Skip to Content

Introduction

The Outlined in this blog is to provide the guidance for the secure SAP implementation of handling restricted/ sensitive data,where SAP PO as middle ware tool.

The user can follow the suggestions provided by the blog for secure programming. Because no document is exhaustive and security topics are constantly evolving, user should supplement this documentation with additional information so that they can stay abreast of the latest issues related to secure programming.

security.JPG

  • If SAP system sends data in the mode of IDOC/RFC via SNC set up, the data is secured
  • If SAP sends data in the mode of BAPI/Proxies via SSL set up, the data is secured
  • SAP PO converts to a standard XML format and does the transformation in a secured manner
  • The SAP PO sends the data as File/JMS/JDBC/SOAP via HTTPS protocol,where data is secured
  • During this entire process, if any error occurs that will be sent as a notification to the error monitoring tool even in the case of Adapter level(Adapter is the first point of contact to the source/target system )

Reference Documents

SAP Help, http://help.sap.com/saphelp_nw04s/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm

SAP Note 1370334, 1162398

SAP has secure programming documentation for both ABAP and Java  (http://tinyurl.com/secure-prog)

The goal of the blog is to help users to make aware of the SAP PO Interface Security Guidelines, recommendations are based on my personal experience in SAP Implementation as an SAP employee and technical architect.The user can follow the suggestions provided by the blog and it should supplement with additional information,the suggestion provided by the blog might vary as per the project requirement.

SAP Help, at http://help.sap.com, provides official documentation from SAP. It is structured help that is indexed and includes diagrams to illustrate key points. This site is open to the public; no login information is required.


To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Suseelan Hari

    Hi Agasthuri,

    Good Day!

    Thank you so much for explaining about PO and it’s valuable. You have also shared the OSS notes for reference. I am still waiting for the access for Market Place. As soon as I receive from my project. I will go through all your OSS notes too. I also request you to write some blogs non technical. Like motivating freshers and new comers. If you people start doing that it will be very useful to others. I enjoyed reading this blog. All the best for your future rocking blogs in SCN.

    Regards,

    Hari Suseelan

    (0) 
  2. Luke Krishnan

    Valuable piece of information to complement my existing knowledge.

    Personal experience in secure programming is useful for new comers.

    Thanks.  🙂

    (0) 
  3. RAVIJEET DAS

    Hi Agasthuri,

    I would need your opinion to handle a secure scenario. I am looking at pulling data from ADP and push to HANA Database real time for delta changes.

    How can we secure the data completely through SAP PO and what is the secure way to push data into HANA tables ?

    I don’t want any data to be logged or view the data anywhere in the transmission.

    Thanks in advance

    Ravijeet

    (0) 

Leave a Reply