SAP HANA Security Part 1: The Difference Between Run-Time and Design-Time Roles

The basics about SAP HANA security can be a somewhat confusing topic, even for experienced users. However, there are some terms and concepts that users must understand in order to properly set up security in SAP HANA. In the first of this two-part series about SAP HANA security, gain an overview of two ways for building security roles: run-time and design-time roles. There are significant differences between these two techniques, each with its own advantages and disadvantages.

Key Concept

In the early days of SAP HANA, there was only one way to build roles that enabled some users to see data X and others to see data Y: it had to be coded manually. Now there are SAP HANA graphical and automated tools that allow security roles to be built that can be assigned to users to do this task. When choosing which graphical option to use, the SAP HANA SQL-compliant database codes the required data control language (DCL) syntax behind the scenes. There are options on which user interface (UI) to use, however, and even though either UI creates code, which one is chosen affects the ultimate goal of achieving an easy-to-administer yet still secure SAP HANA system.