sg sapmii 122 security guide

Security GuideSAP Manufacturing Integration and Intelligence 12.2

Target Audience

n Technology consultantsn System administrators

PUBLICDocument version: 1.1 ‒ 11/25/2010

Document History

Caution

Before you start the implementation, make sure you have the latest version of this document. Youcan find the latest version at the following location: https://service.sap.com/instguides.

The following table provides an overview of the most important document changes.VersionDateDescription

Version Date Description

Version1.0

6/16/20 Initial installation

1.1 11/25/2010 Added Chapters 3, 7, 9, 10, 13, and 14

2/42 PUBLIC 11/25/2010

https://service.sap.com/instguides



Table of Contents

Chapter 1 SAP Manufacturing Integration and Intelligence . . . . . . . . . 5

Chapter 2 Technical System Landscape . . . . . . . . . . . . . . . . . 7

Chapter 3 Security Aspects of Data, Data Flow and Processes . . . . . . . . 9

Chapter 4 User Administration and Authentication . . . . . . . . . . . . 11

Chapter 5 Authorizations . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 6 Session Security Protection . . . . . . . . . . . . . . . . . . 15

Chapter 7 Session Security Protection on the AS Java . . . . . . . . . . . . 17

Chapter 8 Network and Communication Security . . . . . . . . . . . . . 19

Chapter 9 Communication Channel Security . . . . . . . . . . . . . . . 21

Chapter 10 Network Security . . . . . . . . . . . . . . . . . . . . . . 23

Chapter 11 Communications Destinations . . . . . . . . . . . . . . . . 25

Chapter 12 Data Storage Security . . . . . . . . . . . . . . . . . . . . 27

Chapter 13 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Chapter 14 Enterprise Services Security . . . . . . . . . . . . . . . . . 31

Chapter 15 Security Logging and Tracing . . . . . . . . . . . . . . . . . 33

Chapter A Reference . . . . . . . . . . . . . . . . . . . . . . . . . 35A.1 The Main SAP Documentation Types . . . . . . . . . . . . . . . 35

11/25/2010 PUBLIC 3/42

4/42 PUBLIC 11/25/2010

1 SAP Manufacturing Integration and Intelligence

1 SAP Manufacturing Integration andIntelligence

The SAP Manufacturing Integration and Intelligence (SAP MII) is powered by the SAP NetweaverComposition Environment (SAP NetWeaver CE) 7.1 EHP1. Therefore, the corresponding SecurityGuides also apply to the SAP MII. Pay particular attention to the most relevant sections or specificrestrictions as indicated in the table below.Fundamental Security Guides

Scenario, Application or Component Security Guide

SAP NetWeaver CE 7.1 EHP1 SP05 -http://help.sap.com/saphelp_nwce711core/helpdata/en/45/a3f4af42f90d36e10000000a114a6b/frameset.htm

For a complete list of the available SAP Security Guides, see http://service.sap.com/securityguideon the SAP Service Marketplace.

11/25/2010 PUBLIC 5/42

http://help.sap.com/saphelp_nwce711core/helpdata/en/45/a3f4af42f90d36e10000000a114a6b/frameset.htm

http://service.sap.com/securityguide

This page is left blank for documentsthat are printed on both sides.

2 Technical System Landscape

2 Technical System Landscape

SAP MII supports several inbound and outbound communications channels. External systems caninteract with SAP MII through the following channels:

n HTTP

n HTTPS

n Web service

n IDoc

n RFC

n Enterprise JavaBeans (EJB)n Java Message Services (JMS)

All requests to SAP MII must go through the SAP User Management Engine in SAP ERP for basicauthentication or single sign-on (SSO) authentication.All user interaction with SAP MII is handled in HTTP or HTTPS and must go through the SAPuser management engine for authentication.For communication with SAP ERP, you can use the SAP Java Resource Adapter (SAP JRA), SAP JavaConnector (SAP JCo), or Web services. For security reasons, we recommend SAP JRA instead of SAPJCo. For more information about configuring an SAP JRA connection to an ERP system, see the SAPNetWeaver CE application help on the SAP Help Portal at http://help.sap.com/nwce.Different SAP MII systems communicate through virtual servers using HTTPS communicationchannels. For security reasons, we recommend you always use HTTPS.For communication with shop floor systems, you can use the SAP xApp Manufacturing Integrationand Intelligence Universal Data Servers (SAP xMII UDS). Communication between SAP MII and SAPxMII UDS is based on TCP/IP and uses a proprietary binary protocol. For more information aboutSAP xMII UDS, see the SAP Help Portal at http://help.sap.com Composite Applications CompositeApplications Manufacturing Integration and Intelligence SAP xMII UDS 4.0 .You can integrate SAP MII into SAP NetWeaver Development Infrastructure (NWDI) using an HTTPScommunication channel. All requests from SAP MII to NWDI go through the SAP user managementengine for authentication on the NWDI side. For more information, see the security guide for SAPNetWeaver CE on the SAP Service Marketplace at http://service.sap.com/securityguide.

11/25/2010 PUBLIC 7/42

http://help.sap.com/nwce

http://help.sap.com


3 Security Aspects of Data, Data Flow and Processes

3 Security Aspects of Data, Data Flowand Processes

The figure below shows an overview of the process flow for the SAP MII.

Figure 1:

The table below shows the security aspect to be considered for the process step and what mechanismapplies.

Step Description Security Measure

Web Pages ( HTML/JSP/IRPT)communicates to AS Java

Secured protocol HTTPS isrecommended

Applets communicates to AS Java Secure applet ‒ servlet connectionis used

11/25/2010 PUBLIC 9/42

3 Security Aspects of Data, Data Flow and Processes

Step Description Security Measure

SAP MII Business transactioncommunicates with SAP BusinessSystem

SAP Jco, SAP JRA or Web servicescan be used. For security reasonsSAP JRA is recommended.

SAP Data Server communicateswith Database and UDS

TCP/IP and proprietary binaryprotocol is used

SAP MII communicates with SAPNWDI

All requests from SAP MIIto NWDI are through SAuser management engine forauthentication on the NWDI side.HTTPS Communication channelis used.

10/42 PUBLIC 11/25/2010

4 User Administration and Authentication


SAP MII uses the user management and authentication mechanisms provided with the SAPNetWeaver platform, in particular the SAP NetWeaver Application Server Java. Therefore, the securityrecommendations and guidelines for user administration and authentication as described in the SAPNetWeaver Application Server Java Security Guide also apply to SAP MII. For more information, seethe SAP Help Portal at http://help.sap.com/nwce SAP NetWeaver Composition Environment LibraryAdministrator’s Guide SAP NetWeaver CE Security Guide Security Guides for CE Core Components SAPNetWeaver Application Server Java Security Guide .In addition to these guidelines, we include information about user administration and authenticationthat specifically applies to SAP MII.

User Management

User management for SAP MII uses the mechanisms provided with SAP NetWeaver ApplicationServer Java, such as tools and password policies. SAP MII does not support the SAP NetWeaverTechnical User concept.

User Administration Tools

User management and user administration in SAP MII is handled by the SAP User ManagementEngine in SAP ERP.

Standard Users

There are no standard users provided with SAP MII. You must create users in the SAP UserManagement Engine in SAP ERP.

Integration Into Single Sign-On Environments

SAP MII supports the SSO mechanisms provided by SAP NetWeaver CE. Therefore, the securityrecommendations and guidelines for user administration and authentication as described in the SAPNetWeaver CE Security Guide also apply to SAP MII. The supported mechanisms are as follows:

Secure Network Communications (SNC)

SNC is available for user authentication and provides for an SSO environment when using remotefunction calls.For more information, see Secure Network Communications (SNC) in the SAP NetWeaver Application ServerSecurity Guide.

11/25/2010 PUBLIC 11/42



SAP Logon Tickets

SAP MII supports the use of logon tickets for SSO when using a Web browser as the front-end client.In this case, users can be issued a logon ticket after they have authenticated themselves with the initialSAP system. The ticket can then be submitted to other systems (SAP or external systems) as anauthentication token. The user does not need to enter a user ID or password for authentication butcan access the system directly after the system has checked the logon ticket.You can find more information under Logon Tickets in the SAP NetWeaver Application Server Security Guide.

Client Certificates

As an alternative to user authentication using a user ID and passwords, users using a Web browseras a front-end client can also provide X.509 client certificates to use for authentication. In this case,user authentication is performed on the Web server using the Secure Sockets Layer Protocol (SSLProtocol) and no passwords have to be transferred. User authorizations are valid in accordance withthe authorization concept in the SAP system.You can find more information under Client Certificates in the SAP NetWeaver Application Server SecurityGuide.

12/42 PUBLIC 11/25/2010

5 Authorizations

5 Authorizations

SAPMII uses the authorization concept provided by SAPNetWeaver. Therefore, the recommendationsand guidelines for authorizations as described in the SAP NetWeaver Application Server Java Security Guideapply to SAP MII.The SAP NetWeaver authorization concept is based on assigning authorizations to users based onroles. For role maintenance, use the user administration console in the SAP User ManagementEngine in SAP ERP.

Note

For more information about how to create roles, see Creating Authorization Roles in the SAP NetWeaverCE Library help at http://help.sap.com/nwce.

You should assign the users that you set up in the SAP User Management Engine in SAP ERP to thefollowing default roles for SAP MII:

n SAP_XMII_UserUsers assigned to this role have read access but no access to administration screens or the SAP MIIWorkbench.

n SAP_XMII_DeveloperUsers assigned to this role have access to the SAP MII Workbench and some administration screens,such as Time Periods, Connection Store Editor, and Credential Store Editor.

n SAP_XMII_AdministratorUsers assigned to this role have the same permissions as users assigned to the SAP_XMII_User andSAP_XMII_Developer roles, plus administration access except for the following: NWDI integrationconfiguration, encryption configuration, and import and export of configuration data.

n SAP_XMII_Super_AdministratorUsers assigned to this role have access to all SAP MII functions with no limitations.

n SAP_XMII_Read_OnlyUsers assigned to this role have read permission for administration screens and access to theSAP MII Workbench without save permission.

n SAP_XMII_DynamicQueryUsers assigned to this role have permission to run dynamic queries (queries without a querytemplate). By default, this permission is granted to users assigned to the SAP_XMII_Developer rolebut not the SAP_XMII_User role. You can assign this role to specific or all users.

11/25/2010 PUBLIC 13/42


5 Authorizations

For more information, see the SAP MII 12.2 Installation Guide on the SAP Service Marketplace athttp://service.sap.com/instguides SAP Business Suite Applications SAP Manufacturing SAPManufacturing Integration and Intelligence SAP MII 12.2 .In the SAP MII system, you can assign the following components to SAP User Management Engine inSAP ERP roles:

n Data serversFormore information, seeData Servers in the SAPMII applicationhelp at http://help.sap.com SAPBusiness Suite SAP Manufacturing SAP Manufacturing Integration and Intelligence .

n TransactionsFormore information, see Transaction in the SAPMII application help at http://help.sap.com SAPBusiness Suite SAP Manufacturing SAP Manufacturing Integration and Intelligence .

n Query and display templatesFor more information, see Query Template and Display Template in the SAP MII application help athttp://help.sap.com SAP Business Suite SAP Manufacturing SAP Manufacturing Integration andIntelligence .

Note

Assignments to the previous SAP MII components are saved to SAP MII internal tables and arenot persisted in the SAP User Management Engine in SAP ERP repository; therefore, they are notaccessible to SAP risk management tools, such as compliant user provisioning, for tracking criticalauthorization combinations.

14/42 PUBLIC 11/25/2010

http://service.sap.com/instguides

http://help.sap.com

http://help.sap.com

http://help.sap.com

6 Session Security Protection

6 Session Security Protection

To prevent access in javascript or plug-ins to the SAP logon ticket and security session cookie(s), werecommend activating secure session management.We also highly recommend using SSL to protect the network communications where thesesecurity-relevant cookies are transferred.

11/25/2010 PUBLIC 15/42

7 Session Security Protection on the AS Java

7 Session Security Protection on the ASJava

In the Config Tool, edit the following properties for the Web Container service, which controlsecurity-related aspects of HTTP sessions:

Property Recommended Value

SessionIdRegenerationEnabled True

SystemCookiesDataProtection False

NoteSAP MII does not support this property.

SystemCookiesHTTPSProtection True

For more information and detailed instructions, see Session Security Protection [external document] inthe AS Java Security Guide.These properties are supported from MII 12.2 SP02 or higher.You cannot pass sessions between clients if you have set the SessionIdRegenerationEnabled property totrue. For an SAP MII user, the administrator will have to provide credentials for every test andexecution of the webpage fromMII Workbench while developing content on SAP MII. To avoid this,you have to configure Single Sign On feature of AS Java. SPNego login module or X.509 client certificateauthorization can be used to enable Single Sign On in AS Java environment.For more details on configuring SPNego or X.509 based Single Sign On on NW7.11 platform, referSAP Note 1538719.

11/25/2010 PUBLIC 17/42

8 Network and Communication Security

8 Network and Communication Security

Your network infrastructure is important in protecting your system. Your network needs to supportthe communication necessary for your business needs without allowing unauthorized access. Awell-defined network topology can eliminate many security threats based on software flaws (at boththe operating system and application level) or network attacks such as eavesdropping. If users cannotlog on to your application or database servers at the operating system or database layer, there is noway for intruders to compromise the machines and gain access to the backend system’s database orfiles. Additionally, if users cannot connect to the server local area network (LAN), they cannot exploitwell-known bugs and security holes in network services on the server machines.The network topology for SAP MII is based on the topology used by the SAP NetWeaver platform.Therefore, the security guidelines and recommendations described in the SAP NetWeaver CE SecurityGuide also apply to SAP MII. Details that specifically apply to the SAP MII are described in the followingtopics:

n Communication Channel SecurityThis topic describes the communication paths and protocols used by the SAP MII.

n Network SecurityThis topic describes the recommended network topology for the SAP MII. It shows the appropriatenetwork segments for the various client and server components and where to use firewalls foraccess protection. It also includes a list of the ports needed to operate the SAP MII.

n Communication DestinationsThis topic describes the information needed for the various communication paths, for example,which users are used for which communications.

For more information, see the following sections in the SAP NetWeaver Security Guide:

n Network and Communication Security [external document]n Security Aspects for Connectivity and Interoperability [external document]

11/25/2010 PUBLIC 19/42

9 Communication Channel Security

9 Communication Channel Security

The table below shows the communication channels used by the SAP MII, the protocol used forthe connection and the type of data transferred.

CommunicationPath Protocol Used Type of Data TransferredData Requiring SpecialProtection

Frontend client usinga Web browser toapplication server

HTTPS All application data Credential Store Data,ConfigurationsImport/export

Application server to SAPERP

SAP JRA, SAP JavaConnector (SAP JCo),Webservices

All Business Data

Application server to SAPERP SAP JRA, SAP JavaConnector (SAP JCo),Webservices. All BusinessData Application serverto another Applicationserver

HTTPS All Business Data

Application server toshop floor systems

TCP/IP All Business Data

Application server to SAPNWDI

HTTPS All MII Content files

DIAG and RFC connections can be protected using Secure Network Communications (SNC). HTTPconnections are protected using the Secure Sockets Layer (SSL) protocol.

Recommendation

We strongly recommend using secure protocols (SSL, SNC) whenever possible.

For more information, see Transport Layer Security [external document] in the SAP NetWeaver SecurityGuide.

11/25/2010 PUBLIC 21/42

10 Network Security

10 Network Security

SAP MII applets require that you are logged on to SAP MII using HTTP or HTTPS. We recommendthat you use HTTPS.You can logon to a SAP MII with a username and password in the URL or for use in programmaticcalls. This function is included for legacy support only. We recommend that you use HTTPS andpost the username and password parameters rather than include them in the URL. An SAP MIIproprietary binary protocol is used for communication between SAP MII and SAP xMII UDS forincreased transmission speeds. The content of the stream can be sniffed out due to the format of theprotocol. Therefore, communication between the UDS and SAP MII should be transmitted on asecure network. If you are assigned to the SAP_XMII_DynamicQuery role, you can run queries from aURL or a query template. If you are not assigned to this role, you can only run queries when a querytemplate is specified. The mode and data server for the query cannot be changed.When you parameterize SQL queries, you can insert SQL since the Param.x fields are inserted directlyinto the SQL statements before being run. The parameters and SQL are not validated, so you shoulduse caution when parameterizing queries.For more information, see the Network Security and Security Aspects for Database Connectionssections.

11/25/2010 PUBLIC 23/42

11 Communications Destinations

11 Communications Destinations

SAP MII does not deliver preconfigured RFC or JCo destinations or ports.

11/25/2010 PUBLIC 25/42

12 Data Storage Security

12 Data Storage Security

All passwords used in SAP MII content are encrypted based on the SAP MII encryption configuration.Depending on their availability, the SAP MII administrator can select between TripleDES or DESencryption. If encryption is not available (for example, due to export restrictions), passwords areBase64-encoded. Since Base64 encoding is not an encryption method, it is not secure. We recommendthat you use TripleDES for encryption of passwords in SAP MII.The encryption key is automatically generated for every SAP MII installation and cannot be seen orchanged. The SAP MII encryption key is stored in the SAP NetWeaver Secure Storage service of theunderlying SAP NetWeaver installation. For more information, see the SAP NetWeaver CE Security Guide.Credentials, or the combination of a user name and password, are maintained in the SAP MIIcredential store and stored in an encrypted form in the SAP MII database.

Caution

SAPMII custom actions API provides access to secure storage where user credentials are stored. Everycustom action running on an SAP MII server is readable. Since this function is open, only deployreliable custom action packages to your SAP MII system.

SAP MII users and administrators do not have access to the persisted passwords. If you have writeaccess to the SAP MII Workbench and can create transactions, you can reuse credentials in the SAPMII credential store. For more information about credentials, see the SAP MII application help on theSAP Help Portal at http://help.sap.com SAP Business Suite SAP Manufacturing SAP ManufacturingIntegration and Intelligence .When you export SAP MII configuration settings, you must choose an encryption algorithm andenter a pass phrase. All password information in the selected SAP MII configuration is then decryptedwith the SAP MII key that is stored in the SAP NetWeaver Secure Storage service, encrypted againusing the algorithm and pass phrase, and persisted as a ZIP file on the client machine. On the targetSAP MII system, you have to enter the encryption algorithm and pass phrase, then the systemunpacks, decrypts, and encrypts the configuration from the ZIP file according to the encryptionsettings of the target SAP MII system.

Caution

Since the encryption algorithm and pass phrase may have to be communicated to others so it can bemanually entered in the target system, you should take additional security measures to protect thisinformation against misuse. Anyone who knows the encryption algorithm and pass phrase coulddecrypt the credential information and misuse it.

11/25/2010 PUBLIC 27/42

http://help.sap.com

13 Ports

13 Ports

The MII runs on SAP NetWeaver and uses the ports from the AS Java. For more information, see thetopics for AS Java Ports [external document] in the corresponding SAP NetWeaver Security Guides.

11/25/2010 PUBLIC 29/42

14 Enterprise Services Security

14 Enterprise Services Security

The following chapters in the NetWeaver Security Guide and documentation are relevant for allenterprise services delivered with SAP MII:

n Security Guide Web Services [external document]n Recommended WS Security Scenarios [external document]n SAP NetWeaver Process Integration Security Guide

Currently, SAP MII does not support SystemCookiesDataProtection indicator of AS Java. Turn off theindicator in Display Templates screen.

11/25/2010 PUBLIC 31/42

15 Security Logging and Tracing

15 Security Logging and Tracing

Security-relevant changes are logged using a separate category (/system/security/audit/XMII) inthe standard SAP User Management Engine in SAP ERP logging file.Security permissions for data servers and services are written to the security log with the xMIISecurity category. The data includes the previous value and the value to which the securitypermission was changed.Security permissions for transactions and templates are also written to the same log, but only astatus change is noted.

11/25/2010 PUBLIC 33/42

A Reference

A Reference

A.1 The Main SAP Documentation Types

The following is an overview of themost important documentation types that you need in thevarious phases in the life cycle of SAP software.

Cross-Phase Documentation

SAPterm is SAP’s terminology database. It contains SAP-specific vocabulary in over 30 languages, aswell as many glossary entries in English and German.

n Target group:l Relevant for all target groups

n Current version:l On SAP Help Portal at http://help.sap.com Glossary

l In the SAP system in transaction STERM

SAP Library is a collection of documentation for SAP software covering functions and processes.

n Target group:l Consultants

l System administratorsl Project teams for implementations or upgrades

n Current version:l On SAP Help Portal at http://help.sap.com (also available as documentation DVD)

The security guide describes the settings for a medium security level and offers suggestions forraising security levels. A collective security guide is available for SAP NetWeaver. This documentcontains general guidelines and suggestions. SAP applications have a security guide of their own.

n Target group:l System administratorsl Technology consultantsl Solution consultants

n Current version:l On SAP Service Marketplace at http://service.sap.com/securityguide

Implementation

Themaster guide is the starting point for implementing an SAP solution. It lists the requiredinstallable units for each business or IT scenario. It provides scenario-specific descriptions of

11/25/2010 PUBLIC 35/42

http://help.sap.com

http://help.sap.com




A ReferenceA.1 The Main SAP Documentation Types

preparation, execution, and follow-up of an implementation. It also provides references to otherdocuments, such as installation guides, the technical infrastructure guide and SAP Notes.

n Target group:l Technology consultantsl Project teams for implementations

n Current version:l On SAP Service Marketplace at http://service.sap.com/instguides

The installation guide describes the technical implementation of an installable unit, takinginto account the combinations of operating systems and databases. It does not describe anybusiness-related configuration.

n Target group:l Technology consultantsl Project teams for implementations


Configuration Documentation in SAP Solution Manager ‒ SAP Solution Manager is a life-cycleplatform. One of its main functions is the configuration of business scenarios, business processes,and implementable steps. It contains Customizing activities, transactions, and so on, as well asdocumentation.

n Target group:l Technology consultantsl Solution consultants

l Project teams for implementationsn Current version:l In SAP Solution Manager

The Implementation Guide (IMG) is a tool for configuring (Customizing) a single SAP system.The Customizing activities and their documentation are structured from a functional perspective.(In order to configure a whole system landscape from a process-oriented perspective, SAP SolutionManager, which refers to the relevant Customizing activities in the individual SAP systems, is used.)

n Target group:l Solution consultants

l Project teams for implementations or upgradesn Current version:l In the SAP menu of the SAP system under Tools Customizing IMG

Production Operation

The technical operations manual is the starting point for operating a system that runs on SAPNetWeaver, and precedes the application operations guides of SAP Business Suite. The manual refers

36/42 PUBLIC 11/25/2010








users to the tools and documentation that are needed to carry out various tasks, such as monitoring,backup/restore, master data maintenance, transports, and tests.

n Target group:l System administrators


The application operations guide is used for operating an SAP application once all tasks in thetechnical operations manual have been completed. It refers users to the tools and documentationthat are needed to carry out the various operations-related tasks.

n Target group:l System administratorsl Technology consultantsl Solution consultants


Upgrade

The upgrade master guide is the starting point for upgrading the business scenarios and processes ofan SAP solution. It provides scenario-specific descriptions of preparation, execution, and follow-up ofan upgrade. It also refers to other documents, such as upgrade guides and SAP Notes.

n Target group:l Technology consultantsl Project teams for upgrades


The upgrade guide describes the technical upgrade of an installable unit, taking into accountthe combinations of operating systems and databases. It does not describe any business-relatedconfiguration.

n Target group:l Technology consultantsl Project teams for upgrades


Release notes are documents that contain short descriptions of new features in a particular releaseor changes to existing features since the previous release. Release notes about ABAP developmentsare the technical prerequisite for generating delta and upgrade Customizing in the ImplementationGuide (IMG).

n Target group:

11/25/2010 PUBLIC 37/42














l Consultants

l Project teams for upgradesn Current version:l On SAP Service Marketplace at http://service.sap.com/releasenotesl In the SAP menu of the SAP system under Help Release Notes (only ABAP developments)

38/42 PUBLIC 11/25/2010

http://service.sap.com/releasenotes



Typographic Conventions

Example Description

<Example> Angle brackets indicate that you replace these words or characters with appropriateentries to make entries in the system, for example, “Enter your <User Name>”.

ExampleExample

Arrows separating the parts of a navigation path, for example, menu options

Example Emphasized words or expressions

Example Words or characters that you enter in the system exactly as they appear in thedocumentation

http://www.sap.com Textual cross-references to an internet address

/example Quicklinks added to the internet address of a homepage to enable quick access tospecific content on the Web

123456 Hyperlink to an SAP Note, for example, SAP Note 123456

Example n Words or characters quoted from the screen. These include field labels, screen titles,pushbutton labels, menu names, and menu options.

n Cross-references to other documentation or published works

Example n Output on the screen following a user action, for example, messagesn Source code or syntax quoted directly from a programn File and directory names and their paths, names of variables and parameters, and

names of installation, upgrade, and database tools

EXAMPLE Technical names of system objects. These include report names, program names,transaction codes, database table names, and key concepts of a programming languagewhen they are surrounded by body text, for example, SELECT and INCLUDE

EXAMPLE Keys on the keyboard

11/25/2010 PUBLIC 39/42

http://www.sap.com

http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=123456&_NLANG=en&_NVERS=0

http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=123456&_NLANG=en&_NVERS=0

SAP AGDietmar-Hopp-Allee 16

69190 WalldorfGermany

T +49/18 05/34 34 34F +49/18 05/34 34 20

www.sap.com

© Copyright 2010 SAP AG. All rights reserved.

Some software products marketed by SAP AG and its distributors contain proprietary software components of othersoftware vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10,z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server,PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX,Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe SystemsIncorporated in the United States and/or other countries.Oracle is a registered trademark of Oracle Corporation.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registeredtrademarks of Citrix Systems, Inc.HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium,Massachusetts Institute of Technology.Java is a registered trademark of Sun Microsystems, Inc.JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implementedby Netscape.SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, and other SAP products andservices mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germanyand other countries.Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence,Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarksor registered trademarks of Business Objects Software Ltd. in the United States and in other countries.All other product and service names mentioned are the trademarks of their respective companies. Data contained in thisdocument serves informational purposes only. National product specifications may vary.These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies(“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall notbe liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services arethose that are set forth in the express warranty statements accompanying such products and services, if any. Nothing hereinshould be construed as constituting an additional warranty.

This document was created using stylesheet 2007-12-10 (V7.2) / XSL-FO: V5.1 Gamma and XSLT processor SAXON 6.5.2from Michael Kay (http://saxon.sf.net/), XSLT version 1.

40/42 PUBLIC 11/25/2010

DisclaimerSome components of this product are based on Java™. Any code change in these components may cause unpredictable andsevere malfunctions and is therefore expressly prohibited, as is any decompilation of these components.Any Java™ Source Code delivered with this product is only to be used by SAP’s Support Services and may not be modified oraltered in any way.

Documentation in the SAP Service MarketplaceYou can find this document at the following address: http://service.sap.com/instguides

11/25/2010 PUBLIC 41/42




SAP AGDietmar-Hopp-Allee 1669190 WalldorfGermanyT +49/18 05/34 34 34F +49/18 05/34 34 20www.sap.com

© Copyright 2010 SAP AG. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may bechanged without prior notice.

sg sapmii 122 security guide

Documents