Authentication Security for SAP Shortcuts

AS ABAP users can launch the SAP GUI from SAP shortcuts to directly access frequently used AS ABAP functions or transactions. In addition, SAP shortcuts enable transparent user authentication by saving the user's logon information, including the user's password.

SAP shortcuts can be created either from the standard toolbar of the SAP GUI or manually in a Microsoft Windows environment. Once they are created, shortcuts appear as regular desktop icons that you can store in your file system or send by e-mail.

Security Considerations

When using SAP shortcuts you can store a user ID and password to log on transparently to the target AS ABAP system. You can either save the user ID and the password when you create the SAP shortcut or enter one at a later stage, for example when establishing the connection.

Access rights to the SAP shortcuts, and respectively to the logon information stored in them, are configurable from the operating system (OS) of the client workstation. Therefore, when you use SAP shortcuts for storing authentication information, any users with sufficient OS level permissions are able to use the SAP shortcut to log on to the AS ABAP system.

Recommendation

We recommend that you do not save user IDs and passwords with the SAP shortcuts. To enable transparent user authentication for SAP shortcuts you can use Secure Network Communications to enable Single Sign-On. For more information, see Single Sign-On for SAP GUI.

End of the recommendation.

Using SAP Logon Tickets for Logon with SAP Shortcuts

SAP shortcuts also enable you to log on transparently Web portal users with SSO using logon tickets. In this scenario, the authentication information in the logon ticket is passed to the SAP shortcut from a portal iView and used for the user authentication.

For more information about configuring the use of logon tickets to enable SSO from a SAP NetWeaver Enterprise Portal to SAP shortcuts, see Single Sign-On for SAP Shortcuts.