SAP Web Application Server Security GuideSAP Web AS Network and Communication SecuritySAP Web AS Security Guide for ABAP TechnologyUser AuthenticationAuthentication and Single Sign-OnLogon and Password Security in the SAP SystemPassword RulesSecurity Measures Related to Password RulesPassword Storage and TransportProfile Parameters for Logon and Password (Login Parameters)Secure Network Communications (SNC)Client CertificatesSAP Logon TicketsPluggable Authentication ServicesUser TypesProtecting Standard UsersDefining a New Superuser and Deactivating SAP*Preventing Unauthorized LogonsRecognizing and Preventing Multiple Dialog User LogonsSecurity Measures When Using SAP ShortcutsAdditional Information on User AuthenticationSAP Authorization ConceptOverviewOrganizing Authorization AdministrationOrganization if You Are Using the Profile GeneratorSetting Up AdministratorsSetting Up Role MaintenanceAuthorization Objects Checked in Role MaintenanceOrganization without the Profile GeneratorCreating and Maintaining Authorizations/Profiles ManuallyAuthorization ChecksReducing the Scope of Authorization ChecksSearching for Deactivated Authority ChecksGlobally Deactivating Authorization ChecksProtective Measures for Special ProfilesAuthorization Profile SAP_ALLAuthorization Profile SAP_NEWUser Information SystemCentral User AdministrationSecurity Aspects of the CUAAdditional Information About the SAP Authorization ConceptNetwork Security for SAP Web AS ABAPProtecting Your Productive System (Change & Transport System)The SAP System LandscapeThe Three-Tier System LandscapeThe Common Transport DirectoryUsing the TMS Quality Assurance Approval ProcedureConfiguring the System Landscape for ChangesRelease 3.1As of Release 4.0Defining the Transport ProcessTransport RoutesThe Transport ProcessResponsibilities and Their Corresponding AuthorizationsRoles and ResponsibilitiesAuthorizationsSecurity for the RFC ConnectionsDefaultTMS Trusted ServicesSecure Network CommunicationsProtecting Security-Critical ObjectsProtecting the System Profile Parameter FilesProtecting the Table for Maintaining System Clients (Table T000)Protecting Other Security-Critical ObjectsEmergency Changes in the Productive SystemAdditional Information on the Change and Transport SystemSecure Store & Forward Mechanisms (SSF) and Digital SignaturesGeneral InformationProtecting KeysProtecting the Application Server’s KeysAdditional Information on SSF and Digital SignaturesSpecial TopicsLogical Operating System CommandsRestrict Authorizations for Maintaining External CommandsRestrict Authorizations for Executing External CommandsAdditional Information on Logical Operating System CommandsBatch InputAn Overview of the Batch Input ProcessProtecting the Batch Input SessionsProtecting Disclosure of the SAPconnect RFC UserPreventing or Logging List DownloadsInternet Graphics Service SecuritySAP Web AS Security Guide for Java TechnologyOverview of Security for J2EE Application TypesUsers and User ManagementUsers and PasswordsStandard Users and GroupsStoring the Password for the AdministratorUsers Changing Their Own DataUser AuthenticationProtecting Sessions SecurityMonitoring and Logging of User InformationAuthorizationsNetwork Security for the J2EE EngineJava Virtual Machine SecurityDisabling Optional Services on the J2EE EngineSecurity Aspects for the Database ConnectionSecurity on the JMS ServiceSecurity Guide for the SAP System Landscape DirectorySecuring HTTP(S) Connections to the SLDSecuring RFC/JCo Connections to the SLDNetwork Topology for the SLD ServerUsing Logon Tickets for Single Sign-OnSecurity Aspects When Using Remote AdministrationSecurity Aspects When Using HTTP and Web Container TracingInternet Transaction Server SecurityDefining SAP Transactions as Internet ApplicationsThe Architecture of the Internet Transaction Server (ITS)A Secure Network Infrastructure for the ITSProtecting the Server and Network ComponentsProtecting the Web ServerProtecting the AGate ServerProtecting the SAP system Application ServersTCP Ports Used by the ITSUsing the SAProuterUsing Other Firewall ComponentsExample Network SetupAn Example Network Setup (with Client LAN)Using Additional Security Mechanisms / Providing PrivacyAuthenticating UsersAuthenticating Internet Users (Service Users)Authenticating Named Users With User ID and PasswordAuthenticating Named Users Using X.509 Client CertificatesSecurity Measures When Using Client CertificatesAuthenticating Named Users with Single Sign-OnProtecting Session IntegritySecurity-Relevant Settings for IACsSAP Web AS with Integrated ITSAdditional Information on SAP Internet Applications and the ITSSAP Interactive Forms by Adobe Security GuideTechnical System LandscapeUser Administration and AuthenticationUser ManagementAuthorizationsNetwork and Communication SecurityCommunication Channel SecurityCommunication DestinationsData Storage SecurityOther Security-Relevant InformationTrace and Log FilesSecurity Aspects with SAP Web AS System ManagementSecurity Guide for the Solution Manager DiagnosticsTechnical System Landscape: Security-Relevant InterfacesUser Authorization and Client AuthenticationUsers and RolesTrace and Log FilesBackground ProcessingDefining Users for Background ProcessingSpecifying the Execution of External Programs from Job StepsAuthorizations Used in Background ProcessingSecurity Guide for ADK-Based Data ArchivingSecurity Guide for XML-Based Data ArchivingAuditing and LoggingThe Audit Info System (AIS)The Security Audit LogExample FiltersThe System LogStatistic Records in CCMSLogging of Specific ActivitiesApplication LoggingLogging Workflow ExecutionLogging Using Change DocumentsLogging Changes to Table DataLogging Changes Made Using the Change & Transport SystemLogging Changes Made to User and Authorization InformationAdditional Information on Auditing and LoggingVirus Protection and SAP GUI Integrity Checks