions of HANA.

What third party tool are you using? You could always use SCIM, you'd have to develop this but it means not having to buy new products (assuming your current IDM tool is SCIM enabled).

I would recommend using the LDAP feature (if you're using AD already).

fralarsen
Participant
0 Kudos

Hi Michael,

Thanks for your response. Does SAP IDM use any services or is it aswell using LDAP ?

I'm currently working on is Omada IDM tool and we are working to integrate HANA DB for User and Role Management activities. To start with, we need to Read Users and Rols and Create, Modify and Assign Users with additional Roles / Privileges.

Could you point to any document which describes how to achieve this using SCIM connectivity ?

I'd explore further on LDAP feature aswell as we are already provisioning to AD.

Regards,

Naresh

former_member183326
Active Contributor
0 Kudos

You can use a VDS (Virtual Directory Server) in order to use the LDAP protocol.

https://wiki.scn.sap.com/wiki/display/Security/Virtual+Directory+Server+-+Accessing+the+Identity+Sto...

SCIM is a open source protocol, there is no specific SAP documentation on this. You can get a developer to develop this SCIM protocol connector to do anything you want, there could some limitations on the HANA side but I am not sure. I would advise again that using the HANA LDAP feature would be the way to go as its seems its BAU for you.

Answers (1)

Answers (1)

JimmyYang
Advisor
Advisor
0 Kudos

HANA XS has an ability to dynamically create a user based on a SAML SSO login attempt.

The HANA system must be linked to the IDP and the IDP must have this option checked on.

Could this possibly be a solution for you?

Refer to: https://blogs.sap.com/2015/03/14/use-saml-to-enable-sso-for-your-xs-app-on-sap-hana-sps-09-rev-92-or...

fralarsen
Participant
0 Kudos

Hi Jimmy,

Thanks for the link. I'd go through it.

Regards,

Naresh