Introduction
Caution
This guide does not replace the administration or operation guides that are available for productive operations.
Target Group
Technology consultants
System administrators
Security consultants
This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases.
Why Is Security Necessary?
With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. Protection of the user’s personal data must be guaranteed and legal regulations regarding this must be complied with. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to
SAP E-Recruiting
. To assist you in securing
SAP E-Recruiting
, we provide this Security Guide.
About this Document
The Security Guide provides an overview of the security-relevant information that applies to SAP E-Recruiting.
Overview of the Main Sections
The Security Guide comprises the following main sections:
Before You Start
This section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide.
Technical System Landscape
This section provides an overview of the technical components and communication paths that are used by SAP E-Recruiting.
Security Aspects of Data Flow and Processes
This section provides an overview of security aspects involved throughout the most-widely used processes within SAP E-Recruiting.
User Administration and Authentication
This section provides an overview of the following user administration and authentication aspects:
Recommended tools to use for user management
User types that are required by SAPE-Recruiting
Standard users that are delivered with SAP E-Recruiting
Overview of the user synchronization strategy, if several components or products are involved
Overview of how integration into Single Sign-On environments is possible
Authorizations
This section provides an overview of the authorization concept that applies to SAP E-Recruiting.
Session Security Protection
This section contains information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookies.
Network and Communication Security
This section provides an overview of the communication paths used by SAP E-Recruiting and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.
Internet Communication Framework Security
This section provides an overview of the Internet Communication Framework (ICF) services that are used by SAP E-Recruiting.
Data Storage Security
This section provides an overview of any critical data that is used by SAP E-Recruiting and the security mechanisms that apply.
Enterprise Services Security
This section provides an overview of the security aspects that apply to the enterprise services delivered with SAP E-Recruiting.
Other Security-Relevant Information
This section contains information about:
Virus scan when uploading attachments
Accessing attachments using Microsoft Internet Explorer
Security-Relevant Logging and Tracing
This section provides an overview of the trace and log files that contain security-relevant information, for example, so you can reproduce activities if a security breach does occur.
Services for Security Lifecycle Management
This section provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis.