SAP Supply Chain Management 70 Security GuideE
SAP Supply Chain Management 70 Security GuideE
SAP Supply Chain Management 70 Security GuideE
)µr÷@uÖ Ð−|³(â*G–7ëW¹ó>Òt¡˛q7`·ð=‹u,TÅqMÉX‚ƒ¸yìÞåGìÐpcX›ñt—B™ä=®
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company.
2 All rights reserved. SAP SCM 7.0 Component Security Guide
Typographic Conventions
Table 1
Example Description
<Example> Angle brackets indicate that you replace these words or characters with appropriate entries to
make entries in the system, for example, “Enter your <User Name>”.
Example Example Arrows separating the parts of a navigation path, for example, menu options
Example Words or characters that you enter in the system exactly as they appear in the documentation
/example Quicklinks added to the internet address of a homepage to enable quick access to specific
content on the Web
Example ● Words or characters quoted from the screen. These include field labels, screen titles,
pushbutton labels, menu names, and menu options.
Example ● Output on the screen following a user action, for example, messages
● File and directory names and their paths, names of variables and parameters, and names
of installation, upgrade, and database tools
EXAMPLE Technical names of system objects. These include report names, program names, transaction
codes, database table names, and key concepts of a programming language when they are
surrounded by body text, for example, SELECT and INCLUDE
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Typographic Conventions All rights reserved. 3
Document History
Caution
Before you start the implementation, make sure you have the latest version of this document. You can find the
latest version at the following location: service.sap.com/securityguide.
The following table provides an overview of the most important document changes.
Table 2
Version Date Description
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
4 All rights reserved. Document History
Content
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5 Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.1 Standard Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.2 Roles for SAP APO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.3 Authorizations for SCM Basis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.4 Maintaining Authorizations for SAP APO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.5 Authorizations for Service Parts Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.6 Maintaining Authorizations for SAP Forecasting and Replenishment . . . . . . . . . . . . . . . . . . . . . . . . 23
5.7 Maintaining Authorizations for Integration with SAP Components . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.8 Maintaining Authorizations for Enterprise Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
8 Data Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.1 Deletion of Personal Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
A Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
A.1 Related Security Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
A.2 Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
B Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
B.1 The Main SAP Documentation Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Content All rights reserved. 5
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company.
6 All rights reserved. SAP SCM 7.0 Component Security Guide
1 Introduction
Caution
This guide does not replace the daily operations handbook that we recommend customers create for their specific
productive operations.
This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals,
or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the Security
Guides provide information that is relevant for all life cycle phases.
Recommendation
We strongly recommend that you also consult the SAP NetWeaver Security Guide.
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Introduction All rights reserved. 7
○ User types that are required by the SAP SCM component.
○ Standard users that are delivered with the SAP SCM component.
○ Overview of the user synchronization strategy, if several components or products are involved.
○ Overview of how integration into Single Sign-On environments is possible.
● Authorizations
This section provides an overview of the authorization concept that applies to the SAP SCM component.
● Network and Communication Security
This section provides an overview of the communication paths used by the SAP SCM component and the
security mechanisms that apply. It also includes our recommendations for the network topology to restrict
access at the network level.
● Data Storage Security
This section provides an overview of any critical data that is used by the SAP SCM component and the security
mechanisms that apply.
● Security for Third-Party or Additional Applications
This section provides security information that applies to third-party or additional applications that are used
with the SAP SCM component.
● Other Security-Relevant Information
This section contains information about:
○ User Frontend
○ Enterprise Services
○ Virus Check of Document Attachments
● Trace and Log Files
This section provides an overview of the trace and log files that contain security-relevant information, for
example, so you can reproduce activities if a security breach does occur.
● Appendix
This section provides references to further information.
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
8 All rights reserved. Introduction
2 Before You Start
SAP SCM Documentation help.sap.com SAP Business Suite SAP Supply Chain
Management SAP SCM 7.0 Application Help EN SAP
Supply Chain Management (SAP SCM)
SAP Supply Network Collaboration Security Guide service.sap.com/securityguide SAP Supply Network
Collaboration
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Before You Start All rights reserved. 9
Table 5
Topic See
Application Server (AS) ● SAP NetWeaver Application Server ABAP Security Guide
Operating System and Database Platforms Security Guides for the Operating System and Database
Platforms
Note
For a complete list of the available SAP Security Guides, see SAP Service Marketplace at service.sap.com/
securityguide.
25591 Changing the DBM, SYSDBA and DBA This note provides information on
user passwords changing the passwords.
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
10 All rights reserved. Before You Start
SAP Note Number Title Comment
400434 Authorizations in APO Demand Planning A brief explanation of the concept behind
authorizations in SAP APO for Demand
Planning
683528 @stake, iDefense, Heise: SAP DB/ This note provides information about the
MaxDB security breaches secure operation of SAP DB/MaxDB and
liveCache.
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Before You Start All rights reserved. 11
Note
For more SAP Notes about security, see SAP Service Marketplace at the following locations:
● service.sap.com/security SAP Security Notes
● service.sap.com/securitynotes
Additional Information
For more information about specific topics, see the addresses on SAP Service Marketplace as shown in the table
below.
Table 7: Quick Links to Additional Information
Content Quick Link on the SAP Service Marketplace or SDN
Security sdn.sap.com/irj/sdn/security
service.sap.com/security
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
12 All rights reserved. Before You Start
3 Technical System Landscape
The following table lists where you can find more information about the technical system landscape.
Table 8: More Information About the Technical System Landscape
Topic Guide/Tool Quick Link to the SAP Service Marketplace
Technical System Landscape SAP SCM Master Guide service.sap.com/instguides SAP Business Suite
Applications SAP SCM SAP SCM Server Using
SAP SCM 7.0 Server Master Guide SCM 7.0
Technical System Landscape & SAP SCM Installation Guide(s) service.sap.com/instguides SAP Business Suite
Installation Applications SAP SCM SAP SCM Server Using
SAP SCM 7.0 Server Installation Guides
Installation Guide for SCM 7.0
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Technical System Landscape All rights reserved. 13
4 User Administration and Authentication
The SAP SCM component uses the user management and authentication mechanisms provided with the SAP
NetWeaver platform, in particular the SAP NetWeaver Application Server ABAP. Therefore, the security
recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver
Application Server ABAP Security Guide also apply to the SAP SCM component.
In addition to these guidelines, we include information about user administration and authentication that specifically
applies to the SAP SCM component in the following topics:
● User Management [page 14]
This topic lists the tools to use for user management, the types of users required, and the standard users that
are delivered with the SAP SCM component.
● User Data Synchronization [page 18]
The SAP SCM component shares user data with SAP NetWeaver. This topic describes how the user data is
synchronized with these other sources.
● Integration Into Single Sign-On Environments [page 18]
This topic describes how the SAP SCM component supports Single Sign-On mechanisms.
User management for the SAP SCM component uses the mechanisms provided by the SAP NetWeaver Application
Server ABAP), for example, tools, user types, and password policies. For an overview of how these mechanisms
apply for the SAP SCM component, see the sections below. In addition, we provide a list of the standard users required
for operating the SAP SCM component.
User Management for the ABAP Engine Use the user management transaction
(transaction SU01) SU01 to maintain users in ABAP-based
systems.
Profile Generator (transaction PFCG) Use the Profile Generator to create roles
and assign authorizations to users in
ABAP-based systems.
Central User Administration (CUA) Use the CUA to centrally maintain users
for multiple ABAP-based systems.
Synchronization with a directory server is
also supported.
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
14 All rights reserved. User Administration and Authentication
Tool Detailed Description Prerequisites
SAP J2EE Engine user management Use the Visual Administrator to maintain
using the Visual Administrator users and roles on the SAP J2EE Engine.
The SAP J2EE Engine also supports a
pluggable user store concept. The UME is
the default user store.
Note
For a detailed description of the user management tools available in SAP NetWeaver, see the SAP NetWeaver
Security Guide on SAP Service Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security
Guides (Complete) User Administration and Authentication User Management in the section User
Management Tools.
User Types
It can be necessary to specify different security policies for different types of users. For example, your policy may
specify that individual users who perform tasks interactively have to change their passwords on a regular basis, but
not those users under which background processing jobs run.
The user types that are required for the SAP SCM component include:
● Individual users:
○ Dialog users are used for individual, interactive system access.
● Technical users comprise the following types:
○ Service users are dialog users that are available to a larger, anonymous group of users.
○ Communication users are used for dialog-free communication for external RFC calls.
Note
For more information about these user types, see the SAP NetWeaver Security Guide on SAP Service
Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides (Complete)
User Administration and Authentication User Management in the section User Management Tools.
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
User Administration and Authentication All rights reserved. 15
Standard Users
The following table shows the standard users that are necessary to operate SAP SCM 7.0:
Table 10: Standard Users
System User ID Delivered? Type Default Password Detailed Description
SAP SCM 7.0 <sapsid>adm Yes SAP System To be entered SAP SCM Installation
Server Administrator Guide Installation Document
– SCM Server 7.0 <Operating
System / DB> Installation
Documentation
SAP SCM 7.0 SAPService Yes SAP System To be entered SAP SCM Installation
Server <sapsid> Service Guide Installation Document
Administrator – SCM Server 7.0 <Operating
System / DB> Input for the
Installation
SAP Web AS SAP Standard Yes See SAP See SAP NetWeaver SAP NetWeaver Security
ABAP Users NetWeaver Security Guide Guide Security Guides for SAP
(SAP*, DDIC, Security Guide NetWeaver According to Usage
EARLYWATCH, Types Security Guide for
SAPCPIC) Usage Type AS SAP
NetWeaver Application Server
ABAP Security Guide User
Authentication Protecting
Standard Users
SAP Web AS SAP Standard Yes See SAP See SAP NetWeaver SAP NetWeaver Security
J2EE Users NetWeaver 7.0 7.0 Security Guide Guide Security Guides for SAP
(Administrator, Security Guide NetWeaver According to Usage
Guest, Types Security Guide for
Emergency) Usage Type AS SAP
NetWeaver Application Server
Java Security Guide User
Administration and
Authentication User
Administration and Standard
Users Standard Users and
Standard User Groups
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
16 All rights reserved. User Administration and Authentication
System User ID Delivered? Type Default Password Detailed Description
SAP SCM 7.0 Business No Dialog user To be entered SAP SCM 7.0 documentation
processing users and Authorizations [page 20]
(you need a user
in each
component, for
each employee
working with the
system)
SAP liveCache <lcid>adm Yes Operating system To be changed SAP SCM Installation Guide:
user Installation Document – SCM
Server 7.0 <relevant Operating
System / DB> Post
Installation Activities
Changing Passwords of Created
Users and SAP Notes 25591
and 616555.
SAP liveCache SAP<sapsid> Yes MaxDB database To be changed SAP SCM Installation Guide:
SAP liveCache CONTROL Yes MaxDB database To be changed SAP SCM Installation Guide:
SAP liveCache SUPERDBA Yes MaxDB database To be changed SAP SCM Installation Guide:
user Installation Document – SCM
Server 7.0 <relevant Operating
System / DB> Post
Installation Activities
Changing Passwords of Created
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
User Administration and Authentication All rights reserved. 17
System User ID Delivered? Type Default Password Detailed Description
Recommendation
We recommend that you change the user IDs and passwords that are automatically created during installation.
To avoid administrative effort, you can use user data synchronization in your system landscape. Since the SAP
SCM component is based on SAP NetWeaver, all the mechanisms for user data synchronization of SAP
NetWeaver are available for SAP SCM.
Note
For information about user data synchronization, see the SAP NetWeaver 7.0 Security Guide on SAP Service
Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides (Complete) User
Administration and Authentication Integration of User Management in Your System Landscape .
The SAP SCM component supports the Single Sign-On (SSO) mechanisms provided by SAP NetWeaver. Therefore,
the security recommendations and guidelines for user administration and authentication as described in the SAP
NetWeaver Security Guide also apply to the SAP SCM component.
Note
For more information about integration into Single Sign-On environments based on SAP NetWeaver, see the SAP
NetWeaver 7.0 Security Guide on SAP Service Marketplace at service.sap.com/securityguide SAP
NetWeaver 7.0 Security Guides (Complete) User Administration and Authentication User Authentication and
Single Sign-On in the section Integration into Single Sign-On Environments.
For more information about authentication on the SAP Web application server ABAP, see the SAP NetWeaver
7.0 Security Guide on SAP Services Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0
Security Guides (Complete) Security Guides for SAP NetWeaver According to Usage Types Security Guide for
Usage Type AS SAP NetWeaver Application Server ABAP Security Guide User Authentication .
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
18 All rights reserved. User Administration and Authentication
Security Guides Network and Communication Security Transport Layer Security Secure Network
Communications (SNC) .
● SAP logon tickets
The SAP SCM component supports the use of logon tickets for SSO when using a Web browser as the frontend
client. In this case, users can be issued a logon ticket after they have authenticated themselves with the initial
SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication
token. The user does not need to enter a user ID or password for authentication but can access the system
directly after the system has checked the logon ticket.
For more information, see the SAP NetWeaver 7.0 Security Guide on SAP Service Marketplace at
service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides (Complete) SAP NetWeaver 7.0
Security Guides User Administration and Authentication User Authentication and Single Sign-On .
● Client certificates
As an alternative to user authentication using a user ID and passwords, users using a Web browser as a frontend
client can also provide X.509 client certificates to use for authentication. In this case, user authentication is
performed on the Web server using the Secure Sockets Layer Protocol (SSL Protocol) and no passwords have
to be transferred. User authorizations are valid in accordance with the authorization concept in the SAP system.
For more information, see the SAP NetWeaver 7.0 Security Guide on SAP Service Marketplace at
service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides (Complete) SAP NetWeaver 7.0
Security Guides User Administration and Authentication User Authentication and Single Sign-On .
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
User Administration and Authentication All rights reserved. 19
5 Authorizations
The SAP SCM component uses the authorization concept provided by SAP NetWeaver. Therefore, the
recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP
also apply to the SAP SCM component.
The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role
maintenance, you can use the Profile Generator (transaction PFCG) when using ABAP.
Note
For information about role maintenance and the Profile Generator, see SAP Help Portal at help.sap.com SAP
NetWeaver SAP NetWeaver 7.0 (2004s) English SAP Library SAP NetWeaver Library SAP NetWeaver by
Key Capability Security Identity Management Users and Roles (BC-SEC-USR) SAP Authorization
Concept Organizing Authorization Administration Organization if You Are Using the Profile Generator Role
Maintenance .
Note
For information about the authorization concept of SAP NetWeaver, see SAP Help Portal at help.sap.com
SAP NetWeaver SAP NetWeaver 7.0 (2004s) English SAP Library SAP NetWeaver Library SAP
NetWeaver by Key Capability Security Identity Management Users and Roles (BC-SEC-USR) SAP
Authorization Concept .
With the SAP SCM component, SAP delivers SAP standard roles to cover the common business cases. These roles
can be used as examples, or as a copy master for your own roles.
Using input help, you can find the SAP standard roles in the Profile Generator (transaction code PFCG). You can use
search terms to restrict the selection to the required standard roles. For example, the search term *APO* lists all
APO-relevant SAP standard roles. The role short text helps you find the role for your business needs. The role
documentation provides you with a detailed description of the role content.
Some of the components in SAP SCM have additional authorization methods. The relevant components and
Customizing activities are shown in the following sections.
We strongly recommend that you conservatively assign the authorization profiles SAP_ALL and SAP_NEW to users
in your production system! If you are not careful, these profiles can weaken the overall security concept in your
production system.
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
20 All rights reserved. Authorizations
5.2 Roles for SAP APO
For information about roles in SAP APO, see SAP Help Portal at help.sap.com SAP Business Suite SAP Supply
Chain Management (SAP SCM) SAP SCM 2007 Application Help EN SAP Supply Chain Management (SAP
SCM) SAP Advanced Planning and Optimization (SAP APO) Roles for SAP APO .
Defined fields
The fields ACTVT and USER are available to maintain the authorization object /SCMB/PESL.
● You can choose the following activities for the ACTVT fields:
○ 06 (Delete): Delete a Selection
○ 34 (Save): Save a Selection (Create and Change)
● In the USER field, you can enter the user for whose selection you want to execute the activities in the ACTVT
field.
Procedure
This procedure allows you to maintain authorizations for SAP Advanced Planning & Optimization (SAP APO).
S_PPEALL (Total Display) This profile includes all the settings you need to work with
the iPPE Workbench.
S_ASTACT (Process Structure) Part of the S_PPEALL profile; calls up a process structure
as a selection tree in the detail area of the iPPE Workbench.
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Authorizations All rights reserved. 21
User Profile Explanation
S_ASTCMP (Product Structure) Part of the S_PPEALL profile; calls up a product structure
as a selection tree in the detail area of the iPPE Workbench.
S_ASTFLO (Factory Layout) Part of the S_PPEALL profile; calls up a line structure as a
selection tree in the detail area of the iPPE Workbench.
3. Change, copy, and rename the profiles, or create new profiles with the following options:
○ Model Definitions:
You define how the model definitions between the objects are displayed in the navigation area.
○ Product Lifecycle Management (PLM) Environment:
Here you define how objects from the PLM environment are displayed in the navigation area of the iPPE
Workbench.
○ Reports:
You define the reports to be available for this profile in the iPPE Workbench Professional. You can only
choose reports that you have already defined in the activity Define Reports for the Reporting Tree.
4. Save your entries.
Note
Passwords / RFC Interface SAP APO does not use passwords; access is granted using RFC interfaces.
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
22 All rights reserved. Authorizations
5.5 Authorizations for Service Parts Planning
Procedure
For information about maintaining authorizations for SAP Forecasting and Replenishment, see the SAP Forecasting
and Replenishment Security Guide on SAP Service Marketplace at service.sap.com/securityguide Industry
Scenario Security Guides .
Procedure
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Authorizations All rights reserved. 23
Note
For more information about the authorization roles for SAP APO – SAP ERP integration, see SAP Note 727839.
Note
For more information about trusted system RFC connections, see the SAP NetWeaver Security Guide on SAP
Service Marketplace at service.sap.com SAP NetWeaver SAP NetWeaver 7.0 (2004s) English SAP
Library SAP NetWeaver Library SAP NetWeaver by Key Capability Security SAP NetWeaver
Security Security Guides for Connectivity and Interoperability Technologies RFC/ICF Security Guide
RFC Scenarios RFC Communication Between SAP Systems Network Security and Communication
Using RFC Trusted System Networks .
2. In Customizing for Integration with SAP Components, to assign the RFC connection to the ATP application,
choose Integration via Core Interface (CIF) Basic Settings for Creating the System Landscape Assign RFC
Destinations to Various Application Cases .
3. For each SAP ERP user, create a corresponding ATP user in SAP SCM.
4. Assign one or more of the following authorization roles to the user(s) in SAP SCM:
○ SAP_APO_ATP_CO (APO: ATP Controller)
○ SAP_APO_ATP_CU (APO: ATP Customizing User)
○ SAP_APO_ATP_EU (APO: ATP Expert User)
○ SAP_APO_ATP_SU (APO: ATP Standard User)
○ SAP_APO_ATP_RSP_ALL (APO: ALL ATP Authorizations)
5. Assign the authorization S_RFCACL_ALL to the users in SAP SCM.
This authorization is necessary to perform RFC calls.
Note
For more information about the role maintenance and the SAP Profile Generator, see the SAP NetWeaver
7.0 Security Guide on SAP Help Portal at help.sap.com SAP NetWeaver SAP NetWeaver 7.0
(2004s) SAP NetWeaver 7.0 Library SAP NetWeaver Library SAP NetWeaver by Key Capability
Security Identity Management Users and Roles (BC-SEC-USR) SAP Authorization Concept Organizing
Authorization Administration Organization if You Are Using the Profile Generator Role Maintenance .
Note
You can exclude DataSources from the extraction to SAP NetWeaver BI. Data that is stored in the extract structure
of this DataSource cannot be transferred to SAP NetWeaver BI.
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
24 All rights reserved. Authorizations
1. In Customizing for Integration with SAP Components choose Data Transfer to the SAP Business Information
Warehouse General Settings Limit Authorizations for Extraction .
2. Choose New Entries.
3. Choose a DataSource that you want to exclude from the extraction.
4. Choose the SAP NetWeaver BI system for which you want no more data for this DataSource to be extracted.
5. In the field Excl. Extr., enter whether you want to exclude the DataSource from the extraction.
6. Save your entries.
7. Specify a transport request.
Accessing SAP functions via Web services follows the standard SAP authorization concept, which is based on
authorizations for specific authorization objects. During the execution of a Web service, the system checks for the
required authorization for an authorization object. If a user does not have this authorization, the execution is
terminated, and an error message is displayed.
Enterprise services use standard authorization objects, such as authorization default values for Web services, that
are available for SAP SCM. In addition, you need the authorization S_SERVICE to start external services. To create
and use Web services, you need the authorizations that belong to the role SAP_BC_WEBSERVICE_ADMIN and
authorization for the Internet Communication Framework (S_ICF_ADMIN).
For more information about authorizations for Web services, see the SAP NetWeaver documentation on SAP Help
Portal at help.sap.com SAP NetWeaver SAP NetWeaver 7.0 (2004s) Development Developer’s Guide in
SAP Library SAP NetWeaver Developer’s Guide Fundamentals Using JavaCore Development Tasks Providing
and Consuming Web Services Web Service Toolset Web Services Security Authorization .
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Authorizations All rights reserved. 25
6 Network and Communication Security
Your network infrastructure is important in protecting your system. Your network needs to support the
communication necessary for your business and your needs without allowing unauthorized access. A well-defined
network topology can eliminate many security threats based on software flaws (at both the operating system and
application level) or network attacks such as eavesdropping. If users cannot log on to your application or database
servers at the operating system or database layer, then there is no way for intruders to compromise the machines
and gain access to the backend system’s database or files. Additionally, if users are not able to connect to the server
LAN (local area network), they cannot exploit well-known bugs and security holes in network services on the server
machines.
The network topology for the SAP SCM component is based on the topology used by the SAP NetWeaver platform.
Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply
to the SAP SCM component. Details that specifically apply to the SAP SCM component are described in the following
topics:
● Communication Channel Security [page 26]
This topic describes the communication paths and protocols used by the SAP SCM component.
● Network Security [page 27]
This topic describes the recommended network topology for the SAP SCM component. It shows the appropriate
network segments for the various client and server components and where to use firewalls for access protection.
It also includes a list of the ports needed to operate the SAP SCM component.
● Communication Destinations [page 28]
This topic describes the information needed for the various communication paths, for example, which users
are used for which communications.
For more information, see the following sections in the SAP NetWeaver Security Guide on SAP Service Marketplace
at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides (Complete) SAP NetWeaver Security
Guide :
● Network and Communication Security
● Security Guides for Connectivity and Interoperability Technologies
Since communication channels transfer your business data, they should be protected against unauthorized access.
SAP offers general recommendations to protect your system landscape, which is based on SAP NetWeaver.
Caution
You should activate the Secure Network Communication (SNC) in all communication channels in SAP SCM to
achieve a secure system landscape.
For more information, see SAP Service Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0
Security Guides (Complete) SAP NetWeaver 7.0 Security Guide Network and Communication Security
Transport Layer Security Secure Network Communications .
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
26 All rights reserved. Network and Communication Security
For a detailed description of all communication channels within the SAP SCM component, see SAP Service
Marketplace at service.sap.com/scm SAP SCM Technology Architecture Overview .
Note
For more information about the communication security of SAP NetWeaver, see the SAP NetWeaver Security
Guide on SAP Service Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides
(Complete) SAP NetWeaver 7.0 Security Guide Network and Communication Security .
For more information about security aspects for connectivity and interoperability of SAP NetWeaver 7.0, see the
SAP NetWeaver Security Guide on the SAP Service Marketplace at service.sap.com/securityguide SAP
Weaver 7.0 Security Guides (Complete) SAP NetWeaver 7.0 Security Guide SAPNet Security Guides for
Connectivity and Interoperability .
Note
For more information about the integration of SAP SCM and SAP ERP, see the SCM Basis Documentation at
help.sap.com SAP Business Suite SAP Supply Chain Management SAP SCM 7.0 Application Help
EN SCM Basis Integration via Core Interface (CIF) Technical Integration .
Your network infrastructure plays a key role in protecting your system. A well-defined network topology can eliminate
many security threats based on software flaws (at the operating system and application level) or network attacks
such as eavesdropping.
We offer general recommendations to protect your system landscape, based on SAP NetWeaver.
Note
For information about network security for SAP NetWeaver 7.0, see the SAP NetWeaver 7.0 Security Guide on
SAP Service Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides
(Complete) SAP NetWeaver 7.0 Security Guides Network and Communication Security .
A minimum security demand for your network infrastructure is the use of a firewall for all your services that are
provided over the Internet.
A more secure variant is to protect your systems (or groups of systems) by locating the system groups in different
network segments. Each system group has a firewall that protects it from unauthorized access. External security
attacks can also come from the inside, if the intruder has already taken control of one of your systems.
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Network and Communication Security All rights reserved. 27
Note
For information about the technical components of your SAP SCM component, see SAP Service Marketplace at
service.sap.com/scm SAP Supply Chain Management SAP SCM Technology .
Note
For information about access control using firewalls, see the SAP NetWeaver 7.0 Security Guide on SAP Service
Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides (Complete) SAP
NetWeaver 7.0 Security Guides Network and Communication Security Using Firewall Systems for Access
Control .
Caution
If communication destinations are not implemented and used with care, their users and authorizations can cause
high security flaws.
The following is a list of the “Golden Rules” for connection users and authorizations:
● Choose user type: <system>.
● Assign only the minimum required authorizations to the user.
● Choose a secure and secret password for the user.
● Store only connection user log-on data for users of type <system>.
● Choose trusted system functionality whenever possible, rather than storing connection user log-on data.
The table below shows an overview of the communication destinations used by the SAP SCM 7.0 component.
Table 12: Connection Destinations
Destination Delivered Type User, Authorizations Description
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
28 All rights reserved. Network and Communication Security
Destination Delivered Type User, Authorizations Description
Default BW Destination
(RFC) .
<SAP_SCM_name>CLNT No RFC – ERP Use the Profile Generator SAP SCM Customizing:
<client> (transaction code PFCG) to Integration with SAP
define an appropriate profile, Components Integration
SAP APO SAP ERP
and see SAP Notes 447543 via Core Interface (CIF)
and 727839. Basic Settings for Creating
the System Landscape
Assign RFC Destinations to
Various Application Cases .
SAP ERP SAP APO No RFC – ERP Use the Profile Generator Maintaining Authorizations
(ATP) (trusted system (transaction code PFCG) and for Integration with SAP
connection) assign one or more of the Components Maintaining
following roles: Authorizations for Available-
to-Promise (ATP) .
● SAP_APO_ATP_CO
● SAP_APO_ATP_CU
● SAP_APO_ATP_EU
● SAP_APO_ATP_SU
● SAP_APO_ATP_RSP_
ALL
Note
For more information about communication destinations of SAP NetWeaver, see the SAP NetWeaver Security
Guide on SAP Service Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides
(Complete) SAP NetWeaver 2004s Security Guide Security Guides for Connectivity and Interoperability
Technologies .
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Network and Communication Security All rights reserved. 29
7 Data Storage Security
The data storage security of SAP NetWeaver and components installed on that base is described in the SAP
NetWeaver 7.0 Security Guide.
Note
For information about the data storage security of SAP NetWeaver, see the SAP NetWeaver 7.0 Security Guide
on the SAP Service Marketplace at service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides
(Complete) SAP NetWeaver 7.0 Security Guides Security Guides for Operating System and Database
Platforms .
All business data in SAP SCM is stored in the system database. If SAP liveCache is used, some business data is also
stored there. This business data is protected by the authorization concept of SAP NetWeaver and SAP SCM.
In some special cases, business-relevant data is stored in another location, such as a file system. The special cases
are listed below:
Note
For information about the SAP F&R data exchange using file download and upload, see the Configuration Guide
for SAP Forecasting & Replenishment Processor on SAP Service Marketplace at service.sap.com/ibc Industry
Solution SAP for Retail Multilevel Replenishment / Forecasting and Replenishment .
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
30 All rights reserved. Data Storage Security
8 Data Protection
Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance
with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different
countries. This section describes the specific features and functions that SAP provides to support compliance with
the relevant legal requirements and data privacy.
This section and any other sections in this Security Guide do not give any advice on whether these features and
functions are the best method to support company, industry, regional or country-specific requirements.
Furthermore, this guide does not give any advice or recommendations with regard to additional features that would
be required in a particular environment; decisions related to data protection must be made on a case-by-case basis
and under consideration of the given system landscape and the applicable legal requirements.
Note
In the majority of cases, compliance with data privacy laws is not a product feature.
SAP software supports data privacy by providing security features and specific data-protection-relevant
functions such as functions for the simplified blocking and deletion of personal data.
SAP does not provide legal advice in any form. The definitions and other terms used in this guide are not taken
from any given legal source.
Glossary
Table 13
Term Definition
Business purpose A legal, contractual, or in other form justified reason for the processing of personal
data. The assumption is that any purpose has an end that is usually already defined
when the purpose starts.
Blocking A method of restricting access to data for which the primary business purpose has
ended.
Retention period The time period during which data must be available.
End of purpose (EoP) A method of identifying the point in time for a data set when the processing of
personal data is no longer required for the primary business purpose. After the EoP
has been reached, the data is blocked and can only be accessed by users with special
authorization.
Some basic requirements that support data protection are often referred to as technical and organizational
measures (TOM). The following topics are related to data protection and require appropriate TOMs:
● Access control: Authentication features as described in section User Administration and
Authentication [page 14]
● Authorizations: Authorization concept as described in section Authorizations [page 20]
● Availability control as described in:
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Data Protection All rights reserved. 31
○ Section Data Storage Security [page 30]
○ SAP NetWeaver Database Administration documentation
○ SAP Business Continuity documentation in the SAP NetWeaver Application Help under Function-Oriented
View Solution Life Cycle Management SAP Business Continuity .
● Separation by purpose: Is subject to the organizational model implemented and must be applied as part of the
authorization concept.
Caution
The extent to which data protection is ensured depends on secure system operation. Network security,
security note implementation, adequate logging of system changes, and appropriate usage of the system are
the basic technical requirements for compliance with data privacy legislation and other legislation.
SAP SCM may process personal data that is subject to the data protection laws applicable in specific countries, as
described in SAP Note 1825544.
The SAP Information Lifecycle Management (ILM) component supports the entire software lifecycle, including the
storage, retention, blocking, and deletion of data. The ERP system from which customer or vendor is transferred to
SAP SCM as a location uses SAP ILM to support the deletion of personal data.
SAP delivers a where-used check (WUC) for customer/vendor locations in SAP SCM during the blocking of original
customers/vendors in ERP.
All applications register in ERP either a WUC or an end of purpose check (EoP) in the Customizing settings for the
blocking and deletion of the customer and vendor master. For information about the Customizing of blocking and
deletion for SAP SCM customer/vendor locations triggered from ERP, see Configuration: Simplified Blocking and
Deletion section below. For SAP SCM customer/vendor locations, just the WUC is implemented.
Features
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
32 All rights reserved. Data Protection
Relevant Application Objects and Available Deletion Functionality
Table 14
Application Detailed Description Provided Deletion Functionality
SAP SCM customer/ For more information, see SAP Help You can run the report /SAPAPO/DELETE_LOCATIONS
vendor location Portal at help.sap.com under SAP from the SAP Easy Access menu, under SAP Menu SCM
Business Suite SAP ERP Security Basis Master Data Location Location ; select the
Information Security Guide . location, then choose Extras Delete Locations .
Process Flow
1. Before archiving data, you must define residence time and retention periods in SAP Information Lifecycle
Management (ILM) in ERP.
2. You choose whether data deletion is required for data stored in archive files or data stored in the database, also
depending on the type of deletion functionality available.
3. You do the following:
○ Run transaction IRMPOL and maintain the required residence and retention policies for the central business
partner (ILM object: CA_BUPA).
○ Run transaction BUPA_PRE_EOP to enable the EoP check function for the central business partner.
○ Run transaction IRMPOL and maintain the required residence and retention policies for the customer
master and vendor master in ERP (ILM objects: FI_ACCPAYB, FI_ACCRECV, FI_ACCKNVK).
○ Run transaction CVP_PRE_EOP to enable the EoP check function for the customer master and vendor
master in ERP.
4. Business users can request unblocking of blocked data by using the transaction BUP_REQ_UNBLK.
5. If you have the needed authorizations, you can unblock data by running the transactions BUPA_PRE_EOP and
CVP_UNBLOCK_MD.
6. You delete data by using the transaction ILM_DESTRUCTION for the ILM objects.
For information about how to configure blocking and deletion for SAP SCM customer/vendor locations transferred
from ERP, see Configuration: Simplified Blocking and Deletion section below.
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Data Protection All rights reserved. 33
9 Security for Additional Applications
PTV eServer
SAP SCM comes with the optional third-party software PTV eServer. This software requires an RFC destination for
SAP SCM. This RFC is described in the section Communication Destinations [page 28]. For more information about
security issues regarding the PTV eServer software, see the third-party PTV eServer documentation.
SAP MaxDB
The SAP MaxDB Security Guide is also relevant for SAP SCM. For more information about the security of SAP MaxDB,
see the SAP MaxDB Security Guide.
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
34 All rights reserved. Security for Additional Applications
10 Enterprise Services Security
The following chapters in the NetWeaver Security Guide are relevant for all enterprise services delivered with SAP
SCM:
service.sap.com/securityguide SAP NetWeaver 7.0 Security Guides (Complete)
● User Administration and Authentification
● Network and Communication Security
● Security Guide for Usage Type PI
● Web Services Security
● Security Guide Communication Interfaces
● Security Guides for Operating System and Database Platforms
● Security Aspects for System Management
● Enabling Application-to-Application Processes: Security Aspects
● Enabling Business-to-Business Processes: Security Aspects
For more information about special security requirements for Web services, see the SAP NetWeaver Documentation
on SAP Help Portal at help.sap.com SAP NetWeaver SAP NetWeaver 7.0 (2004s) SAP NetWeaver 7.0
Library SAP NetWeaver Library SAP NetWeaver Developer’s Guide Fundamentals Using Java Core
Development Tasks Providing and Consuming Web Services Web Service Toolset Web Services Security .
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Enterprise Services Security All rights reserved. 35
11 Other Security-Relevant Information
Note
SAP Console is part of the SAP Front End installation.
In addition, a third-party Telnet server is necessary. For security issues regarding the Telnet server software, consult
the third-party software documentation.
For more information about SAP Front End, see SAP Service Marketplace at service.sap.com/instguides SAP
NetWeaver SAP NetWeaver 7.0 (2004s) Installation Installation – Clients Installation – SAP Frontend 7.1 .
Enterprise Services
For more information about special security requirements for Web services, see the SAP NetWeaver documentation
on SAP Help Portal at help.sap.com SAP NetWeaver SAP NetWeaver 7.0 (2004s) SAP NetWeaver 7.0
Library SAP NetWeaver Library SAP NetWeaver Developer’s Guide Fundamentals Using Java Core
Development Tasks Providing and Consuming Web Services Web Service Toolset Web Services Security .
For more information about enterprise services and security, see the SAP Business Suite: Service Provisioning
Documentation at service.sap.com/swdc Download Installations and Upgrades Entry by Application
Group SAP Application Components SAP SCM ES SAP SCM ES 5.0 Installation ESA SCM SE 5.0 Add-on
Installation 00_mySAPServiceProvisioning.pdf 2.6 Security .
For more information about the security of the exchange infrastructure, see the SAP NetWeaver Security Guide at
service.sap.com/securityguide SAP Process Integration Security Guides SAP NetWeaver Process Integration
(PI) Security Guide .
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
36 All rights reserved. Other Security-Relevant Information
Virus Check of Document Attachments
Use of SAP SCM allows you to check documents using a virus scanner before they are uploaded to the SCM system.
Prerequisites
You must have a virus scanner that is correctly installed and configured.
Note
For more information, in Customizing for SAP SCM, choose SAP Web Application Server System
Administration Virus Scan Interface .
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Other Security-Relevant Information All rights reserved. 37
12 Trace and Log Files
SAP systems keep a variety of logs for system administration, monitoring, problem solving, and auditing purposes.
Audits and logs are important to monitor the security of your system and to track events, in case of problems.
For more information about auditing and logging for the SAP SCM component, see the SAP NetWeaver 7.0 Security
Guide on SAP Help Portal at help.sap.com SAP NetWeaver SAP NetWeaver 7.0 (2004s) SAP NetWeaver 7.0
Library EN SAP NetWeaver Library SAP NetWeaver by Key Capability Security SAP NetWeaver Security
Guide Security Aspects for System Management Auditing and Logging .
There are several options for auditing in SAP SCM. We recommend to use the application log in SAP SCM, which you
can access via transaction SLG1. For more information, see the SAP NetWeaver 7.0 Security Guide on SAP Help
Portal at help.sap.com SAP NetWeaver SAP NetWeaver 7.0 (2004s) SAP NetWeaver 7.0 Library EN SAP
NetWeaver Library SAP NetWeaver by Key Capability Security SAP NetWeaver Security Guide Security
Aspects for System Management Auditing and Logging Logging of Specific Activities Application Logging .
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
38 All rights reserved. Trace and Log Files
● /1OT/FDA1OPI1xxx
This data can, for example, be transferred to SAP NetWeaver Business Intelligence. Here, the process automation,
in terms of percentage of manually changed order proposals, can be tracked in the respective reports. This logging
is set to ON by default in the respective delivered BC sets.
To check the logging settings, in Customizing for SAP SCM, choose SCM Basis Order Document
Management Configure Order Document Management . In the list of the view ODM: Order Component -
Maintenance View, choose FROP and then folder ODM: Order Data Area, Assignment – Maintenance View.
The FRP modules communicate with a data environment on file system level. This data environment must be properly
secured. This means that you should grant only restricted access to this file system.
For more information, see chapter Maintain F&R Processor Administration Settings in the Configuration Guide.
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Trace and Log Files All rights reserved. 39
A Appendix
You can find more information about the security of SAP applications on the SAP Service Marketplace at
service.sap.com/security. Security guides are available at service.sap.com/securityguide.
For more information about topics related to security, see the links shown in the table below.
Table 16
Content Quick Link on the SAP Service Marketplace
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
40 All rights reserved. Appendix
B Reference
The following is an overview of the most important documentation types that you need in the various phases in the
life cycle of SAP software.
Cross-Phase Documentation
SAPterm is SAP’s terminology database. It contains SAP-specific vocabulary in over 30 languages, as well as many
glossary entries in English and German.
● Target group:
○ Relevant for all target groups
● Current version:
○ On SAP Help Portal at help.sap.com Glossary
○ In the SAP system in transaction STERM
SAP Library is a collection of documentation for SAP software covering functions and processes.
● Target group:
○ Consultants
○ System administrators
○ Project teams for implementations or upgrades
● Current version:
○ On SAP Help Portal at help.sap.com (also available as documentation DVD)
The security guide describes the settings for a medium security level and offers suggestions for raising security
levels. A collective security guide is available for SAP NetWeaver. This document contains general guidelines and
suggestions. SAP applications have a security guide of their own.
● Target group:
○ System administrators
○ Technology consultants
○ Solution consultants
● Current version:
○ On SAP Service Marketplace at service.sap.com/securityguide
Implementation
The master guide is the starting point for implementing an SAP solution. It lists the required installable units for
each business or IT scenario. It provides scenario-specific descriptions of preparation, execution, and follow-up of an
implementation. It also provides references to other documents, such as installation guides, the technical infrastructure
guide and SAP Notes.
● Target group:
○ Technology consultants
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Reference All rights reserved. 41
○ Project teams for implementations
● Current version:
○ On SAP Service Marketplace at service.sap.com/instguides
The installation guide describes the technical implementation of an installable unit, taking into account the
combinations of operating systems and databases. It does not describe any business-related configuration.
● Target group:
○ Technology consultants
○ Project teams for implementations
● Current version:
○ On SAP Service Marketplace at service.sap.com/instguides
Configuration Documentation in SAP Solution Manager – SAP Solution Manager is a life-cycle platform.
One of its main functions is the configuration of business scenarios, business processes, and implementable steps. It
contains Customizing activities, transactions, and so on, as well as documentation.
● Target group:
○ Technology consultants
○ Solution consultants
○ Project teams for implementations
● Current version:
○ In SAP Solution Manager
The Implementation Guide (IMG) is a tool for configuring (Customizing) a single SAP system. The Customizing
activities and their documentation are structured from a functional perspective. (In order to configure a whole system
landscape from a process-oriented perspective, SAP Solution Manager, which refers to the relevant Customizing
activities in the individual SAP systems, is used.)
● Target group:
○ Solution consultants
○ Project teams for implementations or upgrades
● Current version:
○ In the SAP menu of the SAP system under Tools Customizing IMG
Production Operation
The technical operations manual is the starting point for operating a system that runs on SAP NetWeaver, and
precedes the application operations guides of SAP Business Suite. The manual refers users to the tools and
documentation that are needed to carry out various tasks, such as monitoring, backup/restore, master data maintenance,
transports, and tests.
● Target group:
○ System administrators
● Current version:
○ On SAP Service Marketplace at service.sap.com/instguides
The application operations guide is used for operating an SAP application once all tasks in the technical operations
manual have been completed. It refers users to the tools and documentation that are needed to carry out the various
operations-related tasks.
● Target group:
○ System administrators
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company. SAP SCM 7.0 Component Security Guide
42 All rights reserved. Reference
○ Technology consultants
○ Solution consultants
● Current version:
○ On SAP Service Marketplace at service.sap.com/instguides
Upgrade
The upgrade master guide is the starting point for upgrading the business scenarios and processes of an SAP
solution. It provides scenario-specific descriptions of preparation, execution, and follow-up of an upgrade. It also refers
to other documents, such as upgrade guides and SAP Notes.
● Target group:
○ Technology consultants
○ Project teams for upgrades
● Current version:
○ On SAP Service Marketplace at service.sap.com/instguides
The upgrade guide describes the technical upgrade of an installable unit, taking into account the combinations of
operating systems and databases. It does not describe any business-related configuration.
● Target group:
○ Technology consultants
○ Project teams for upgrades
● Current version:
○ On SAP Service Marketplace at service.sap.com/instguides
Release notes are documents that contain short descriptions of new features in a particular release or changes to
existing features since the previous release. Release notes about ABAP developments are the technical prerequisite for
generating delta and upgrade Customizing in the Implementation Guide (IMG).
● Target group:
○ Consultants
○ Project teams for upgrades
● Current version:
○ On SAP Service Marketplace at service.sap.com/releasenotes
○ In the SAP menu of the SAP system under Help Release Notes (only ABAP developments)
PUBLIC
SAP SCM 7.0 Component Security Guide © Copyright 2014 SAP AG or an SAP affiliate company.
Reference All rights reserved. 43
PUBLIC
© Copyright 2014 SAP AG or an SAP affiliate company.
44 All rights reserved. SAP SCM 7.0 Component Security Guide
www.sap.com