Regardless of whether you are an SAP administrator/security administrator or an IT security strategist, you probably have come across the term Netweaver Security Framework and wondered how this is going to affect your job. The term Netweaver Security is used to refer to the framework that Netweaver delivers with regards to security features and functions for SAP applications. All SAP applications running on Netweaver use this framework.
But what does it offer?
The good news is that nothing that you are already familiar with goes away as regards to security features and functions with SAP. For example User Management in an ABAP stack will still be done via transaction SU01. Role Creation in an ABAP stack will still be done via transaction PFCG. Encryption of communication paths will use SNC or SSL, etc... Within the Netweaver Security framework you will most likely find NEW features and functions, for example roles and user management for Java applications on the J2EE Engine, SAML and JAAS as mechanisms for authentication or XML Signatures for web services.
And what is not considered part of Netweaver Security? Any security feature that is application-specific. For example the authorization concept for ABAP applications comes from the security framework delivered with Netweaver. However, the actual application-specific authorization object is supported by the application, e.g. P_PERNR is HR-specific, F_BNKA_BUK is FI-specific. You will not be able to find these authorization objects in Netweaver. They only live in the application, which in case of those two objects would be mySAP ERP or lower releases.
Where do you find information about Netweaver Security? The very fact that you are reading this weblog, means you have already made it to an excellent starting place. You found the security homepage in SDN. SAP customers should also check out the Security Homepage on the SAP Service Marketplace, which holds overview presentations as well as detailed configuration guides. Last but not least you should not forget to check out the Online Help and Documentation.
To grasp how to configure your SAP systems securely those recommendations are made available in the what we call security guides. You can find these guides in the Online Help or on the SAP Service Marketplace: SAP Security Guides You will find Netweaver Security guides there as well as application-specific security guides. We recommend that you check out this link on a regular basis, because we aim to release new application-specific guides on a regular basis.
