Show TOC

SAP Gateway Security GuideLocate this document in the navigation structure


Security mechanisms prevent unauthorized and unauthenticated individuals from accessing and reading data.

In SAP Gateway, these mechanisms are designed so that both SAP Gateway users and SAP Gateway components perform only the actions that they are allowed to perform. This results in the protection of sensitive data and confidential business information, and prevents data from being compromised.

The SAP Gateway Security Guide provides information about security aspects, including the following:

This document is not included as part of the installation and configuration guide. Such guides are only relevant for a certain phase of the software lifecycle, whereas the security guide provides information that is relevant for all lifecycle phases.

Target Audience

The information contained in this guide is relevant for:

  • Technology consultants

  • System administrators

General Security Considerations

SAP Gateway uses open protocols in its communication channels, such as HTTPS.

Generally, you must secure your communication channels. To make it difficult for unauthorized persons to obtain sensitive data passing through the channel between an SAP system and SAP Gateway, you can secure the communication channels with, for example, the following:

  • Secure Sockets Layer (SSL)

  • Designated network segments for communication pathways

  • Security schemes that defend against denial-of-service attacks

In addition, consider the security implications when you enable the query result ID cache feature in the applications you develop in SAP Gateway. For more information, see Query Results Caching.


Since SAP Gateway is a part of the SAP NetWeaver offering, it uses the standard SAP NetWeaver mechanisms for security-related incidents. Consequently, there are no logs specifically available for security incidents and configuration changes for SAP Gateway.