Manager Self-Service

About This Document

This chapter of the SAP ERP Central Component Security Guide provides an overview of the security-relevant information that applies to Manager Self-Service (EP-PCT-MGR).

The following deployment options are available for Manager Self-Service (MSS):

  • Business Package for Manager Self-Service

    This Business Package is a “classic” SAP Business Package that runs in the SAP NetWeaver Portal. The Portal role consists of worksets and iViews based on both Web Dynpro Java and Web Dynpro ABAP technologies.

  • Manager Self-Service in SAP NetWeaver Business Client

    The role structure for this deployment option is maintained in the back-end system with the SAP role maintenance transaction PFCG. All applications available with this role are based on Web Dynpro ABAP technology.

Note Note

Some parts of the security information in this chapter only apply to one of the MSS deployment options. In this case, you will find a comment explaining for which deployment option this information is valid right at the beginning of each section. If not stated otherwise, the security information in this chapter applies to both MSS deployment options.

End of the note.
See also:

  • For more information about the roles in SAP NetWeaver Portal, see SAP Library for SAP ERP on SAP Help Portal at Start of the navigation path http://help.sap.com/erpInformation published on SAP site Next navigation step Cross-Application Functions in SAP ERP Next navigation step Roles Next navigation step Business Packages (Portal Content) End of the navigation path.

  • For more information about the roles in SAP NetWeaver Business Client, see SAP Library for SAP ERP on SAP Help Portal Start of the navigation path http://help.sap.com/erpInformation published on SAP site Next navigation step Cross-Application Functions in SAP ERP Next navigation step Roles Next navigation step Roles in SAP NetWeaver Business Client End of the navigation path.

  • For more information about SAP NetWeaver Business Client, see SAP Library for SAP NetWeaver on SAP Help Portal at Start of the navigation path http://help.sap.com/netweaverInformation published on SAP site Next navigation step SAP NetWeaver by Key Capability Next navigation step Application Platform by Key Capability Next navigation step ABAP Technology Next navigation step UI Technology Next navigation step SAP NetWeaver Business Client End of the navigation path.

Reference to General Information

The following security-related topics from the SAP ERP Central Component Security Guide are valid for SAP ERP Central Component in general and are also valid for Employee Self-Service:

  • Before You Start

    This section contains provides an overview of other Security Guides that are a basis for the SAP ERP Central Component Security and of important SAP Notes regarding security.

  • User Data Synchronization

    This section provides an overview of the user synchronization strategy if several components or products are integrated.

  • Integration in Single Sign-On Environments

    This section provides an overview of the single sign-on (SSO) mechanisms that are used by SAP ERP Central Component.

  • Communication Channel Security

    The section provides an overview of the communication channels used by SAP ERP Central Component, the protocol used for the connection, and the type of data transferred.

  • Data Storage Security

    This section provides an overview of any critical data that is used by SAP ERP Central Component and the security mechanisms that apply.

  • Enterprise Services Security

    This section provides an overview of the security aspects of the enterprise services that are delivered with SAP ERP Central Component.

  • Services in Lifecycle Management for Security

    This section provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis.

Overview of the Main Sections of This Chapter

This chapter comprises the following sections with security-related topics specific to Manager Self-Service:

  • Before You Start

    This section comprises references to other Security Guides that are relevant for Manager Self-Service and a list of the most important notes for Manager Self-Service regarding security.

  • Technical System Landscape

    This section provides an overview of the technical components and communication paths that are used by Manager Self-Service.

  • User Administration and Authentication

    This section provides an overview of the following user administration and authentication aspects for Manager Self-Service:

  • Authorizations

    This section provides an overview of the authorization concept that applies to Manager Self-Service.

  • Session Security Protection

    This section provides information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s).

  • Network and Communication Security

    This section provides an overview of the communication paths used by Manager Self-Service and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level:

  • Internet Communication Framework Security

    This section provides an overview of the Internet Communication Framework (ICF) services that are used by Manager Self-Service.

  • Security-Relevant Logging and Tracing

    This section provides an overview of the logging and tracing mechanisms that apply to Manager Self-Service.