Employee Self-Service
About This Document
This chapter of the SAP ERP Central Component Security Guide provides an overview of the security-relevant information that applies to Employee Self-Service (CA-ESS).
The following deployment options are available for Employee Self-Service (ESS):
Business Package for Employee Self-Service (up to and including 1.50)
This Business Package is a “classic” SAP Business Package that runs in the SAP NetWeaver Portal. The Portal role consists of worksets and iViews based on both Web Dynpro Java and Web Dynpro ABAP technologies.
Business Package for Employee Self-Service (WDA)
This Business Package also runs in the SAP NetWeaver Portal but it has only one workset with one iView that launches the role structure with the applications maintained in the back-end system. In this business package, all applications are based on Web Dynpro ABAP technology.
Employee Self-Service in SAP NetWeaver Business Client for HTML
The role structure of this deployment option is maintained in the back-end system with the SAP role maintenance transaction
PFCG
. All applications available with this role are based on Web Dynpro ABAP technology.
Note
Some parts of the security information in this chapter only apply to individual ESS deployment options. In this case, you will find a comment explaining for which deployment option this information is valid right at the beginning of each section. If not stated otherwise, the security information in this chapter applies to all ESS deployment options.
See also:
For more information about the roles in SAP NetWeaver Portal, see SAP Library for SAP ERP on SAP Help Portal at
http://help.sap.com/erp
Cross-Application Functions in SAP ERP
Roles
Business Packages (Portal Content)
.For more information about the roles in SAP NetWeaver Business Client, see SAP Library for SAP ERP on SAP Help Portal at
http://help.sap.com/erp Cross-Application Functions in SAP ERP
Roles
Roles in SAP NetWeaver Business Client
.For more information about SAP NetWeaver Business Client, see SAP Library for SAP NetWeaver on SAP Help Portal at
http://help.sap.com/netweaver SAP NetWeaver by Key Capability
Application Platform by Key Capability
ABAP Technology
UI Technology
SAP NetWeaver Business Client
.
Reference to General Information
The following security-related topics are valid for SAP ERP Central Component in general and are also valid for Employee Self-Service:
This section contains provides an overview of other Security Guides that are a basis for the SAP ERP Central Component Security and of important SAP Notes regarding security.
This section provides an overview of the user synchronization strategy if several components or products are integrated.
Integration in Single Sign-On Environments
This section provides an overview of the single sign-on (SSO) mechanisms that are used by SAP ERP Central Component.
Communication Channel Security
The section provides an overview of the communication channels used by SAP ERP Central Component, the protocol used for the connection, and the type of data transferred.
This section provides an overview of any critical data that is used by SAP ERP Central Component and the security mechanisms that apply.
This section provides an overview of the security aspects of the enterprise services that are delivered with SAP ERP Central Component.
Services for Security Lifecycle Management
This section provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis.
Overview of the Main Sections of This Chapter
This chapter comprises the following sections with security-related topics specific to Employee Self-Service:
This section comprises references to other Security Guides that are relevant for Employee Self-Service and a list of the most important notes for Employee Self-Service regarding security.
This section provides an overview of the technical components and communication paths that are used by Employee Self-Service.
User Administration and Authentication
This section provides an overview of the following user administration and authentication aspects for Employee Self-Service:
This section contains information about the user types that are required by Employee Self-Service and standard users for Employee Self-Service.
Integration into Single Sign-On Environments
This topic describes how the Employee Self-Service supports Single Sign-On mechanisms.
This section provides an overview of the authorization concept that applies to Employee Self-Service.
This section provides information on activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s).
Network and Communication Security
This section provides an overview of the communication paths used by Employee Self-Service and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level:
Internet Communication Framework Security
This section provides an overview of the Internet Communication Framework (ICF) services that are used by Employee Self-Service.
Security-Relevant Logging and Tracing
This section provides an overview of the logging and tracing mechanisms that apply to Employee Self-Service.