SAP NetWeaver Security Guide
Target Audience
-
Technical consultants
-
System administrators
This document is not included as part of the installation guides, configuration guides, technical operation manuals, or upgrade guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the security guides provide information that is relevant for all time frames.
Why Is Security Necessary?
With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to SAP NetWeaver platform. To assist you in securing your SAP NetWeaver platform and products, we provide this SAP NetWeaver Security Guide.
About This Document
The SAP NetWeaver Security Guide provides an overview of the security-relevant information that applies to SAP NetWeaver. It contains an overall overview of security with SAP NetWeaver as well as links to the individual guides for each of the functional areas. See the tables below:
| Topic | See |
|---|---|
| Technical system landscape | Technical System Landscape |
| User administration and authentication | |
| Authorizations for SAP HANA | SAP HANA Authorizations for SAP NetWeaver Application Server |
| Network and Communication Security | Network and Communication Security |
|
Functional Unit |
See |
|---|---|
|
Application Server |
Security Guides for the AS ABAP |
|
Composition Environment |
Business Process Management Security Guide Security Aspects of Web Dynpro for Java Business Rules Management Security Guide Visual Composer Security Guide |
|
SAP Process Integration |
|
|
Enterprise Portal (EP) and EP Core |
|
|
SAP Business Warehouse |
|
|
Search and Classification (TREX) |
|
|
Search and Operational Analytics |
|
|
SAP NetWeaver Mobile |
|
Technology |
See |
|---|---|
|
Remote Function Calls (RFC) or Internet Communication Framework (ICF) |
|
|
Application Link Enabling (ALE) |
|
|
Connectivity with SAP NetWeaver AS for Java |
|
|
Web services |
|
|
SAP Gateway Foundation |
| Topic / Functional Unit | See |
|---|---|
| System Landscape Directory (SLD) | |
| ABAP Software Maintenance | |
| Archiving | |
| SAP NetWeaver Development Infrastructure | SAP NetWeaver Development Infrastructure Security Guide |
| Auditing and logging |
Auditing and Logging (AS ABAP) Logging and Tracing (in the SAP NetWeaver AS for Java Security Guide) |
| Virus protection and SAP GUI integrity checks | Virus Protection and SAP GUI Integrity Checks |
| OS Platform | See |
|---|---|
| UNIX/Linux | SAP System Security Under UNIX/LINUX |
| Microsoft Windows | SAP System Security on Windows |
| IBM Db2 for i | SAP Security Guide for IBM i |
| Topic / DB Platform | See |
|---|---|
|
General Recommendations |
General Recommendations |
| SAP HANA Database | http://help.sap.com/hana and choose SAP HANA Security Guide |
| SAP MaxDB | SAP MaxDB Security Guide |
| SAP Adaptive Server Enterprise | SAP Adaptive Server Enterprise |
| IBM Db2 for Linux, UNIX, and Windows | IBM Db2 for Linux, UNIX, and Windows: Security |
| IBM Db2 for z/OS | IBM DB2 for z/OS |
| IBM Db2 for i | SAP Security Guide for IBM i |
| Microsoft SQL Server | Microsoft SQL Server on Windows |
| Oracle |
Meeting Your Own Security Requirements: Security Policy
Your security requirements are not limited to SAP NetWeaver platform, but apply to your entire system landscape. Therefore, we recommend establishing a security policy that reflects the security issues that apply at a company-wide level. Your security policy should cover aspects such as:
-
User authentication
-
Authorizations
-
Data integrity
-
Privacy
-
Auditing and Logging
Once you have established your security policy, use this guide to implement and enforce security for those products that you use within SAP NetWeaver platform.