{"id":13871,"date":"2026-01-22T10:27:07","date_gmt":"2026-01-22T08:27:07","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=13871"},"modified":"2026-01-22T10:27:07","modified_gmt":"2026-01-22T08:27:07","slug":"governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/","title":{"rendered":"Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Unlike traditional ERP environments, where direct, live access to the database was an infrequent and highly restricted practice, the evolution toward an S\/4HANA architecture has increased this type of access for, among other tasks, leveraging its real-time analytical capabilities. While this opens up a world of possibilities for data exploitation, it also expands the scope and the level of detail that monitoring teams must address.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This article will cover the key points and best practices aimed at controlling and mitigating the main security risks in SAP HANA databases, primarily data integrity, availability, and confidentiality.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Below, the most relevant security validations at this layer are detailed, along with what we can expect from them and which recommendations can be followed to harden the control environment.<\/span><\/p>\n<h2><b>The Main Schema: The Core of the System<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">At the center of the database is the so-called \u201cmain schema,\u201d whose default technical name is SAPHANADB for RISE systems or SAPABAP1 for on-premise systems. Its importance lies in its content: all transactional and business information of the system, as well as the main technical and functional configuration tables.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This means that direct modification of this schema represents one of the most critical threats to both data and system integrity. In addition, if such practices are detected by SAP, they may lead to the loss of contractual technical support.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For this control, an example is provided with the key points:<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Risk<\/b><\/td>\n<td><b>High (High impact, Medium probability)<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Detail<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Direct modification of standard tables in the main HANA database schema.<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Threat<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Direct modification of standard tables may cause data corruption, logical inconsistencies, and the loss of official SAP support. These actions bypass all application control layers, such as validations, business logic, audit trails, and authorization checks.<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Environments<\/span><\/td>\n<td><span style=\"font-weight: 400;\">PRD, QAS, DEV<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Recommendations<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Treat the main schema as read-only for any access that does not originate from the SAP application itself. Use exclusively the BAPIs, function modules (application layer), or APIs (database layer) provided by SAP for any interaction with the data.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">As a relevant point, it should be noted that write access to the main schema must be exclusive to the application user, that is, the account used by the SAP system from the application layer to persist changes in the database layer. No other user should perform this type of change, nor should dialog-type access be allowed for this user. (In the case of RISE, this is no longer possible due to infrastructure restrictions).<\/span><\/p>\n<h2><b>System Permissions: Generic Users and Critical Privileges<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Database access and permissions must be managed under the principle of least privilege, clearly differentiating the following types of users:<\/span><\/p>\n<ul>\n<li aria-level=\"1\"><b>Read-only users<\/b><span style=\"font-weight: 400;\">: Accounts with viewing permissions intended for real-time data consumption. This information is later processed in other satellite systems for dashboards or reporting.<\/span><\/li>\n<li aria-level=\"1\"><b>Administrator users<\/b><span style=\"font-weight: 400;\">: Accounts with the highest privileges and, therefore, the greatest associated potential risk.<\/span>\n<ul>\n<li aria-level=\"1\"><b>Standard users (SYSTEM &amp; _SYS_REPO):<\/b><span style=\"font-weight: 400;\"> These are the most powerful users in the database. Best practice, recommended by SAP, is to use them only for initial configuration (creating the first administrator users with the minimum required privileges) and then deactivate them. They should only be temporarily reactivated for emergency tasks, which implies having controls in place to ensure these accounts are not activated or used without authorization.<\/span><\/li>\n<li aria-level=\"1\"><b>Local users:<\/b><span style=\"font-weight: 400;\"> After the initial configuration, these local database users are created for maintenance purposes. They should not have write access to the main schema, and it must be controlled which employees have access to them, along with periodic validation of this superuser list.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">On the other hand, as in the application layer, there is a set of <\/span><b>critical privileges<\/b><span style=\"font-weight: 400;\"> that, in productive environments, should not be assigned except in exceptional cases, and always to the minimum extent possible. The most critical are:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>DATA ADMIN<\/b><span style=\"font-weight: 400;\">: Authorizes the execution of all data definition (DDL) commands, allowing modification of the database structure.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>AUDIT ADMIN:<\/b><span style=\"font-weight: 400;\"> Allows users to administer and manage audit configurations within the database.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>USER ADMIN &amp; ROLE ADMIN:<\/b><span style=\"font-weight: 400;\"> Allows users to manage database users and roles, enabling potential privilege escalation.<\/span><b>.<\/b><\/li>\n<\/ul>\n<h2><b>The Audit Trail<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The audit trail is key for incident detection and control compliance. It must be proactively configured, as it is not enabled by default with the full available policy. At a minimum, it is recommended that it logs the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">User and role management commands (<\/span><b>CREATE\/DROP USER\/ROLE<\/b><span style=\"font-weight: 400;\">).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Changes to privileges and\/or authorizations (<\/span><b>GRANT\/REVOKE<\/b><span style=\"font-weight: 400;\">).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Changes to the audit configuration itself that may have compromised its integrity.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Failed user access attempts, for the purpose of detecting brute-force attacks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Changes to system configuration.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Regarding the storage of these logs, it is recommended to store them in an external location, making them inaccessible and immutable even for a database administrator. Integrating these logs with the company\u2019s corporate SIEM (Security Information and Event Management) is also a widely adopted practice.<\/span><\/p>\n<h2><b>Monitoring<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">It is essential to have monitoring and periodic review processes for users, their activity, and the permissions they hold:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Periodic Privilege Review:<\/b><span style=\"font-weight: 400;\"> Quarterly or semiannual reviews of all HANA database users, paying special attention to those with system privileges.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Audit Trail Monitoring:<\/b><span style=\"font-weight: 400;\"> Establish a process, preferably automated, to analyze logs for anomalous activity. Integrating HANA logs with the SIEM tool is common practice and facilitates this task.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Access Governance:<\/b><span style=\"font-weight: 400;\"> Define a formal process for requesting, approving, and revoking database access, documenting the business justification for each request.<\/span><\/li>\n<\/ul>\n<h2><b>Key Takeaways<\/b><\/h2>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Direct modification of standard tables in the main HANA schema entails a serious integrity risk and the potential loss of SAP support.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Write access to the main schema must be exclusive to the application user.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The management of privileged users must be extremely restrictive, starting with the deactivation of standard users and the limitation of critical privileges for local administrators.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enabling and properly configuring the audit trail, together with its integration with the corporate SIEM, provides a robust control system.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Defining a periodic access and user review process, along with active monitoring of audit logs, is key.<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Unlike traditional ERP environments, where direct, live access to the database was an infrequent and highly restricted practice, the evolution toward an S\/4HANA architecture has increased this type of access for, among other tasks, leveraging its real-time analytical capabilities. While this opens up a world of possibilities for data exploitation, it also expands the scope&#8230;<\/p>\n","protected":false},"author":6,"featured_media":13875,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[61],"tags":[],"class_list":["post-13871","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sap-security-en-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices - Inprosec<\/title>\n<meta name=\"description\" content=\"Discover the key governance and oversight controls for S\/4HANA databases, including best practices to protect data integrity, confidentiality, and availability while reducing security risks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices\" \/>\n<meta property=\"og:description\" content=\"Discover the key governance and oversight controls for S\/4HANA databases, including best practices to protect data integrity, confidentiality, and availability while reducing security risks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-22T08:27:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/5.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"Governance and Oversight in S\\\/4HANA Databases: Key Controls and Best Practices\",\"datePublished\":\"2026-01-22T08:27:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/\"},\"wordCount\":1000,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/5.jpg\",\"articleSection\":[\"SAP Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/\",\"name\":\"Governance and Oversight in S\\\/4HANA Databases: Key Controls and Best Practices - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/5.jpg\",\"datePublished\":\"2026-01-22T08:27:07+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"Discover the key governance and oversight controls for S\\\/4HANA databases, including best practices to protect data integrity, confidentiality, and availability while reducing security risks.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/5.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/5.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Governance and Oversight in S\\\/4HANA Databases: Key Controls and Best Practices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices - Inprosec","description":"Discover the key governance and oversight controls for S\/4HANA databases, including best practices to protect data integrity, confidentiality, and availability while reducing security risks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/","og_locale":"en_US","og_type":"article","og_title":"Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices","og_description":"Discover the key governance and oversight controls for S\/4HANA databases, including best practices to protect data integrity, confidentiality, and availability while reducing security risks.","og_url":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/","og_site_name":"Inprosec","article_published_time":"2026-01-22T08:27:07+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/5.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices","datePublished":"2026-01-22T08:27:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/"},"wordCount":1000,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/5.jpg","articleSection":["SAP Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/","url":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/","name":"Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/5.jpg","datePublished":"2026-01-22T08:27:07+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"Discover the key governance and oversight controls for S\/4HANA databases, including best practices to protect data integrity, confidentiality, and availability while reducing security risks.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/5.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2026\/01\/5.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/governance-and-oversight-in-s-4hana-databases-key-controls-and-best-practices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"Governance and Oversight in S\/4HANA Databases: Key Controls and Best Practices"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=13871"}],"version-history":[{"count":1,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13871\/revisions"}],"predecessor-version":[{"id":13877,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13871\/revisions\/13877"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/13875"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=13871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=13871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=13871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}