These questions are similar to the ones asked in the actual Test.
How should I know? I know, because I have recently certified with the latest version of the Technical Certification test.
Before you start here are some Key features of the HANA Technology Associate Certification Exam
– The exam is Computer based and you have three Hours to answer 80 Questions.
– The Questions are (mostly) multiple choice type and there is NO penalty for an incorrect answer.
– Some of the Questions have more than one correct answers. You must get ALL the options correct for you to be awarded points.
– The Official Pass percentage is 60% (But this can vary). You will be told the exact passing percentage before your begin your test.
Note: Unless stated otherwise, All questions have more than one correct answer.
Q1. The relationship between the entities involved in user management can be summarized as follows:
(More than one answer is correct)
a. A role is used to grant authorization to carry out operations on database objects, such as schemas, tables, and views.
b. A principal is either a role or a user.
c. A known user can log on to the database. A user can be the owner of database objects.
d. A role is a collection of privileges and can be granted to either a user or another role (nesting).
Answer; b, c, d
Every user who wants to work with the SAP HANA database must have a database user. The identity of a database user accessing the database is verified through a process called authentication.
Whether or not a user is authorized to perform operations on objects in the database is determined by their privileges. The database user must have privileges to perform the operation and to access the object (for example, a table) to which the operation applies.
Privileges can be granted to database users either directly, or indirectly through roles that they have been granted.
All the privileges granted directly or indirectly to a user are combined. This means whenever a user tries to access an object, the system performs an authorization check on the user, the user’s roles, and directly granted privileges.
It is not possible to explicitly deny privileges. This means that the system does not need to check all the user’s roles. As soon as all requested privileges have been found, the system aborts the check and grants access.
Although privileges can be granted directly to users, roles are the standard mechanism of granting privileges as they allow you to implement both fine-grained and coarse-grained reusable hierarchies of user access that can be modeled on business roles.
● A principal is either a role or a user.
● A known user can log on to the database. A user can be the owner of database objects.
● A role is a collection of privileges and can be granted to either a user or another role (nesting).
● A privilege is used to grant authorization to carry out operations on database objects, such as schemas, tables, and views.
Q2. You can create and manage SAP HANA database users with several different tools. In this context, which of the following statements are true?
a. SAP HANA studio allows you to create users, roles and role hierarchies
b. SAP NetWeaver Identity Management 6.0 contains a connector to the SAP HANA database allowing you to create users and change their passwords.
c. SAP HANA On-Site Configuration tool allows you to create users, roles and role hierarchies
Tool; SAP HANA studio
User Administration Tasks Possible;
You can use the SAP HANA studio for the following tasks related to user and role administration:
●Creating database users
●Deleting, deactivating, and reactivating database users
●Modeling and activating analytic privileges
●Creating roles and role hierarchies
You can create roles in runtime on the basis of SQL statements or as design-time objects in the repository of the SAP HANA database. However, it is recommended that you create roles in the repository as they offer more flexibility (for example, they can be transported between systems).
●Assigning roles and privileges to users
●Verifying which privileges individual users have
Tool; Command line interface (hdbsql or other SQL tool)
User Administration Tasks Possible;
You can perform all user administration tasks from the command line using SQL requests. This is useful when using scripts for automated processing.
Tool; SAP NetWeaver Identity Management
User Administration Tasks Possible;
SAP NetWeaver Identity Management 7.2 Support Package Stack 3 and higher contains a connector to the SAP HANA database.
With SAP NetWeaver Identity Management you can perform the following user administration tasks in the SAP HANA database:
●Creating and deleting user accounts
●Setting passwords for users
Tool; SAP HANA On-Site Configuration tool
User Administration Tasks Possible;
You can use the SAP HANA On-Site Configuration tool to perform post-installation steps including changing user passwords.
Q3. It is often necessary to specify different security policies for different types of database user.
In the SAP HANA database, the following user types exist.
– Database users that correspond to real people
– Technical database users
Database users that correspond to real people
The database administrator creates a database user for every person who needs to work in the SAP HANA database.
Database users that correspond to real people are dropped when the person leaves the organization. This means that database objects that they own are also automatically dropped, and privileges that they granted are automatically revoked.
Technical database users
Technical database users do not correspond to real people. They are therefore not dropped if a person leaves the organization. This means that they should be used for administrative tasks such as creating objects and granting privileges for a particular application.
Some technical users are available as standard, for example, the users SYS, _SYS_STATISTICS, and _SYS_REPO. It is not possible to log on to the database with these users.
Other technical database users are application specific. For example, an application server may log on to the SAP HANA database using a dedicated technical database user.
Technically, these user types are the same – authentication and authorization are the same for both. The only difference between them is conceptual.
Q4. Certain users are required for installing, upgrading, and operating the SAP HANA database. Which of the following statements are true?
a. The <sid>adm database user is the initial user that is created during the installation of the SAP HANA database.
b. The SYS user is the initial user that is created during the installation of the SAP HANA database.
c. The _SYS_STATISTICS user is the initial user that is created during the installation of the SAP HANA database.
d. The <sid>adm user is an operating system user and is also referred to as the operating system administrator.
The SYSTEM database user is the initial user that is created during the installation of the SAP HANA database. SYSTEM is a powerful database user – it has irrevocable system privileges, such as the ability to create other database users, access system tables, and so on.
Do not use the SYSTEM user for day-to-day activities. Instead, use this user to create dedicated database users for administrative tasks and to assign privileges to these users.
User; <sid>adm where sid is the ID of the database system
The <sid>adm user is an operating system user and is also referred to as the operating system administrator.
This operating system user has unlimited access to all local resources related to SAP systems.
This user is not a database user but a user at the operating system level.
The SYS is a technical database user. It is the owner of system objects such as system tables and monitoring views.
_SYS_STATISTICS is a technical database user used by the statistics server of the SAP HANA database. The statistics server is the main component of the monitoring infrastructure of the SAP HANA database.
It collects information about status, performance, and resource usage from all components of the database and issues alerts if necessary.
Q5. An object can only be accessed by the following users:
(More than one answer is correct)
a. Users to whom the owner of the parent schema has granted privileges
b. The owner of the schema in which the object is located
c. Users to whom the owner of the object has granted privileges
Answer; a, b, c
For each SQL statement type (for example, SELECT, UPDATE, or CALL), a corresponding object privilege exists.
If a user wants to execute a particular statement on a database object (for example, table, view, or stored procedure), he or she must have the corresponding object privilege for either the actual object itself or the schema in which the object is located.
This is because the schema is an object type that contains other objects. A user who has object privileges for a schema automatically has the same privileges for all objects currently in the schema and any objects created there in the future.
Initially, the owner of an object and the owner of the schema in which the object is located are the only users who can access the object and grant object privileges on it to other users.
An object can therefore only be accessed by the following users:
○The owner of the object
○The owner of the schema in which the object is located
○Users to whom the owner of the object has granted privileges
○Users to whom the owner of the parent schema has granted privileges
The database owner concept stipulates that when a database user is deleted, all objects created by that user and privileges granted to others by that user are also deleted.
If the owner of a schema is deleted, all objects in the schema are also deleted even if they are owned by a different user. All privileges on these objects are also deleted.
Q6. SAP HANA offers different types of privileges. Which if the following is NOT a privilege offered by SAP HANA.
a. System privilege
b. Object privilege
c. Database privilege
d. Analytic privilege
Please find below the types of privileges used by SAP HANA.
System privileges are SQL privileges that control general system activities. They are mainly for administrative purposes, such as creating schemas, creating and changing users and roles, performing data backups, managing licenses, and so on.
Object privileges are SQL privileges that are used to allow access to and modification of database objects, such as tables and views. Depending on the object type, different actions can be authorized (for example, SELECT, CREATE ANY, ALTER, DROP, and so on).
Currently, SELECT, DROP, and DEBUG are the only privileges that can be granted on attribute views, analytic views, and calculation views.
Analytic privileges are used to allow read access to data in SAP HANA information models (that is analytic views, attribute views, and calculation views) depending on certain values or combinations of values. Analytic privileges are evaluated during query processing.
Package privileges are used to allow access to and the ability to work in packages in the repository of the SAP HANA database.
Packages contain design time versions of various objects, such as analytic views, attribute views, calculation views, and analytic privileges.
Developers of SAP HANA XS applications can create application privileges to authorize user and client access to their application.
Application privileges are granted and revoked through the procedures GRANT_APPLICATION_PRIVILEGE and REVOKE_APPLICATION_PRIVILEGE procedure in the _SYS_REPO schema.
It is not possible to grant application privileges to users or roles in the SAP HANA studio. It is recommended that you grant application privileges to roles created in the repository.
Q7. Choosing your SAP system ID should be done carefully The following rules should be followed;
a. System ID Is unique throughout your organization.
b. Consists of exactly four alphanumeric characters
c. Contains only uppercase or lowercase letters
d. Has a number for the first character
You need to make sure that your SAP system ID:
• Is unique throughout your organization. Do not use an existing <SID> when installing a new SAP system.
• Consists of exactly three alphanumeric characters
• Contains only uppercase letters
• Has a letter for the first character
• Does not include any of the following, which are reserved IDs:
ADD ALL AMD AND ANY ARE ASC AUX AVG BIT CDC COM CON DBA END EPS FOR GET GID
IBM INT KEY LOG LPT MAP MAX MIN MON NIX NOT NUL OFF OLD OMS OUT PAD PRN RAW
REF ROW SAP SET SGA SHG SID SQL SUM SYS TMP TOP UID USE USR VAR
Q8. It is possible to rename a SAP HANA system using the hanaconfig.sh program.
You can rename a SAP HANA system using the hanaconfig.sh program. When you use the rename functionality (also called task), you can:
●change SID, instance number, hostname
●change system administrator password
●change database user password
●change SUM for SAP HANA SSL keystore password
The tool updates the landscape management (LM) structure folder, and generates new SSL certificates.
If you rename a SAP HANA system, this normally invalidates the permanent SAP license. You therefore need to reinstall the SAP license.
Before performing the rename, you need to meet these prerequisites:
●You identify an existing SAP HANA system, created by an installation or a file system copy, that is to be renamed.
●You mount the DVD with the SAP HANA On-Site Configuration tool, which you can find at the following location on the SAP HANA DVD: <HANA_DVD>\DATA_UNITS\HANA_IM_LINUX__X86_64
●The target system ID (SID) must not exist.
●The target instance number must not exist.
●You are logged in as the root user.
●<sapsid>adm user password must contain only ASCII symbols and be at least 8 characters long, and must contain at least one digit, one lowercase character and one uppercase character.
Only the following 3 special characters are allowed: $ _ #
More Questions? Have a look at: