Show TOC

Approaches to Protecting ApplicationsLocate this document in the navigation structure

Use

What you want to protect in your application determines your approach. The approaches are as follows:

  • Protecting access

  • Protecting actions

  • Protecting instances

Recommendation

The approaches are presented here in order of ease of implementation. We recommend that you choose the easiest approach you can, which still meets your security requirements.

Protecting Access

SAP NetWeaver supports the use of start permissions to protect access to applications. Use this approach to protect Java EE servlets with security constraints.

Example

You have an application that processes sales orders. Access protection means that users must have the required permission to start or access the application.

More information: Getting Started .

Protecting Actions

With this approach you protect specific actions within an application.

Example

You have an application that processes sales orders. Protecting actions means that users must have the required permission to approve a sales invoice with the application.

More information: Declarative and Programmatic Authorization .

Protecting Instances

Use access control lists (ACL)s to protect instances of particular objects. Working with ACLs requires a high-level programming knowledge and competence. ACL protections are time and cost intensive to maintain. SAP NetWeaver does not provide a user interface for managing ACLs. You must build your own. The UME provides an API for the management of ACLs.

For noninstance-based checks, use action-based protections instead.

Example

You have an application that processes sales orders. Protecting instances means that users must have the required permission to approve a particular sales invoice with the application.

ACLs are two-dimensional tables with actions on one axis and users on the other. This table is then attached to a particular instance of an object type. Whenever a user accesses that instance of the object, the system checks the table to determine if that user may perform the requested action.

More information:

SAP Help Portal: http://help.sap.com/javadocs