Which deployment scenarios feature security staying in the application server and end users not logging in to the SAP HANA system?

The scenario where security remains in the application server and end users do not log in directly to the SAP HANA system pertains to the use of SAP HANA as a reporting server. In this setup, the reporting layer interacts with SAP HANA for data retrieval and processing, while the underlying user authentication and authorization mechanisms are managed at the application server level. This allows the application server to handle user access, ensuring that users never need to directly interface with the HANA database.

In contrast, other deployment scenarios either require direct interactions with the HANA database or do not centralize security in the application server. For instance, in a deployment where HANA serves as a database, the end users may need to authenticate directly against the database to perform activities like querying data. Similarly, when using HANA as a side-by-side accelerator, the architecture often involves interactions between the client and HANA directly, which can require user authentication at the database level.

Using HANA as a platform with XS applications may also involve scenarios where end users could access the database directly, thereby necessitating user logins. Thus, the reporting server scenario is distinct in its ability to centralize security in the application server while keeping the user experience seamless and authentication simplified.