This guide does not replace the administration or operation guides that are available for productive operations.
Technology consultants
Security consultants
System administrators
This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases.
With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation of your system should not result in loss of information or processing time. These demands on security apply likewise to the SAP ERP Central Component. To assist you in securing the SAP ERP Central Component, we provide this Security Guide.
The Security Guide provides an overview of the security-relevant information that applies to the SAP ERP Central Component. The SAP ERP Central Component covers the core components Accounting, Logistics, and Human Resources and other components used across these core components. This guide cross-references information in existing security guides where available, or other relevant documentation where security aspects are discussed.
Since the SAP ERP Central Component is based on and uses SAP NetWeaver technology, it is essential that you consult the Security Guide for SAP NetWeaver. See SAP Service Marketplace at
.For all Security Guides published by SAP, see SAP Service Marketplace at service.sap.com/securityguide.
The Security Guide comprises the following main sections:
This section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide.
This section provides an overview of the technical components and communication paths that are used by the SAP ERP Central Component.
Security Aspects of Data, Data Flow, and Processes
This section provides an overview of security aspects involved throughout the most widely used processes within the SAP ERP Central Component.
User Administration and Authentication
This section provides an overview of the following user administration and authentication aspects:
Recommended tools to use for user management
User types that are required by the SAP ERP Central Component
Standard users that are delivered with the SAP ERP Central Component
Overview of the user synchronization strategy, if several components or products are involved
Overview of how integration into Single Sign-On environments is possible
This section provides an overview of the authorization concept that applies to the SAP ERP Central Component.
Session Security Protection
This section provides information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s).
Network and Communication Security
This section provides an overview of the communication paths used by the SAP ERP Central Component and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.
Internet Communication Framework Security
This section provides an overview of the Internet Communication Framework (ICF) services that are used by the SAP ERP Central Component.
This section provides an overview of any critical data that is used by the SAP ERP Central Component and the security mechanisms that apply.
Security for Third-Party or Additional Applications This section provides security information that applies to third-party or additional applications that are used with the SAP ERP Central Component.
This section provides an overview of the security aspects that apply to the enterprise services delivered with the SAP ERP Central Component.
Security-Relevant Logging and Tracing
This section provides an overview of the trace and log files that contain security-relevant information, for example, so you can reproduce activities if a security breach does occur.
This section provides references to further information.