SAP has a fairly mature and sophisticated authorization system. It can be used to protect virtually any data you want. SAP standard authorization objects take care of 99% of the authorization check. If that is not enough, you can create your own authorization objects and if that is still not enough, you can often use BADIs, enhancement spots and user exits to get the last 1%.
With HANA everything will be different. And by that I really mean EVERYTHING. No more authorization objects. Instead, you can assign System Privileges, Object Privileges, Analytical Privileges and Package Privileges at database level. You have to deal with repositories and schemas and wonder where you ended up. From a pure privilege perspective, this is a step backwards (but even privileges in ERP started out small).
Next blog entries will bring light into the darknessā¦