sap for retail%3a scenario security guide
TRANSCRIPT
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 1/22
SAP fo r Reta i l - Secu r i ty Gu i de
B u s i n e s s S u i t e 2 00 5
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 2/22
SAP Online Help 21.10.2005
Copyright
© Copyright 2004 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP AG. The information contained herein may bechanged without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietarysoftware components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of MicrosoftCorporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400,OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner,WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBMCorporation in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin aretrademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, WorldWide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license fortechnology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products andservices mentioned herein as well as their respective logos are trademarks or registeredtrademarks of SAP AG in Germany and in several other countries all over the world. All otherproduct and service names mentioned are the trademarks of their respective companies.Data contained in this document serves informational purposes only. National productspecifications may vary.
These materials are subject to change without notice. These materials are provided by SAP
AG and its affiliated companies ("SAP Group") for informational purposes only, withoutrepresentation or warranty of any kind, and SAP Group shall not be liable for errors oromissions with respect to the materials. The only warranties for SAP Group products andservices are those that are set forth in the express warranty statements accompanying suchproducts and services, if any. Nothing herein should be construed as constituting anadditional warranty.
SAP for Retail - Security Guide 670 2
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 3/22
SAP Online Help 21.10.2005
Icons in Body Text
Icon Meaning
Caution
Example
Note
Recommendation
Syntax
Additional icons are used in SAP Library documentation to help you identify different types of
information at a glance. For more information, see Help on Help → General InformationClasses and Information Classes for Business Information Warehouse on the first page of anyversion of SAP Library.
Typographic Conventions
Type Style Description
Example text Words or characters quoted from the screen. These include fieldnames, screen titles, pushbuttons labels, menu names, menu paths,
and menu options.
Cross-references to other documentation.
Example text Emphasized words or phrases in body text, graphic titles, and tabletitles.
EXAMPLE TEXT Technical names of system objects. These include report names,program names, transaction codes, table names, and key concepts of aprogramming language when they are surrounded by body text, forexample, SELECT and INCLUDE.
Exampl e t ext Output on the screen. This includes file and directory names and theirpaths, messages, names of variables and parameters, source text, andnames of installation, upgrade and database tools.
Example text Exact user entry. These are words or characters that you enter in thesystem exactly as they appear in the documentation.
<Example text> Variable user entry. Angle brackets indicate that you replace thesewords and characters with appropriate entries to make entries in thesystem.
EXAMPLE TEXT Keys on the keyboard, for example, F2 or ENTER.
SAP for Retail - Security Guide 670 3
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 4/22
SAP Online Help 21.10.2005
Introduction ............................................................................................................................ 5
Before You Start .................................................................................................................... 6
Technical System Landscape................................................................................................ 9
User Administration and Authentication................................................................................. 9
User Management............................................................................................................ 10
User Data Synchronization............................................................................................... 10
Integration into Single Sign-On Environments ................................................................. 10
Authorizations ...................................................................................................................... 10
Network and Communication Security................................................................................. 19
Communication Channel Security .................................................................................... 20
Network Security .............................................................................................................. 20
Communication Destinations............................................................................................ 21
Other Security-Relevant Information ................................................................................... 21
Appendix .............................................................................................................................. 21
SAP for Retail - Security Guide 670 4
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 5/22
SAP Online Help 21.10.2005
Introduction
This guide does not replace the daily operations handbook that we recommendcustomers to create for their specific productive operations.
Target Audience
• Technology consultants
• System administrators
This document is not included as part of the Installation Guides, Configuration Guides,Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certainphase of the software life cycle, whereby the Security Guides provide information that isrelevant for all life cycle phases.
Why Is Security Necessary?With the increasing use of distributed systems and the Internet for managing business data,the demands on security are also on the rise. When using a distributed system, you need tobe sure that your data and processes support your business needs without allowingunauthorized access to critical information. User errors, negligence, or attemptedmanipulation on your system should not result in loss of information or processing time.These demands on security apply likewise to the business scenarios of SAP for Retail. Toassist you in securing the business scenarios of SAP for Retail, we provide this SecurityGuide.
About this Document
The Security Guide provides an overview of the security-relevant information that applies tothe business scenarios of SAP for Retail.
Overview of the Main Sections
The Security Guide comprises the following main sections:
• Before You Start
This section contains information about why security is necessary, how to use thisdocument, and references to other Security Guides that build the foundation for thisSecurity Guide.
• Technical System Landscape
This section provides an overview of the technical components and communication
paths that are used by the business scenarios of SAP for Retail.
• User Adminis tration and Authentication
This section provides an overview of the following user administration andauthentication aspects:
Recommended tools to use for user management.
User types that are required by the business scenarios of SAP for Retail.
Standard users that are delivered with business scenarios of SAP for Retail.
Overview of the user synchronization strategy, if several components orproducts are involved.
Overview of how integration into Single Sign-On environments is possible.
• Author izat ions
SAP for Retail - Security Guide 670 5
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 6/22
SAP Online Help 21.10.2005
This section provides an overview of the authorization concept that applies to thebusiness scenarios of SAP for Retail.
• Network and Communication Security
This section provides an overview of the communication paths used by the businessscenarios of SAP for Retail and the security mechanisms that apply. It also includes our
recommendations for the network topology to restrict access at the network level.
• Other Security-Relevant Information
This section contains information about Web Browser as user frontend.
• Append ix
This section provides references to further information.
Before You Start
Fundamental Security Guides
SAP for Retail is based on the following SAP application components:
• SAP Netweaver 2004s
• SAP ECC 6.0
• SAP SCM 4.1
• SAP SRM 4.0
• SAP CRM 5.0
In many cases the required information has already been provided in other security guidesand in configuration and installation guides. In these cases the guide provides a reference tothe relevant units.
The following table provides an overview of all relevant security guides for this scenario. All
security guides are available at: ht t p: / / ser vi ce. sap. com/ secur i t ygui de.
Related Security Guides
Product See
SAP SCM 4.1 SAP Supply Chain Management 4.1 SecurityGuide
SAP SRM 4.0 SAP Supplier Relationship Management 4.0Security Guide
SAP ECC 6.0 SAP ERP Central Component Security Guide
SAP NetWeaver 2004s SAP NetWeaver 2004s Security Guide
SAP Business Information Warehouse SecurityGuides
SAP CRM 5.0 SAP Customer Relationship Management 5.0Security Guide
Operating System and Database Platforms
Operating System and DatabasePlatforms
Operating System and Database PlatformSecurity Guides
SAP for Retail - Security Guide 670 6
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 7/22
SAP Online Help 21.10.2005
Appl ication Platform
SAP Web Application Server SAP Web AS Security Guide for ABAPTechnology
SAP Web AS Security Guide for J2EETechnology
Internet Transaction Server Security
Security Aspects in Development
SAP Content Server SAP Content Server Security Guide
SAP Knowledge Warehouse SAP Knowledge Warehouse Security Guide
People Integration
SAP Enterprise Portal SAP Enterprise Portal Security Guide
Information Integration
SAP Business Information WarehouseSecurity Guide
SAP Business Information Warehouse SecurityGuide
SAP Knowledge Management SAP Knowledge Management Security Guide
SAP Content Management Security Guide
SAP TRex Security Guide
Process Integration
SAP Exchange Infrastructure SAP Exchange Infrastructure Security Guide
Solution Life-Cycle Management
System Management Security Aspects with System Management
Security-Relevant Information:
Guide/Documentation Full Path to Guide/Documentation
http://help.sap.com SAP NetWeaver Security Guide → Documentation → SAP
NetWeaver→ SAP NetWeaver 04 (left frame) /
English or German (right frame) → SAP Library →
SAP NetWeaver → Security → SAP NetWeaverSecurity Guide
http://help.sap.com SAP NetWeaver Documentation → Documentation → SAPNetWeaver→ SAP NetWeaver 04 (left frame) /
English or German (right frame) → SAP Library → SAP NetWeaver
http://help.sap.com SAP SCM Documentation → Documentation →
mySAP Business Suite → mySAP Supply Chain
Management → SAP Supply Chain Management →
SAP Library → SAP Supply Chain Management (SAPSCM)
http://service.sap.com/instguidesSAP SCM Installation Guide →
mySAP Business Suite Solutions → mySAP SCM →
Using SAP SCM <your version>
SAP for Retail - Security Guide 670 7
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 8/22
SAP Online Help 21.10.2005
http://service.sap.com/securityguideSAP SCM Component SecurityGuide
→
SAP Supply Chain Management
http://service.sap.com/securityguideSAP SRM Component SecurityGuide
→
mySAP Supplier Relationship Management (SRM)Security Guide
http://help.sap.com SAP SRM Documentation → Documentation →
mySAP Business Suite → mySAP Supplier
Relationship Management → SAP SRM 4.0 SP01
http://service.sap.com/instguidesSAP SRM Installation Guide →
mySAP Business Suite Solutions → mySAP SRM → Using SAP SRM <your version>
http://help.sap.com SAP ERP Documentation → Documentation →
mySAP Business Suite → SAP ERP Central
Component→ mySAP ERP 2005
http://service.sap.com/instguidesSAP ERP Installation Guide →
mySAP Business Suite Solutions → mySAP ERP → Using SAP ERP <your version>
http://service.sap.com/securityguideSAP ERP Component SecurityGuide
→
mySAP ERP Security Guides -> SAP ERP CentralComponent Security Guide
http://service.sap.com/securityguideSAP CRM Component SecurityGuide
→
mySAP CRM Security Guides -> SAP CRM SecurityGuide
http://help.sap.com SAP CRM Documentation → Documentation →
mySAP Business Suite → SAP CRM CentralComponent→ mySAP CRM 2005
http://service.sap.com/instguidesSAP CRM Installation Guide →
mySAP Business Suite Solutions → mySAP CRM → Using SAP CRM <your version>
For a complete list of the available SAP Security Guides, see the Quick Link securityguide onthe SAP Service Marketplace.
Important SAP Notes
Refer to the Component Security Guides of SAP SCM and mySAP ERP for the mostimportant SAP Notes that apply to the security of the business scenarios of SAP for Retail.
Addit ional Informat ion
For more information about specific topics, see the Quick Links as shown in the table below.
Quick Links to Addit ional Information
Content Quick Link on the SAP ServiceMarketplace
Security service.sap.com/security
Security Guides service.sap.com/securityguide
Related SAP Notes service.sap.com/notes
Released platforms service.sap.com/platforms
SAP for Retail - Security Guide 670 8
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 9/22
SAP Online Help 21.10.2005
Network security service.sap.com/network
service.sap.com/securityguide
Technical infrastructure service.sap.com/ti
SAP Solution Manager service.sap.com/solutionmanager
Technical System Landscape
Use
The following table lists where you can find more information about the technical systemlandscape.
More Information about the Technical System Landscape
Topic Guide/Tool Quick Link to the SAPService Marketplace(service.sap.com )
Technical SystemLandscape
SAP for Retail Master Guide instguides
Technical SystemLandscape & Installation
SCM Installation Guide(s) instguides
SRM Installation Guide(s)
SAP R/3; SAP R/3Enterprise and ECC 6.0Installation Guide(s)
SAP CRM 5.0
Security security
User Administration and AuthenticationThe business scenarios of SAP for Retail uses the user management and authenticationmechanisms provided with the SAP NetWeaver platform. Therefore, the securityrecommendations and guidelines for user administration and authentication as described inthe SAP Web AS Security Guide for ABAP Technology [External] and SAP Web AS SecurityGuide for Java Technology [External] also apply to the business scenarios of SAP for Retail.
In addition to these guidelines, we include information about user administration andauthentication that specifically applies to the business scenarios of SAP for Retail in thefollowing topics:
User Management [Page• 10]
User Data Synchronization [Page• 10]
Integration into Single Sign-On Environments [Page• 10]
SAP for Retail - Security Guide 670 9
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 10/22
SAP Online Help 21.10.2005
User Management
User Administration Tools
For more information about user management tools, see User Management in the SAP SCM
Component Security Guide, SAP ERP Component Security Guide, SAP SRM ComponentSecurity Guide, SAP CRM Component Security Guide and SAP Netweaver Security Guides
For information about user types, see SAP NetWeaver Security Guide → User
Administration and Authentication→ User Management → User Types.
For information about SAP NetWeaver Standard Users, see SAP NetWeaver
Security Guide → SAP WebAS Security Guide for ABAP Technology → User
Authentication→ Protecting Standard Users.
For information about SAP NetWeaver password rules, see the SAP NetWeaver
documentation, under Security→ Identity Management → Users and Roles
(BC-SEC-USR)→ User Maintenance → Logon and Password Security in theSAP System → Password Rules.
User Data SynchronizationFor more information about user data synchronization, see the SAP ERP Component SecurityGuide, SAP SRM Component Security Guide, SAP SCM Component Security Guide, SAP
CRM Component Security Guide → User Data Synchronization.
Integration into Single Sign-On EnvironmentsFor more information, see the SAP ERP Component Security Guide, SAP SRM ComponentSecurity Guide, SAP SCM Component Security Guide, SAP CRM Component Security Guide
→ Integration into Single Sign-On Environments.
Authorizations
For more information about this topic see the underlying SAP ERP ComponentSecurity Guide, SAP SRM Component Security Guide, SAP SCM Component
Security Guide, SAP CRM Component Security Guide → Authorizations.
Complete overview of Retail specific authorization objects please see underlyingSAP ERP Component Security Guide.
Scenario related authorization objects:
Merchandise & Assortment Planning
ERP based authorization objects
Authorizat ion Object Name Name
W_ASORT Authorization for Assortment Maintenance
Authorization for the Assignment ofW_ASORT_ST
Assortments to PlantsW_CM_CDT IS-R Authorization for Maintenance of Article
SAP for Retail - Security Guide 670 10
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 11/22
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 12/22
SAP Online Help 21.10.2005
Category Business Planning
BW based authorization objects
Authorizat ion Object Name Name
W_CMCDT2 Article Hiearchy Maintenance in BI
W_MAP_ALA Assignment of locations to assortments
W_MAP_AD Replaced by W_MAP_ALA as of BW 7.02
W_MAP_ASRT Assortment Maintenance
Slow Seller Management and ReleaseWorkbench
W_MAP_SSM
W_MAP_BUTY Budget Type Maintenance
/MAP/EVOCC MAP Authorizations for Event Occurrences
/MAP/AVASS MAP Authorizations for Assignment to Events
Authorization for Credit Card Numbers inPIPE
W_POS_CCNR
W_POS_STAT Authorization for PIPE Tasks
W_POS_TRAN Authorization for POS Transaction Data
Assortment Management
ERP based authorization objects
Authorizat ion Object Name Name
W_ASORT Authorization for Assortment Maintenance
Authorization for the Assignment ofW_ASORT_ST
Assortments to Plants
IS-R Authorization for Maintenance of ArticleW_CM_CDT
Hierarchies
W_LISTVERF IS-R Authorization to Use Listing Procedure
W_LIST_EAC Authorization Acceptance for Listing Errors
IS-R Authorization Action: PurchasingW_WAKH_EKO
Organization/Purchasing Group
WLM Assignment of Articles for Layout Modules
Creation of Assortments per Layout ModuleWLMLOCLIST
and Store
WLMVREL Release of Layout Module VersionWLMVV Layout Module Version Variant Maintenance
SAP for Retail - Security Guide 670 12
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 13/22
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 14/22
SAP Online Help 21.10.2005
Purchasing Organization in Purchasing InfoRecord
M_EINF_EKO
IS-R Authorization Sales Price CalculationW_VKPR_VKO
Distribution Chain (obsolete)
IS-R Authorization Sales Price Calculation:W_VKPR_VTL
Distribution Chain
IS-R Authorization Sales Price Calculation:W_VKPR_PLT
Distribution Chain/Price List
IS-R Authorization Sales Price Calculation:W_VKPR_WRK
Distribution Chain/Plant
V_KONH_VKS Condition: Authorization for Condition Types
Condition: Authorization for SalesOrganizations
V_KONH_VKO
IS-R Authorization Document Type AllocationW_AUFT_BAA Table
IS-R Authorization Document Type AllocationW_AUFT_BAR
Rule
IS-R Authorization Allocation Table:W_AUFT_RMB
Display/Confirmation per Plant
W_LISTVERF IS-R Authorization to Use Listing Procedure
W_LIST_EAC Authorization Acceptance for Listing Errors
IS-R Authorization Action: PurchasingW_WAKH_EKO
Organization/Purchasing Group
W_WAKH_MAT IS-R Authorization Action: Material Number
W_WAKH_THE IS-R Authorization Promotion: Theme
IS-R Authorization Action: SalesW_WAKH_VKO
Organization/Distribution Channel
W_BUDG_TY Budget Type
Requirements Planning & Replenishment
No specific authorization objects.
Vendor Managed Inventory
No specific authorization objects.
Al location
ERP based authorization objects
Authorizat ion Object Name Name
IS-R Authorization Document Type AllocationW_AUFT_BAA
Table
IS-R Authorization Allocation Table:W_AUFT_RMB
Display/Confirmation per Plant
W_GROUPTYP Authorization to Manage Site Grouping
SAP for Retail - Security Guide 670 14
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 15/22
SAP Online Help 21.10.2005
W_LISTVERF IS-R Authorization to Use Listing Procedure
W_LIST_EAC Authorization Acceptance for Listing Errors
W_GROUPTYP Authorization to Manage Site Grouping
Purchase Order Management
ERP based authorization objects
Authorizat ion Object Name
W_ASORT Authorization for Assortment Maintenance
Authorization for the Assignment ofW_ASORT_ST
Assortments to Plants
IS-R Authorization Document Type AllocationW_AUFT_BAA
Table
IS-R Authorization Document Type AllocationW_AUFT_BARRule
IS-R Authorization Allocation Table:W_AUFT_RMB
Display/Confirmation per Plant
IS-R Authorization for Maintenance of ArticleW_CM_CDT
Hierarchies
IS-R Authorization for MerchandiseDistribution
W_FRM
W_GROUPTYP Authorization to Manage Site Grouping
W_LISTVERF IS-R Authorization to Use Listing Procedure
W_LIST_EAC Authorization Acceptance for Listing Errors
IS-R Markdown Planning Authorization:MTYP,W_MARKDOWNMATCL, SOrg, DChl
Retail Authorization: Create and MaintenanceW_PRICATIN
PRICAT per Purchasing Group
W_REF_SITE Authorization to Clean MMSITEREF Table
IS-R Authorization: Allow Changes toW_STRU_CHG
Structured Material
W_TRAN_CCR IS-R Authorization: SAP Transaction
IS-R Automatic Document Adjustment:W_WIND_TYP
Authorization for Document Type
W_WTAD_AM IS-R Authorization for Additionals Monitor
IS-R Authorization Additionals:W_WTAD_ASL
Vendor/Purchase Order List
Request Additionals-IDoc via BAPI CallW_WTAD_IR
Function
IS-R Authorization: Status Update forW_WTAD_ISU
Additionals IDoc
SAP for Retail - Security Guide 670 15
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 16/22
SAP Online Help 21.10.2005
Standard Authorization Objects of SAP for Retail (Software Component EA-RETAIL)
Authorizat ion Object Name
Material Hierarchy: Horizontal Hierarchy
Maintenance
WRF_CDT_H
Material Hierarchy: Vertical Hierarchy and Attribute Maint.
WRF_CDT_V
Authorization Follow-up/Replacement MaterialRelationship
WRF_FOLUP
WRF_GH_AUT Generic Hierarchy: Authorization Check
WRF_OTBSPR Authorization Check OTB Special Release
W_BUDG_TY Budget Type
F_LFA1_APP Vendor: Application Authorization
M_BEST_BSA Document Type in Purchase Order
M_BEST_EKG Purchasing Group in Purchase Order
M_BEST_EKO Purchasing Organization in Purchase Order
M_BEST_WRK Plant in Purchase Order
M_BEST_LGO Plant/Storage Location in Purchase Order
We recommend that you assign the following transactions only to special administrator roles.These transactions should not be used by end users and are therefore not part of thestandard SAP Easy Access menu:
WBUDG01 Activate Budget Type
WBUDG02 Transport Budget Type
WBUDG03 Reorganize Budget Type
WPCTRD Delete completed Items
WPCTRQ Handling of remaining Quantities
For SRM related authorization objects, see the SAP SRM Security Guide(especially ABAP Roles for SRM 4.0/ Enterprise Buyer 5.0).
SAP for Retail - Security Guide 670 16
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 17/22
SAP Online Help 21.10.2005
Store Merchandise Management
ERP based authorization objects
Authorizat ion Object Name Name
IS-R Authorization Allocation Table:
W_AUFT_RMB Display/Confirmation per Plant
W_ONLSTORE Authorization for Starting Online Store
Retail Authorization: Create and MaintenanceW_PRICATIN
PRICAT per Purchasing Group
Authorizations for Open Store PhysicalW_SRS_POS
Inventory
Retail Store – Authorization for Daily PriceW_SRS_VKPF
Maintenance
W_STWB_WRK SAP Retail Store: Stores
W_TRAN_CCR IS-R Authorization: SAP Transaction
IS-R Authorization Sales Price Calculation:W_VKPR_WRK
Distribution Chain/Plant
W_WAKH_MAT IS-R Authorization Action: Material Number
W_WAKH_THE IS-R Authorization Promotion: Theme
IS-R Authorization Action: SalesW_WAKH_VKO
Organization/Distribution Channel
IS-R Authorization Sales Price Revaluation:W_WBEF_WRK
Distribution Chain/Plant
IS-R Authorization Additionals:W_WTAD_ASL
Vendor/Purchase Order ListRequest Additionals-IDoc via BAPI Call
W_WTAD_IRFunction
IS-R Authorization: Status Update forW_WTAD_ISU
Additionals IDoc
Instore Customer Relationship Management
ERP based authorization objects
Authorizat ion Object Name Name W_ONLSTORE Authorization for Starting Online Store
W_PCAT_LAY Authorization: Product Catalog - Layout Area
W_PCAT_MTN Authorization: Product Catalog - Maintenance
Retail Authorization: Create and MaintenanceW_PRICATIN
PRICAT per Purchasing Group
Authorizations for Open Store PhysicalW_SRS_POS
Inventory
Retail Store – Authorization for Daily PriceW_SRS_VKPF
Maintenance
W_STWB_WRK SAP Retail Store: Stores
SAP for Retail - Security Guide 670 17
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 18/22
SAP Online Help 21.10.2005
W_TRAN_CCR IS-R Authorization: SAP Transaction
IS-R Authorization Sales Price Calculation:W_VKPR_WRK
Distribution Chain/Plant
IS-R Authorization Action: PurchasingW_WAKH_EKO
Organization/Purchasing Group
W_WAKH_MAT IS-R Authorization Action: Material Number
W_WAKH_THE IS-R Authorization Promotion: Theme
IS-R Authorization Action: SalesW_WAKH_VKO
Organization/Distribution Channel
IS-R Authorization Sales Price Revaluation:W_WBEF_WRK
Distribution Chain/Plant
IS-R Authorization Additionals:W_WTAD_ASL
Vendor/Purchase Order List
Request Additionals-IDoc via BAPI CallW_WTAD_IR
FunctionIS-R Authorization: Status Update for
W_WTAD_ISU Additionals IDoc
Store Connectivity
ERP based authorization objects
Authorizat ion Object Name Name
W_ASORT Authorization for Assortment Maintenance
Authorization for the Assignment ofW_ASORT_ST Assortments to Plants
W_GROUPTYP Authorization to Manage Site Grouping
W_LISTVERF IS-R Authorization to Use Listing Procedure
W_LIST_EAC Authorization Acceptance for Listing Errors
IS-R Markdown Planning Authorization:MTYP,W_MARKDOWNMATCL, SOrg, DChl
W_PCAT_MTN Authorization: Product Catalog - Maintenance
Authorizations for Open Store Physical
W_SRS_POS Inventory
W_STWB_WRK SAP Retail Store: Stores
W_TRAN_CCR IS-R Authorization: SAP Transaction
IS-R Authorization Sales Price Calculation:W_VKPR_PLT
Distribution Chain/Price List
IS-R Authorization Sales Price CalculationW_VKPR_VKO
Distribution Chain
IS-R Authorization Sales Price Calculation:W_VKPR_VTL
Distribution Chain
IS-R Authorization Sales Price Calculation:W_VKPR_WRK Distribution Chain/Plant
SAP for Retail - Security Guide 670 18
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 19/22
SAP Online Help 21.10.2005
IS-R Authorization Action: PurchasingW_WAKH_EKO
Organization/Purchasing Group
W_WAKH_MAT IS-R Authorization Action: Material Number
W_WAKH_THE IS-R Authorization Promotion: Theme
IS-R Authorization Action: SalesW_WAKH_VKOOrganization/Distribution Channel
IS-R Authorization Sales Price Revaluation:W_WBEF_WRK
Distribution Chain/Plant
IS-R Authorization Additionals:W_WTAD_ASL
Vendor/Purchase Order List
Request Additionals-IDoc via BAPI CallW_WTAD_IR
Function
Runtime Measurement - Authorization toW_WTRA_LOG
Delete Data Records
BW based authorization objects:
Authorizat ion Object Name
Authorizations for credit card numbers inPIPE
W_POS_CCNR
W_POS_STAT Authorizations for PIPE tasks
W_POS_TRAN Authorizations for POS transaction data
Store Analytics
BW based authorization objects
Authorizat ion Object Name
Authorizations for credit card numbers inPIPE
W_POS_CCNR
W_POS_STAT Authorizations for PIPE tasks
W_POS_TRAN Authorizations for POS transaction data
Workforce Deployment
Refer to the Scenario Security Guide of Workforce Deployment.
Network and Communication SecurityThis section contains information about network and communication security in an SAPsystem landscape.
This involves, for example:
•
Communication channel security• Network security
SAP for Retail - Security Guide 670 19
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 20/22
SAP Online Help 21.10.2005
• Communication destinations
For more information about the SAP Retail Solution, see the SAP ERP Central Component
Security Guide under Retail → .Network and Communication Security
Communication Channel Security As communication channels transfer all kinds of business data, they should be protectedagainst unauthorized access. SAP offers general recommendations and technologies toprotect your system landscape based on SAP NetWeaver.
To achieve a secure system landscape, you should activate the Secure NetworkCommunication (SNC) for RFC and Secure Sockets Layer Protocol (SSL) forhttp within all communication channels in the GDS business scenario.
For information about the communication security of SAP NetWeaver, see theSAP Service Marketplace at service.sap.com/securityguide → SAP
NetWeaver Security Guide → Network and Communication Security.
For information about security aspects for connectivity and interoperability ofSAP NetWeaver, see the SAP Service Marketplace at
service.sap.com/securityguide → SAP NetWeaver Security Guide →
Security Aspects for Connectivity and Interoperability.
The table below shows the communication paths used by the business scenario, the protocolused for the connection, and the type of data transferred.
Communication Paths
CommunicationPath
Protocol Used Type of DataTransferred
Data RequiringSpecial Protection
Front-end client usingSAP GUI forWindows toapplication server
DIAG All application data For example,passwords, businessdata
Front-end client usinga Web browser toapplication server
HTTP(S) All application data For example,passwords, businessdata
Application server toapplication server
RFC, HTTP(S) Integration data Business data
DIAG and RFC connections can be protected using Secure Network Communications (SNC).HTTP connections are protected using the Secure Sockets Layer (SSL) protocol.
For more information, see the SAP Service Marketplace at
service.sap.com/securityguide → SAP NetWeaver Security Guide → Transport
Layer Security.
Network SecurityFor more information about network security, see the SAP ERP Component Security Guide,
SAP Supplier Relationship Management Security Guide, SAP Supply Chain Management
SAP for Retail - Security Guide 670 20
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 21/22
SAP Online Help 21.10.2005
Security Guide; SAP Customer Relationship Management Security Guides Security Guide → Network Security.
Communication Destinations
Users and authorizations for connection destinations can cause high securityflaws if used carelessly.
Golden Rules for connection users and authorizations:
• Choose user type "communication" or "system".
• Assign only the minimum required authorizations to the user.
• Choose a secure and secret password for the user!
• Store only connection user logon data for users of type "system".
• Choose "trusted system" functionality when ever possible instead ofstoring connection user logon data.
Connection Destinations
For more information about network security, see the SAP ERP Component Security Guide,
SAP SRM Component Security Guide, SAP SCM Component Security Guide → NetworkSecurity.
Other Security-Relevant Information
Web Browser as User Front End
To use the Web browser as a user front end, you have to activate Java script (ActiveScripting) to ensure a working user interface. This could conflict with your security policyregarding Web services.
Appendix
Related Security Guides
You can find more information about the security of SAP applications on the SAP ServiceMarketplace, Quick Link security. Security guides are available under the Quick Link
securityguide.
Related Information
For more information about topics related to security, see the following links:
Quick Links to Related Information
Content Quick Link on the SAP ServiceMarketplace (service.sap.com )
instguidesMaster Guides, Installation Guides, UpgradeGuides, Solution Management Guides
ibc
notesRelated SAP Notes
platformsReleased platforms
SAP for Retail - Security Guide 670 21
8/10/2019 SAP for Retail%3a Scenario Security Guide
http://slidepdf.com/reader/full/sap-for-retail3a-scenario-security-guide 22/22