Background documentationIntroduction

 

This guide does not replace the administration or operation guides that are available for productive operations.

Target Audience

  • Technology consultants

  • Security consultants

  • System administrators

This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation of your system should not result in loss of information or processing time. These demands on security apply likewise to the SAP ERP Central Component. To assist you in securing the SAP ERP Central Component, we provide this Security Guide.

About This Document

The Security Guide provides an overview of the security-relevant information that applies to the SAP ERP Central Component. The SAP ERP Central Component covers the core components Accounting, Logistics, and Human Resources and other components used across these core components. This guide cross-references information in existing security guides where available, or other relevant documentation where security aspects are discussed.

Since the SAP ERP Central Component is based on and uses SAP NetWeaver technology, it is essential that you consult the Security Guide for SAP NetWeaver. See SAP Service Marketplace at Start of the navigation path service.sap.com/securityguideInformation published on non-SAP site Next navigation step SAP NetWeaver End of the navigation path.

For all Security Guides published by SAP, see SAP Service Marketplace at service.sap.com/securityguideInformation published on non-SAP site.

Overview of the Main Sections

The Security Guide comprises the following main sections:

  • Before You Start

    This section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide.

  • Technical System Landscape

    This section provides an overview of the technical components and communication paths that are used by the SAP ERP Central Component.

  • Security Aspects of Data, Data Flow, and Processes

    This section provides an overview of security aspects involved throughout the most widely used processes within the SAP ERP Central Component.

  • User Administration and Authentication

    This section provides an overview of the following user administration and authentication aspects:

    • Recommended tools to use for user management

    • User types that are required by the SAP ERP Central Component

    • Standard users that are delivered with the SAP ERP Central Component

    • Overview of the user synchronization strategy, if several components or products are involved

    • Overview of how integration into Single Sign-On environments is possible

  • Authorizations

    This section provides an overview of the authorization concept that applies to the SAP ERP Central Component.

  • Session Security Protection

    This section provides information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s).

  • Network and Communication Security

    This section provides an overview of the communication paths used by the SAP ERP Central Component and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.

  • Internet Communication Framework Security

    This section provides an overview of the Internet Communication Framework (ICF) services that are used by the SAP ERP Central Component.

  • Data Storage Security

    This section provides an overview of any critical data that is used by the SAP ERP Central Component and the security mechanisms that apply.

  • Security for Third-Party or Additional Applications This section provides security information that applies to third-party or additional applications that are used with the SAP ERP Central Component.

  • Enterprise Services Security

    This section provides an overview of the security aspects that apply to the enterprise services delivered with the SAP ERP Central Component.

  • Security-Relevant Logging and Tracing

    This section provides an overview of the trace and log files that contain security-relevant information, for example, so you can reproduce activities if a security breach does occur.

  • Appendix

    This section provides references to further information.