Portal Security GuideLocate this document in the navigation structure

Caution

This guide does not replace the administration or operation guides that are available for productive operations.

Target Audience
  • Technical consultants
  • System administrators

This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the Security Guides provide information that is relevant for all time frames.

Why Is Security Necessary?

SAP NetWeaver Portal offers users a single point of access to all applications, information, and services needed to accomplish their daily tasks. Links to back-end and legacy applications, self-service applications, company intranet services, and Internet services are all readily available in the user's portal. Because the borders between company intranets and the Internet are blurring, comprehensive security is vital to protect the company's business.

About this Guide

The Security Guide comprises the following main sections:

  • Before You Start

    This section contains information about why security is necessary, how to use this guide, and references to other Security Guides that build the foundation for this Security Guide.

  • User Administration and Authentication

    This section provides an overview of the following user administration and authentication aspects:

    • Recommended tools to use for user management
    • Standard users that are delivered with the portal
    • Overview of the user synchronization strategy
    • Overview of the authentication mechanisms available and related security recommendations
    • Overview of Single Sign-On (SSO) and recommendations for securing logon tickets
  • Authorizations

    This section provides an overview of the authorization concepts in the portal.

  • Network and Communication Security

    This section provides an overview of the communication paths used by the portal and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.

  • Data Storage Security

    This section provides an overview of any critical data that is used by the portal and the security mechanisms that apply.

  • Operating System Security

    This section provides security recommendations for operating system security.

  • Dispensable Functions with Impacts on Security

    This section provides an overview of functions that have impacts on security and can be disabled or removed from the system.

  • Other Security-Relevant Information

    This section contains any security-relevant information not included anywhere else in the guide.

  • Trace and Log Files

    This section provides an overview of the trace and log files that contain security-relevant information, for example, so that you can reproduce activities if a security breach does occur.

  • Appendix

    This section provides references to further information.