Skip to Content
What is available with regards to Security Services @ SAP? We will take a look at various different services and information hot spots that you can use to grasp SAP Security features and functions.

Good places to hunt for security information are the Service Marketplace and the SDN. On the service marketplace you find Security Homepage. This is the information hub for security-related topics for SAP Netweaver. You can find overview presentations as well as detailed cookbooks here. Cookbooks include but are not limited to: How to configure SSL, How to configure a Directory Integration, How to configure users and roles? How to configure a CUA? How to implement the Cryptographic Library? You’ll find these in the Security in Detail link on the Security homepage. Also you will find an interactive version of the Security Solution Map, a tool that helps you find what security features and functions are available, planned or currently not in scope with SAP.

On SDN we also have a security homepage that holds articles, replays of webcasts and weblog posts on security topics.

Then we have the Security Guides that hold recommendations on how to configure SAP systems securely. They can also be found on the Service Marketplace: Security Guides on the Service Marketplace. Their target group are technical staff and/or security administrators for Netweaver Security and application-specific security. Please check this link on a regular basis, as we aim to expand the guides on a regular basis.

A security vulnerability check for SAP that was available since last year is the Security Optimization Service. It checks your SAP basis, the SAP Router, the Business Connector and the Internet Transaction Server for security misconfigurations and vulnerabilities. It includes password checks, batch input checks, basis administration checks, change control checks, etc… You can order this service here: Support Portal on the SAP Service Marketplace – Maintenance & Services – Service Catalog. Select SAP Solution Management Optimization. You can also get a free version of this service via with the newest Solution Manager Content Plug in ST-SER 2005_1. For more details please check out SAP note: 837490. The check will come with a result report that makes suggestions on what to configure differently. You have the option to fix it yourself or get SAP Security Consulting onsite to do it for you.

If you are in need of SAP’s Security Consulting Team you can reach them via email:

Speaking of Security Consulting, if you are an SAP Security Consultant you might want to look into becoming certified. You can now get an SAP certification called Advanced Technical Consultant with the specialization in SAP Security. The certification is a 3 hour multiple choice test of 80 some questions on security topics like user management, cryptography and encryption, network basics, ITS security, Single Sign-On, Web Application Server security, AIS and other monitoring tools, etc… SAP courses recommended for preparation are ADM940 (Authorization Concept), ADM950 (Secure SAP System Management) and ADM960 (Security in SAP System Environments). You can find more info here: Certification Homepage. –> SAP Consultant Certification –> SAP NetWeaver (mySAP Technology). Good Luck!

SAP allows for a lot of security features and functions by configuration. But these can be enhanced by leveraging partner products. You can find a list of certified partner products here: Security Partner.

If you are a potential partner and wish to know more about our APIs and how to become certified, please check out the information of our Integration and Certification Center.

If you tried to hunt for security-related SAP information, but did not succeed after having checked the above mentioned links, surfed through the online help and browsed through SAP notes, you can send us, the Security Product Management Team, an email: This is an open email address for customers, partners and SAP employees for SAP security questions. We sometimes get urgent emails, where the sender informs us that he/she lost his/her secure ID card. That is not a question where we can be of help, although the sender definitely has our empathy. But general SAP security product questions are welcome.

Have fun leveraging the security services mentioned in this weblog post!

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

    1. Hi Allaine Tabilin,

      thanks for catching these ones. Checked and updated.

      Kind regards,
      Gerlinde Zibulski

    2. Former Member
      We have configured CUA for managing user admin across 10 clients with different SAP components. But now facing peculiar problem.
      Is there any way through which we can add multiple users to specific role when CUA is configured??
      Actually in CUA, there is one controller client where the userids are created and there is a virtual link to roles (which are created in different child clients). Now when I go to PFCG of Controller client & try to execute some role, system says the role is not present in controller client. So how can I add multiple users to the said role. However if I go to PFCG of particular child client, then the USER tab of PFCG screen is disabled.
      In this sceneriao, I have to go to Su01 in controller client & select user one by one and add the specific role, though I actually want one role to be assigned to multiple users.
      In transaction SCUM, we have defined ROLE ASSIGNMENT as GLOBAL. Is this something related to that setting? Please comment & suggest on this.
      1. Hi Shailendra,

        when using CUA the idea is to create and maintain all users including role assignment centrally. That is why the tab strip user assignment in the profile generator (transaction pfcg) is not available, because you should not do the role assignment locally in transaction pfcg any more, but centrally.

        You can use SU01 to assign a role to a user per logical system. Make sure that you perform the text comparison in the role tab strip in SU01 first to read all new role names into the central system.

        You can use SU10 to do mass changes to multiple users including role assignments per logical systems.

        Hope this helps.

        Kind regards,
        Gerlinde Zibulski


Leave a Reply