SAP NetWeaver Business Rules Management (BRM) uses the user management and authentication mechanisms provided with the SAP NetWeaver platform, in particular the Application Server Java (AS Java). Therefore, the security recommendations and guidelines for user administration and authentication described in the SAP NetWeaver Application Server Java Security Guide also apply to SAP NetWeaver BRM.

This authentication mechanism is based on the basic authentication feature of the HTTP. We recommend that you use Secure Sockets Layer (SSL), since this will encrypt all information exchanged between the client and server, including the authentication credentials.

In addition to these guidelines, we include information about user administration and authentication that applies specifically to SAP NetWeaver BRM in the following section below.