Approaches to Protecting Applications

Protecting Access

SAP NetWeaver supports the use of start permissions to protect access to applications. Use this approach to protect Java EE servlets with security constraints.

More information: Getting Started .

Protecting Actions

With this approach you protect specific actions within an application.

More information: Declarative and Programmatic Authorization .

Protecting Instances

Use access control lists (ACL)s to protect instances of particular objects. Working with ACLs requires a high-level programming knowledge and competence. ACL protections are time and cost intensive to maintain. SAP NetWeaver does not provide a user interface for managing ACLs. You must build your own. The UME provides an API for the management of ACLs.

For noninstance-based checks, use action-based protections instead.

ACLs are two-dimensional tables with actions on one axis and users on the other. This table is then attached to a particular instance of an object type. Whenever a user accesses that instance of the object, the system checks the table to determine if that user may perform the requested action.

More information:

SAP Help Portal: http://help.sap.com/javadocs