Background documentationEnterprise Search Security Guide Locate this document in the navigation structure

 

Note Note

This guide does not replace the administration or the operation guides that are available for productive operations.

End of the note.

This content is not included in the installation guides, configuration guides, operation guides, nor upgrade guides. Such guides are only relevant for a certain phase of the software life cycle, whereas a security guide provides information that is relevant for all life cycle phases.

For the most current information, see SAP Note 1085845 - SAP NetWeaver Enterprise Search 7.0: Security Guide.

Target Audience

  • Technology consultants

  • System administrators

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to SAP NetWeaver Enterprise Search. To assist you in securing Enterprise Search, we provide this Security Guide.

About This Document

The Enterprise Search Security Guide provides an overview of the security-relevant information that applies to Enterprise Search.

It comprises the following sections:

  • Before You Start

    This section explains why security is necessary, describes how to use this document, and gives references to other security guides that are the foundation for this security guide.

  • Technical System Landscape

    This section provides an overview of the technical components and communication paths that are used by Enterprise Search.

  • User Administration and Authentication

    This section provides an overview of the following user administration and authentication aspects:

    • Recommended tools to use for user management.

    • User types that are required by Enterprise Search

    • Standard users that are delivered with Enterprise Search.

    • Authentication mechanisms used by Enterprise Search.

    • User synchronization strategy.

  • Authorizations

    This section explains the authorization concept that applies to Enterprise Search.

  • Network and Communications Security

    This section describes the communication paths used by Enterprise Search and the security mechanisms that apply.

  • Data Storage Security

    This section provides an overview of any critical data that is used by Enterprise Search and the security mechanisms that apply.

  • Security for Third-Party or Additional Applications

    This section provides security information that applies to third-party or additional applications that are used with Enterprise Search.

  • Dispensable Functions with Impacts on Security

    This section provides an overview of functions that have impacts on security and can be disabled or removed from the system.

  • Security Logging and Tracing

    This section describes the trace and log files that contain security-relevant information, from which, for example, you can reproduce activities if a security breach does occur.

  • Appendix

    This section provides references to further information.

Prerequisites

Read Introducing Enterprise Search. This document contains an overview of Enterprise Search, its architecture, and the general concepts underlying Enterprise Search. In addition, the overview contains the naming conventions used in the Enterprise Search documentation and a list of the configuration tools and administration tools available for Enterprise Search.