Select language:

Component documentation SAP NetWeaver Security Guide 

Caution

This guide does not replace the daily operations handbook that we recommend you create for specific productive operations.

Target Audience

  Technical consultants

  System administrators

This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the Security Guides provide information that is relevant for all time frames.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to the SAP NetWeaver platform. To assist you in securing your SAP NetWeaver platform and products, we provide this SAP NetWeaver Security Guide.

About This Document

The SAP NetWeaver Security Guide provides an overview of the security-relevant information that applies to SAP NetWeaver. It contains an overall overview of security with SAP NetWeaver as well as links to the individual guides for each of the usage types, standalone engines, connectivity and interoperability technologies, database and operating system platforms and the various scenarios.

See the tables below:

Introduction to Security with the SAP NetWeaver Platform

Topic

More Information

Technical System Landscape

Technical System Landscape

User Administration and Authentication

User Administration and Authentication

Network and Transport Layer Security

Network and Communication Security

 

Security Guides for SAP NetWeaver According to Usage Types

Usage Type

More Information

Application Server (AS)

SAP NetWeaver Application Server ABAP Security Guide

SAP NetWeaver Application Server Java Security Guide

SAP Interactive Forms by Adobe Security Guide

SAP Knowledge Warehouse Security Guide

Virus Protection and SAP GUI Integrity Checks

EP Core (EPC)

Portal Security Guide 

Security Guide for Guided Procedures 

Universal Worklist 

Enterprise Portal (EP)

Knowledge Management Security Guide 

Collaboration Security Guide 

SAP NetWeaver Visual Composer Security Guide 

PDK for .NET Security Guide 

Business Information (BI)

SAP Business Information Warehouse Security Guide

Development Infrastructure (DI)

Security Aspects for Usage Type DI and Other Development Technologies

Mobile Infrastructure (MI)

SAP Mobile Infrastructure Security Guide

Process Integration (PI)

SAP NetWeaver Process Integration Security Guide

Security Guides for Standalone Engines, Clients and Tools

Engine

More Information

Search and Classification (TREX)

Search and Classification (TREX) Security Guide

SAP Content Server

SAP Content Server Security Guide

SAP Web Dispatcher

Security Information SAP Web Dispatcher

SAP NetWeaver Business Client

Business Client Security Issues (for ABAP)

Business Client Security Issues (for Portal)

J2EE Adapter Engine

SAP NetWeaver Process Integration Security Guide

Note

The security aspects to consider when using the non-central version of the J2EE Adapter Engine are the same as for the central version. These aspects are described in detail in the SAP NetWeaver PI Security Guide.

J2SE Adapter Engine

SAP NetWeaver Process Integration Security Guide

Note

The Plain J2SE Adapter Engine is only supported for compatibility reasons. It hosts only a subset of the adapter functionality and does not support standard security features as security logs or integrated user management. You should only use the Plain J2SE Adapter Engine if it is a precondition in your environment.

Security Guides for Connectivity and Interoperability Technologies

Technology

More Information

Remote Function Calls (RFC) or Internet Communication Framework (ICF)

RFC/ICF Security Guide

Application Link Enabling (ALE)

Security Guide ALE (ALE Applications)

Connectivity with the J2EE Engine

Security Guide for Connectivity with the J2EE Engine

Web services

Web Services Security

Business Communication Broker (BCB), which is part of the Integrated Communication Interfaces (ICI)

Security Guide Communication Interfaces

Security Guides for Operating System and Database Platforms

OS Platform

More Information

UNIX/LINUX

SAP System Security Under UNIX/LINUX

Windows

SAP System Security Under Windows

DB Platform

More Information

Oracle

Oracle Under UNIX

Oracle Under Windows

Microsoft SQL Server

Microsoft SQL Server Under Windows

IBM DB2 for Linux, UNIX, and Windows

IBM DB2 for Linux, UNIX, and Windows

MySQL Max DB

MySQL MaxDB Security Guide

IBM DB2 Universal Database for iSeries

IBM DB2 Universal Database for iSeries

IBM DB2 Universal Database for z/OS

SAP Security Guide for IBM DB2 UDB for z/OS

Security Aspects for System Management

Topic / Product

More Information

Solution Manager Diagnostics

Security Guide for the Solution Manager Diagnostics

SAP NetWeaver Administrator

SAP NetWeaver Administrator Security Roles

Computing Center Management System (CCMS)

Background Processing

Print and Output Management

Alert Management (ALM)

Central Monitoring with CCMS

SAP System Landscape Directory (SLD)

Security Guide for the SAP System Landscape Directory

Software Lifecycle Manager (SLM)

SLM Security Roles

Archiving

Security Guide for ADK-Based Data Archiving

Security Guide for XML-Based Data Archiving

Auditing and Logging

Auditing and Logging

Security Guides for SAP NetWeaver Scenarios

The security aspects and recommendations for the SAP NetWeaver scenarios primarily use the information provided with the above security guides. To determine which of these guides apply in particular for each scenario, see Security Guides for the SAP NetWeaver Scenarios.

Meeting Your Own Security Requirements: Security Policy

Your security requirements are not limited to the SAP NetWeaver platform, but apply to your entire system landscape. Therefore, we recommend establishing a security policy that reflects the security issues that apply at a company-wide level. Your security policy should cover aspects such as:

  User authentication

  Authorizations

  Data integrity

  Privacy

  Auditing and Logging

Once you have established your security policy, use this guide to implement and enforce security for those products that you use within the SAP NetWeaver platform.