The SAP Application Interface Framework uses flexible authorization rules to allow you to restrict access to data and to monitoring and error handling. This security feature enforces compliance by following the need-to-know principle when restricting access to interface data.
When you have given users the authorization to change and correct interface data, the system tracks all changes that are made and allows you to trace which user made which change.
The configuration of security and authorizations in the SAP Application Interface Framework includes the following objects, roles, and data:
Standard authorization objects (see Authorization Objects)
Predefined template roles (see Template Roles)
The integration of custom-defined authorization objects (see Maintain Interface-Specific and Key-Field-Specific Authorizations)
Personal data
To secure your data properly, it is also required that you understand the personal data stored by the SAP Application Interface Framework (see Considerations about Data Protection).
Recommendation
For more information about security issues, see the Master Guide for the SAP Application Interface Framework.