Presented By:

Shivani Saxena (13609101)

Shubham Goel (13609046)
SAP technical infrastructure security
The best way to decompose SAP infrastructure security is to
subdivide it the same way we divide the SAP technology
stack by layers:
o Building and site security
o Network infrastructure
o Hardware infrastructure
o Operating system layer
o Database layer
o SAP Basis (application) layer
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 2
Creating a process model or workflow helps SAP security
professionals create a secure system. This is done in
conjunction with SAP functional specialists in specific business
processes and scenarios.
SAP roles
A role is used to assign access to the system. Roles are easier
to manage than individual user IDs.
SAP profile generator
It is executed by running transaction/ PFCG. Its purpose is to
assist an SAP end-user security organization with
implementing an SAP application-layer security model.
A good rule of thumb is the Rule of 15: If a role reflects more
than 15 discrete business transactions, its probably too broad.
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 3
The data stored in SAP needs to be secured not only from
outside intrusion, but also from within the end-user community
Authorization Profiles
Authorization profiles are assigned to specific SAP user IDs.
Your user ID refers exclusively to profiles when designating
access privileges in SAP. In turn, these profiles grant (or by their
exclusion, deny) a certain level of system access on behalf of an
end user.
Authorization Abbreviated Authorization Description
Profile Name
SAP_ALL All SAP system authorizations
S_ABAP_ALL All authorizations for ABAP/4
S_ADMI_ALL All administration authorizations
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 4
Users may be assigned one or many authorizations depending
on their roles in an organization. User authorizations are stored
in the master record of each user.
A user master record generally contains the following fields:
Username, Assigned client, User password, Company address,
User type, Start menu, Logon language, Personal printer
configuration, Time zone, Activity group, Authorizations,
Expiration date, Default parameter.
These fields are maintained by SAP security professionals. They
need to be updated.
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 5
Like ABAP-based application servers, user access to
applications and resources hosted on Java-based application
servers need to be controlled. The Java application server
supports two types of authorizations: roles and access control
lists (ACLs). Whereas roles define and assign activities to users,
ACLs control the use of objects on the Java-based application
server.
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 6

WinGUI WebGUI
JavaGUI Citrix Access Methods

Which SAP User Interface Is Best?

The SAP business functionality you need to execute (SAPGUI for
complex transactions)
Your desktop, laptop, or other front-end client hardware
platform (slow CPU, little RAM, or low disk space prefer Citrix-
based access method)
Your front-end client operating system platform.
The network infrastructure connecting your desktop or laptop to
SAP(Slow links can be navigated best via Citrix or the fat client.)
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 7
JavaGUI SAPGUI for Java
Users UNIX, Linux, Mac OS
Supports Windows, including Windows Vista
Features Can run as a standalone application or as an applet in a
web browser
Installation requires a Java Runtime Environment(JRE)
Benefits Total desktop footprint (disk space required on the
desktop) is relatively small
As fast as the SAPGUI for Windows offering most of
the functionality
Operates in an identical manner on all supported
platforms
Supports all SAP ERP transactions
Boasts an ultra-thin, very efficient network protocol
Limitations Office integration limitation
Limited drag-and-drop capabilities
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 8
WebGUI SAPGUI for HTML
Users NetWeaver supports both Microsoft Internet Explorer
(IE) and the Firefox browser
Features Requires a web browser for its installation and
operation
Benefits Leaner than previous versions (requiring less network
bandwidth than before)
Supports virtually all of the native SAPGUIs
transactions.
Hardware footprint is minimal
Limitations Limitation in Microsoft Office integration support
Cannot display interactive business graphics
Limited drag-and-drop capabilities
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 9
WinGUI SAPGUI for Windows
Users Microsoft Windows
Features Most mature user interface offered by SAP, with
various flavors available
Benefits Supports all SAP ERP transactions, with fast
operations
Efficient Network resource consumption
Boasts an ultra-thin, very efficient network protocol ;
run fast on otherwise slow networks
Offered a more appealing user interfaces such as
Streamline and Tradeshow
Limitations Resource intensive SAPGUI from a desktop footprint
perspective
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 10
Tweak SAPGUI : A standalone application that lets you
change the visual appearance of the WinGUI. The Theme
Selection item under Visual Design gives you the option to
choose from several themes and lets you set the default
theme for the WinGUI.

Customizing of Local Layout button : It gives you access to
several menu options


09-09-2014 SamsTeachYouself SAP Hour 11 and 12 11
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 12
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 13
Define when dialog boxes pop up (with success, warning, and/or
error messages) and whether such an action incurs a beep
Change the cursor width and enable a block cursor (for Overwrite
mode)
Specify your default working directory for local data
Set trace options
Set scripting options
The Quick Info option controls how quickly the help
information (simple description) launches whenever you place
the pointer or cursor over an item in the button bar.

The Messages options enable you to configure how the SAP
system presents you with information. bottom-left area of your
screen or pop-up box

The System option refers to the location from where SAP
retrieves its help files, along with a default timeout.

The Cursor tab enables you to make custom setting changes to
the position and appearance of your cursor.
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 14
The Local Data tab lets you configure history and local
cache settings, enable front-end security, and specify the
default directory for any local data you choose to save in the
course of conducting work with the SAPGUI.

The Trace tab can be set to keep a record of errors and
warning messages a user receives. Traces also monitor where
a user has been by keeping a file of each transaction code for
each screen visited by the user.

09-09-2014 SamsTeachYouself SAP Hour 11 and 12 15
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 16
Spool Request Attributes screen allows you to customise your
print settings

Send to SAP Spooler Only for Now places the request in the SAP
spooler without sending it to the printer. You can choose to print
it later by choosing System, Own Spool Requests.
The Print Out Immediately option sends the spool request to the
output device immediately.
The Print Later option allows you to schedule the time when the
job will be sent to the printer.
In Hour 11,we briefly reviewed SAP security. Technical
professionals consider security akin to locking down physical
assets such as servers and data centers. To application
professionals and end users, SAP security is all about users IDs,
user roles, and authorizations. After a brief review of the SAP
Profile Generator, we worked through what SAP means by user
roles and authorizations.

In Hour 11, we explored the different SAP user interfaces; how
to customize the WinGUI to best suit your needs, likes, or
personality; and how to make other GUI changes. We also
reviewed printing from SAP.
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 17