HCM Processes and Forms

About this Document

This chapter of the SAP ERP Central Component Security Guide provides an overview of the security-relevant information that applies to HCM Processes and Forms (PA-AS).

Reference to General Information

The following security-related topics of the SAP ERP Central Component Security Guide are valid for SAP ERP Central Component (SAP ECC) in general and are also valid for HCM Processes and Forms:

  • Before You Start

    This section contains provides an overview of other Security Guides that are a basis for the SAP ERP Central Component Security Guide and of important SAP Notes regarding security.

  • User Management and Authentication

    • User Administration

      This section provides information about the user management tools, the required user types, and the standard users that are supplied with SAP ECC.

    • User Data Synchronization

      This section provides an overview of the user synchronization strategy if several components or products are integrated.

    • Integration in Single Sign-On Environments

      This section provides an overview of the single sign-on (SSO) mechanisms that are used by SAP ECC.

  • Session Security Protection

    This section provides information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s).

  • Network and Communication Security

    • Communication Channel Security

      The section provides an overview of the communication channels used by SAP ECC, the protocol used for the connection, and the type of data transferred.

    • Network Security

      This section contains information about which services and ports from SAP NetWeaver are used by SAP ECC.

    • Communication Destinations

      This section provides you with the basic security rules that you should follow when communicating between SAP ERP systems.

  • Data Storage Security

    This section provides an overview of the critical data used that is used by SAP ECC and the security mechanisms that apply.

  • Enterprise Services Security

    This section provides an overview of the security aspects of the enterprise services that are delivered with SAP ECC.

  • Security-Relevant Logs and Tracing

    This section provides an overview of the trace and log files that contain security-relevant information and that enable you to reproduce activities where, for example, there has been a breach of security.

  • Services for Security Lifecycle Management

    This section provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis.

Overview of the Main Sections of This Chapter

The HCM Processes and Forms chapter of the SAP ERP Central Component Security Guide comprises the following sections:

  • Before You Start

    This section contains references to other Security Guides that build the foundation for the HCM Processes and Forms chapter and a list of the most important SAP Notes for HCM Processes and Forms regarding security.

  • Technical System Landscape

    This section provides an overview of the technical components and communication paths that are used by HCM Processes and Forms.

  • Authorizations

    This section provides an overview of the authorization concept that applies to HCM Processes and Forms.

  • Internet Communication Framework Security

    This section provides an overview of the Internet Communication Framework (ICF) services that are used by HCM Processes and Forms.

  • Security for Additional Applications

    This section provides information on a Business Add-In (BAdI) that can be used for the attachment handling of HCM Processes and Forms.

  • Other Security-Relevant Information

    This section provides information on the possibility of protecting the Customizing views of HR Administrative Services by a using a grouping option for the authorization check to prevent users without authorization from maintaining person-related data.