SAP NetWeaver Application Server ABAP Security Guide 

Purpose

This guide is to provide you with an overview of the security aspects and recommendations when using the SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP for your applications.

Integration

There is also a SAP NetWeaver Application Server Java Security Guide.

Constraints

This guide does not describe the administration or development functions for security on the SAP NetWeaver AS ABAP. Such information is provided in the corresponding documentation. It only provides the additional information that applies to specific application types.

How to Use This Guide

This guide is divided into the following sections:

·        User Authentication

This section describes security aspects involved with user authentication, for example, logon security, password rules and preventing unauthorized logons. In addition, it describes how to protect the standard users SAP*, DDIC, and EARLYWATCH.

●      SAP Authorization Concept

This section provides a brief overview of the SAP authorization concept and how you can use it to protect your applications from misuse.

●      Network Security for SAP NetWeaver AS ABAP

This section provides an overview of the protocols used by the SAP NetWeaver AS ABAP and the mechanisms to use to provide security for connections at the network transport layer.

●      Protecting Your Productive System (Change & Transport System)

This section describes how to prevent undesirable changes from being made in your productive system by using the Change and Transport System (CTS) and the Transport Management System (TMS).

●      Web Dynpro ABAP Security Guide

It is important to consider security aspects when you create Web applications using the Web Dynpro ABAP programming model. Security functions are available both for when you create Web applications as well as for when you operate them.

●      eCATT Security Guide

The aim of this guide is to help you make informed choices about your security policy in your testing environment by explaining the authorizations required for different kinds of eCATT users. It also explains the security features implemented to protect your systems from unwanted GUI scripting access.

●      Secure Store & Forward Mechanisms (SSF) and Digital Signatures

This section describes the security aspects involved when using public-key technology for digital signature and encryption functions.

●      Special Topics

Security aspects that apply to additional topics are also included. Such topics are:

¡        Executing logical operating system commands in SAP systems

¡        Batch input

¡        Preventing disclosure of the SAPconnect RFC user

¡        Internet Graphics Service security

In addition, see the topic Security Aspects for BSP in the Security Aspects for Usage Type DI and Other Development Technologies section of the SAP NetWeaver Security Guide: