Introduction

The Outlined in this blog is to provide the guidance for the secure SAP implementation of handling restricted/ sensitive data,where SAP PO as middle ware tool.

The user can follow the suggestions provided by the blog for secure programming. Because no document is exhaustive and security topics are constantly evolving, user should supplement this documentation with additional information so that they can stay abreast of the latest issues related to secure programming.

• If SAP system sends data in the mode of IDOC/RFC via SNC set up, the data is secured
• If SAP sends data in the mode of BAPI/Proxies via SSL set up, the data is secured
• SAP PO converts to a standard XML format and does the transformation in a secured manner
• The SAP PO sends the data as File/JMS/JDBC/SOAP via HTTPS protocol,where data is secured
• During this entire process, if any error occurs that will be sent as a notification to the error monitoring tool even in the case of Adapter level(Adapter is the first point of contact to the source/target system )

Reference Documents

SAP Help, http://help.sap.com/saphelp_nw04s/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm

SAP Note 1370334, 1162398

SAP has secure programming documentation for both ABAP and Java  (http://tinyurl.com/secure-prog)

The goal of the blog is to help users to make aware of the SAP PO Interface Security Guidelines, recommendations are based on my personal experience in SAP Implementation as an SAP employee and technical architect.The user can follow the suggestions provided by the blog and it should supplement with additional information,the suggestion provided by the blog might vary as per the project requirement.

SAP Help, at http://help.sap.com, provides official documentation from SAP. It is structured help that is indexed and includes diagrams to illustrate key points. This site is open to the public; no login information is required.