Skip to Content
0

How to lock HANA production system and set to not modifiable?

Nov 23, 2016 at 05:57 PM

480

avatar image
Former Member

I want to lock HANA production system and set to not modifiable like we do SAP BW system in SCC4.

Can we do this where objects will change through import option only not directly.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Best Answer
Lars Breddemann
Nov 25, 2016 at 08:44 AM
1

There is no general switch to stop structural changes from happening.

The way to handle this on DB level (not just HANA) is to collect the required privileges in roles and only grant those roles to users if and when they should perform changes.

For SAP HANA you'll find examples of standard roles as templates that take care about the specifics of repository development, activation and catalog object development.

As this is not a topic where you can simply go by your intuition, I highly recommend reading the documentation on that!

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thanks Lars for confirmation, I was thinking there can be global configuration setting/switch to handle this.

0
avatar image
Former Member Nov 23, 2016 at 06:12 PM
0

Hi,

SCC4 is an SAP level transaction code (available in all SAP systems not only BW) to manage your client settings, nothing to do with database (HANA is a database type).

So irrespective of database type you can use SCC4 to maintain client settings & SE06 to maintain software components and namespaces.

Regards,

Harish Karra

Share
10 |10000 characters needed characters left characters exceeded
Reagan Benjamin
Nov 23, 2016 at 11:19 PM
0

Tx's SE06 and SCC4 are used at the application level which prevents certain modifications to the system components/tables. There is no way you can use use them at the database level as these are ABAP Tx's.

>>Can we do this where objects will change through import option only not directly.<<

Anyone with access and authorisations to the database can modify the database tables bypassing ABAP. You can only control this behaviour by restricting users with limited authorisations or no access to the database.

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Nov 24, 2016 at 11:52 AM
0

Thanks Reagan and Harish for your time and explanation...

I understand that SE06 and SCC4 is netwear based T.Codes. If we see mostly QA and Production systems(SAP NetWear based environment) are locked for direct change. Only through transport we change move new changes.

Same I want to do with HANA studio developments. I want to restrict users for direct development and modification in QA and Prd systems(HANA studio level or you can say Native HANA development). I want let user import option so they can do import in through delivery unit/developer mode.

Is there any we can handle this directly at system level means not user authorization level?

Thanks again..

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member
Dec 01, 2016 at 04:30 PM
0

Hi KD Jain,

There is no provision for locking down a system - setting it as non-modifiable. You can only "lock down" direct modifications by not granting these privileges to anyone.

For control though, there are multiple options:

1. Implement SAP HANA Application Lifecycle Management

Natively integrated with SAP HANA development - Changes immediately result into creation of a new request. One request can hold multiple changes. Then, selectively transport requests to Production.

2. SAP HANA Transport for ABAP

Not natively integrated with SAP HANA (from Developer perspective). ABAP layer traces the changes effected in SAP HANA and then you selectively transport to Production with standard SMTS . Directly compliant with organisation's transport policies, etc. Some limitations do exist in it as well.

3. CTS+

Not used it though.

Regards,

Kapil

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thanks Kapil for your time and explanation. We have managed to do same with authorizations.

1
Former Member
Former Member

Hi Jain,

We are also trying to restricted the Users from changing anything in HANA QA & Prod, would be helpful if you can share what authorizations you have used to restrict the users (or any reference document).

Thanks & Regards

Shankar

0