You are on page 1of 24

SAP HANA Administration

SAP HANA Partner Boot Camp - Day 3


System Monitoring
Overview

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 2
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Monitoring the System
Services Overview

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 3
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Monitoring the System
System load history – Check alerts etc.

Select interval on time axis Save to file and load from file

Change
time
scale

Avg in
displayed
time
range

Select host(s) Max in displayed time range


Select KPI(s)
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 4
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Monitoring the System
Disk Usage Details Data Size
Log Size
Total Size

Free Space

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 5
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Monitoring the System
Checking System Configuration

Layered Configuration in IMCE


 Hierarchy of parameter values
 Host overrules Tenant overrules System overrules Default
 Make sure to understand which setting is currently active.

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 6
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Monitoring the System
Statistics Server – Check alerts etc.

Alert status shown in overview tab


 Overview tab of administration console  Overview tab.
 Lists number of alerts per priority category
 Allows jumping into Alert details...
 ... which is identical to moving to “Alerts” tab of
administration console

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 7
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Troubleshooting
Displaying and saving DiagnosisFiles

To save a file locally, right-click and


choose „Download“ from the context menu
To display a file, double-click the file or
choose „Open“ from the context menu

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 8
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Troubleshooting
Displaying and saving JDBC Trace

Enable trace file via connection properties


Select size and local folder for storing the
trace file

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 9
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Troubleshootings
If studio is not sufficient

Some trace functionality is not available in IMCE Studio with HANA 1.0

SQL traces and performance traces can only be created with the HDBADMIN tool.

… Unfortunately, OS access(1) and X Windows Server(2) will be needed

 Logon with <sid>adm


 Start Adminstration via
 HDB admin
or
 ./HDBAdmin.sh

(1) Via Putty or xterm (2) Via XMING


This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 10
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Troubleshooting
SQL Trace & Performance Trace

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 11
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
SAP HANA Export and Import of
Objects
SAP HANA Partner Boot Camp - Day 3
Exporting and importing with SAP HANA

HANA supports export and import of Information Models, tables and more
Export and Import is handled via SAP HANA Studio
 Client-side export/import: to / from client PC running SAP HANA Studio
 Server-side export/import: to file system of SAP HANA Database server

Information Models

DB Server

Not in focus
Tables
for today
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 17
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Client Side Export / Import of Information Models
Overview

What is a client-side Export?


Export of Repository Objects
 Definitions of Attribute-, Analytic-,
Calculation Views
 Analytic Privileges
 Procedures
to the Client
 I.e. to the host on which Studio is running
Including inactive objects

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 18
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Client Side Export / Import of Information Models
Considerations

Client side import cannot overwrite existing objects


 For importing an update to a model into a target system
– First delete the model in the target system
– Then perform the import

Client side import does not activate


 Run mass activation following the import

Exported objects (xml files) can be changed


 Difficult to control editing of objects
– It is a way to copy views from one package into another
Note: quick launch  mass copy is the intended tool for this task

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 19
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Server Side Export / Import of Information Models
Overview

What is a client-side Export?


Export of Repository Objects
 Definitions of Attribute-, Analytic-, Calculation Views
 Analytic Privileges
 Procedures
to the Server (compressed tar file)
Based on a delivery unit
Delivery units are collections of packages for server-
side export/import

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 20
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Server Side Export / Import of Information Models
Considerations

Server-side import replaces entire packages


Can lead to “data loss”
 E.g.: target package already exists, has objects that are not part of export
 Should not be a problem in “two-system landscapes”
 Is intended for transporting deletions

Server-side import can do automatic activation


More convenient than client-side import
 If security setup allows importing and activation through the same user

Server-side export/import is the delivery method for SAP content for HANA

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 21
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Export / Import of Tables
Difference between binary export and csv export

CSV export does not contain DDL statement


 You can only re-import into existing table (or have to create table “somehow”)
 Binary export contains DDL as well  can also create the table

CSV export is human readable


 May be a security issue

CSV export is not compressed


 Export about factor 10 larger
than binary export
 Example: table MARA exported
as binary and CSV
binary is 1.7 MB
csv is 14 MB

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 22
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
SAP HANA Authorizations
SAP HANA Partner Boot Camp – Day 3

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 23
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
User Management and Security in SAP HANA
Scope of this document

Create Users
 Assign Initial
Passwords
 Important User
Parameters

Manage Users
Assign Security  Lock Users
 Control Access to  Reset Passwords
Objects
 Check User
 Row-Level Security Privileges
 Restrict allowed actions  Integration with BI

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 24
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Ideas for a Security Concept on SAP HANA

Why is a security concept in HANA required?


 Database administration should be restricted to skilled (and empowered) persons
 Access to ERP tables must be restricted
 Editing of HANA data models should only be possible for „owners“ of the model

 Several front-end tools offer direct access into HANA


 Object access as well as access to content of data model must be controlled within HANA
 Need to have named users in HANA for Information Consumers

Exceptions: no user management for Information Consumers required if


 Access to data does not need to be controlled
 All data access occurs via BI Semantic Layer
and
Security implemented in BusinessObjects Enterprise

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 25
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
User Management
User and Role Concept

Roles allow grouping privileges User


Create roles for specific tasks, e.g.
 Create data models (on a given subset of the data) Role:
 Activate data models edit + activate
 Manage users
 Export/Import Role: Role:
All types of privileges can be granted to a role edit model activate model

 Individual privileges
 Roles ( create a hierarchy of roles) Package: SQL:
SQL: Package:
create / edit write
select activate
Roles / privileges can be assigned to users models runtime
object
User / Role management are closely related
 Reflected in almost identical editor

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 26
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
User Management
User and Role Concept

Types of Privileges in HANA


System Privileges (restrict actions in the database)
 E.g “USER ADMIN”; “CREATE SCHEMA”; …
 Discussed in detail in SAP HANA Security Guide
http://help.sap.com/hana/hana1_imdb_sec_en.pdf

SQL Privileges (restrict access to data containers)


 E.g. “SELECT ON <table>”; “DROP ON <schema>”
 Discussed in detail in SAP HANA Security Guide
http://help.sap.com/hana/hana1_imdb_sec_en.pdf

Analytic privileges (row-level security for data models)


 E.g. see only data for cost center 1000

Modeling privileges (restrictions around modeling)


 Edit / activate data models in packages

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 27
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement
Analytic Privileges
The Concept

Analytic Privileges are used to control access to SAP HANA data models
Without Analytic Privilege, no data can be retrieved from
 Attribute Views
 Analytic Views
 Calculation Views

Implement row-level security with Analytic Privileges


Restrict access to a given data container to selected Attribute Values
 Field from Attribute View
 Field from Attribute View used in Analytic View
 Private Dimension of Analytic View
 Attribute field in Calculation View
 Combinations of the above
 Single value, range, IN-list

This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for
© 2011 SAP AG. All rights reserved. any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, 28
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement