In BW modeling tools, you always work with BW projects in order to access BW metadata objects from the back end system.
A BW project represents a real system connection on the front end client. It therefore requires an authorized user in order to access the back end system. With the standard authentication method, the user enters a user name and password to log on to the back end system.
Standard authentication with explicit specification of a user name and password means that the user data entered on the front end client is loaded as plain text into the memory of the local host. A password that is saved locally is a potential security breach, as it could be extracted from the memory by third parties.
Activating Secure Network Communication (SNC) for the selected system connection is mandatory due to security reasons.
Use Single Sign-On (SSO) as well. When used with SNC, SSO also meets the security requirements for working with large-scale BW projects. With SSO, the user does not need to enter a user name and password. S/he can simply access the system as soon as the logon ticket has been checked.
Besides issuing logon tickets, AS ABAP systems can also issue restrictive assertion tickets when system services are accessed. If you use integrated SAP GUI applications in BW modeling tools, the assertion tickets provide a greater level of security. The back end system does not request a password. Instead it checks the validity of the assertion ticket to permit the user to access system services. We therefore recommend configuring your AS ABAP system to only issue assertion tickets.