Professional Documents
Culture Documents
Users also require a user ID for the SAP NetWeaver Gateway layer. They must have
the same username as the users in the backend system. The user requires certain
authorizations that allow the services of the application to be triggered in th
e backend. If you copy the users from the backend users, note the following reco
mmendations:
8 2013 SAP AG or an SAP affiliate company. All rights reserved.
SAP Fiori Security
Users
?
If you use SSO2 logon tickets to authenticate the requests from the mobile devic
e on SAP NetWeaver Gateway, you should copy the user without any password. This
protects against attacks based on incorrect or insecure password handling.?
The same recommendations apply if you prefer to create users from scratch. If us
ers already exist in SAP NetWeaver Gateway, these steps are not relevant. Authen
tication can be carried out with the same credentials as for the existing applic
ation.To authenticate users, you can set up integration with your existing SSO s
olution based on SAP Logon Tickets or SAML. The user name in the system that iss
ues the logon tickets has to be the same as the user name for the Gateway system
and backend system.
Related LinksSAP NetWeaver Application Server ABAP Security GuideUser Authentica
tion and Single Sign-On [page 10]SAP Fiori applications support the following au
thentication and single sign-on mechanisms.4.1.1 User Creation and Authorization
Assignment
Follow this procedure to create users and assign authorizations to them:1.
Create users on the SAP NetWeaver Gateway system and on the application backend
system.2.
Decide on your preferred mechanism for user authentication and SSO.3.
Create dedicated authorizations for application users in the Gateway system.4.1.
2 User Management Tools
For information about the tools used for user management and user administration
with these applications, refer to the documentation, User and Role Administrati
on of AS ABAP.Note
For user notification about initial logon and activation, a user management tool
is often used to send out an e-mail containing the necessary logon information.
Related LinksUser and Role Administration of AS ABAP4.1.3 User Types
You may have to employ different security policies for different types of users.
For SAP Fiori, the following minimum user types are required:?
Individual user
Individual users provide access to an application and to administrative tasks.
SAP Fiori Security
Users 2013 SAP AG or an SAP affiliate company. All rights reserved. 9
?
Technical user
Technical users enable data communication between systems.
Related LinksUser Types4.1.4 User Data Synchronization
Users must have the same user name in SAP NetWeaver Gateway as they do in the ba
ckend system. You can use the Central User Administration