Show TOC Start of Content Area

Background documentation Overview  Locate the document in its SAP Library structure

In the SAP client/server environment, you need to consider security from the presentation servers to the database server. This includes network, UNIX, Windows, SAP System, z/OS, and DB2 security:

UNIX-Style Security

Each UNIX-style system that runs SAP servers (application, update, message, and so on) has UNIX-style IDs and files that must be secured. To run SAP, the user ID <sapsid>adm is needed. In addition, root user access is needed to run the installation tool.

Note

When SAP is installed on a UNIX-style system, the user ID <sapsid>adm is created by the SAP installation tool and does not need to be created during preparation.

SAP System Security

The SAP system has a security system that is used to grant user IDs access to transactions, data, and resources (such as printers).

z/OS Security

z/OS Security Server (RACF) or a similar security function protects resources and authorizes users in z/OS and UNIX System Services environments. Several user IDs need to be created (see z/OS Security).

DB2 Security

DB2 controls the access to database resources, such as tables and views. All transactions of a single SAP system use the same DB2 schema. An SAP ABAP application will change its SQLID to this DB2 schema when it accesses the database. However, an SAP Java application will not change its SQLID to this DB2 schema when it accesses the database. All DB2 objects that correspond to the SAP Java system use the DB2 schema of the Java Connect user. For more information, see Connection Between Your SAP System and DB2 on z/OS.

Server and Network Physical Security

Physical security must be ensured in such a way that nobody can tamper with the z/OS, AIX, Linux, and Windows systems and the connections between them. We recommend that you separate your SAP system from your intranet by a firewall or the equivalent.

Connection between the SAP Application Server and DB2

SAP applications connect to DB2 via DB2 Connect and DDF (ABAP) or jdbc common client (jcc) and DDF (Java). DDF checks the user authorization at connect time using an RACF user (the DB Connect User ID) which is provided by the client at connect time.

For more information, see Connection Between Your SAP System and DB2 on z/OS.

End of Content Area