We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Regarding S4 HANA Connector

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 3 2022 at 19:53 UTC

Hello All,


We are doing requirements gathering for S4 HANA for IGA (provisioning <account on S4 HANA - create, update, disabled, activate, delete>, access assignment via ARS, SoD and import of account and entitlements of S4 HANA onto Saviynt). The documentation on S4 HANA connector documentation says, we can use the DB connector and has details of create account JSON, but it mentions only a function/procedure name for assign and revoke access. Here is the assign Access json from the connector guide:

{

"HANA_Role" : ["CALL GRANT_ACTIVATED_ROLE ('${task.entitlement_valueKey.entitlement_value}',

'${accountName.toUpperCase()}')"]

}


I am looking for the following:

1. Is the DB connector sufficient enough to do provisioning, access assignment and import on S4 HANA? 

2. Do we also need a JCO connector along with DB connector?

3. If anyone has implemented this connector, can you share sample JSONs or details around how can we implement provisioning, access assignment and import of account and entitlements into Savyint?


Any responses would be greatly appreciated


Thanks

Sunil Rashinkar

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
4 REPLIES 4

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 3 2022 at 20:13 UTC

Hello Sunil,


SAP HANA and SAP S4 HANA are two different "products".


SAP S4 HANA is still an ABAP based which means you can still use the Saviynt SAP Connector : https://saviynt.freshdesk.com/a/solutions/articles/43000539903

SAP HANA is Database based hence needs a DB based connector of Type HANA : https://saviynt.freshdesk.com/a/solutions/articles/43000529920




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 4 2022 at 17:28 UTC

Thanks Avinash for your response. 

I will check with our team on which SAP HANA is getting built. 


We did try the SAP HANA SQL console (with my trial version on SAP) to create account, update account, disable account, enable account, delete account, get accounts, get roles, get privileges. But when I check the SAP HANA DB Connector guide screen shots, I see there are total 14 entitlements and I am able to see only 9 from the screen shots. Where can I get the complete list:

1. PROFILES

2. HANA_Rrole

3. Hana_Schema

4. Hana_Table

5. Analytical_privilege

6. System_Privilege

7. Package_Privilege

8. Application_Privilege

9. HANA_View

10. ??

11. ??

12. ??

13. ??

14. ??


Another question I have is, do we have to manage access assignment and revoke on all the above 14 entitlements?


Tks

Sunil


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 4 2022 at 22:38 UTC

Hello Sunil,


I am not aware of the 14 entitlement types but the ones I know of are listed below.


  • Analytical_Privilege    
  • Application_Privilege    
  • Hana_Function    
  • Hana_Procedure    
  • HANA_Role    
  • Hana_Schema    
  • Hana_Table    
  • Hana_View    
  • Packages    
  • Package_Privilege    
  • System_Privilege


Perhaps, what entitlement types needs to be managed in SAP HANA is something that the Project Team should be able to tell you. 

I do not have a first hand knowledge on the subject matter and will leave it to the SME's in the community who has tackled it before.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 4 2022 at 23:36 UTC

I see the following are not present in your list of 11 entitlement types:

Profiles

Object_Privilege

Attached image is from the SAP HANA DB connector guide on Freshdesk that shows 14 different types of entitlements.


My next step is to create SQL queries to retrieve each of them. I have SQL queries that gives me these entitlements form the HANA DB except for the following:

Profiles

Procedure

Packages

Do you have the queries for these?


The next set of questions I have are....

Does the SAP Role on HANA DB comprise of the 5 types of privileges (Analytical, System, Application, Package & Object) ? Or are these privileges separate and can be assigned to the user's account on SAP HANA DB? OR how are these roles associated with privileges. When I click on any role, I can see privileges under it and also I can assign privileges to the user's account on SAP HANA DB.  


Appreciate all your responses so far


Thanks

Sunil Rashinkar


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.