Please Note: Saturday 28th March 2015 we will have a scheduled downtime of SCN Wiki due to maintenance activities.
This downtime affects all functionalities on and is expected to last the entire day.
Skip to end of metadata
Go to start of metadata

Welcome to the SAP Security and Identity Management pages in the SCN Wiki. This is the SCN WIKI starting point for topics around SAP product security, SAP NetWeaver and platform security, SAP Identity Management as well as security services and partner information.

SAP Security and Identity Management

Moderator of this WIKI section is Kristian Lehment.

Link to the SAP Identity Management WIKI

Frequently Asked Questions (FAQ)

SAP Identity Management FAQ


Web Services (AS ABAP)



Best Practices

Quick Links- related to SAP SECURITY -

Recently Updated

Page: ABAP Web Service Configuration for SAML Sender Vouches Page: Authorizations Page: Best Practice - How to analyze and secure RFC connections Page: Best practice - How to perform a client copy when CUA is active Page: Best Practices - Display Audit Roles Page: Best Practices - How to convert certificates from a .p7b file to Base64 (.cer) format Page: Best Practices - How to find TCodes changed after upgrade regarding SU24-data Page: Collection of SAP Security Tables Page: Configure Trust for SAML SenderVouches authentication ( ABAP) Page: Documentation of SAP Identity Management APIs Page: Gateway Access Control Lists Page: Gateway security settings - extra information regarding SAP note 1444282 Page: Global Security Alliance (GSA) - Now IA4SP Page: GRC Webservices Page: How to analyze user lock issue Page: How to remove old keys of developers DEVACCESS table Page: IdM: NWA Adding JDBC Data Source for IdM – manual Page: Issue with Custom Risks option in RAR Page: List of ABAP-transaction codes related to SAP security Page: Mass population of a Business Role Page: OAuth 2.0 - Constrained Authorization and Single Sign-On for OData Services Page: OAuth 2.0 - Integrating access protected web services using the OAuth 2.0 Client Page: Recommended Interoperable WS Security Scenarios on AS ABAP Page: Rewriting WSDL for Metro 2.0 (Web Service Runtime) Page: SAP Identity Management - Overview Page: SAPPress Single Sign On with SAP Page: Security FAQ Page: Security Functionality Wishlist-Topics Page: Setting IdM remote dispatcher – manual for Oracle DB Page: Single Sign on for Web Services Page: Single Sign on for Web Services from .Net Page: Single Sign on using SAML with Apache Axis2 (Web Service Runtime) Page: Single Sign on using SAML with IBM DataPower (XML Appliance) Page: Single Sign on using SAML with Sun Metro 2.0 (Web Service Runtime) Page: Single Sign-On with SAML 2.0 Page: Single Sign-On with SPNego (NWAS Java) Page: Testing Mobile Leave Request Application Page: Troubleshooting Guide - NW SSO Page: Upgrade Steps for Security - quick reference Page: User Mappings in the Authentication Framework of SAP NetWeaver Application Server (AS) Java
  1. All questions related to security in SAP products should be posted in the SDN security FORUM which can be found here:

    Questions posted in the WIKI area will not be answered.

  2. Guest

    Security with transaction SQ03

    should be about only letting users see and execute what user groups are assigned to them. Analyst can change infosets in client with change and maintain for S_QUERY but they should not be able to see and execute queries when they are not assigned to the user group. Out of site out of mind.

  3. Hi James,

    I recommend first opening a discussion thread in the security forum, and then creating a wiki based on the results - and not a comment to the main page.