System Security
For an overview about system security for SAP NetWeaver Application Server, see the following documentation on SAP Help Portal:
- System Security for SAP NetWeaver Application Server ABAP
- System Security for SAP NetWeaver Application Server Java
Logging and Monitoring – AS ABAP
Security Audit Log
- Monitoring of security relevant events in the system like logon, access control violations and more
- Target Audience: Security Administrator
Documentation on SAP Help Portal
Audit Information System (AIS)
- Used to ensure secure and compliant operations of business functions
- Target Audience: Auditor
Documentation on SAP Help Portal
Read Access Logging (RAL)
- Used to ensure compliant access to sensitive or classified data
- Allows to track who did access which data when and via which interface
- Target Audience: Data Protection Officer
- New functionality in SAP NetWeaver Application Server ABAP 7.40
For more information, see Read Access Logging (RAL).
Logging and Monitoring – AS Java
Security Audit Log
The security audit log of the SAP NetWeaver Application Server (AS) Java contains a log of important security events, such as successful and failed user logons, and creation or modification of users, groups and roles. This information is used by auditors to track changes made in the system.
Documentation on SAP Help Portal
Tracing and Logging
Security tracing and logging are important elements for securing your application server systems. Therefore, the AS Java includes monitoring and administration functions for the early detection and investigation of deviations from established security policies.
Documentation on SAP Help Portal
Virus Scan Interface
You can use the virus scan interface to include external virus scanners in the SAP system to increase the security of your system. In this way, you can use a high-performance integration solution to scan documents that are being processed by applications for viruses. This applies both to applications delivered by SAP and to your own customer developments, such as for data transfers across networks or when exchanging documents using interfaces.
Documentation on SAP Help Portal
Secure Storage (ABAP)
SAP applications use the secure storage to store the passwords used for connecting to other systems. The passwords are stored encrypted so that they cannot be accessed by unauthorized users.
Documentation on SAP Help Portal
For legal reasons, only SAP applications may use the secure storage. We therefore use technical measures to prevent the secure storage being used in customer developments. SAP provides the Secure Store & Forward interface for external products for your own developments.
SAP NetWeaver Security Guide
The SAP NetWeaver Security Guide provides an overview of the security-relevant information that applies to SAP NetWeaver. It contains an overall overview of security with SAP NetWeaver as well as links to the individual guides for each of the functional areas.
For more information, see:
- SAP NetWeaver Application Server ABAP Security Guide
- SAP NetWeaver Application Server Java Security Guide
- Guide Secure Configuration of SAP NetWeaver Application Server Using ABAP
- Guide Securing Remote Function Calls (RFC)
Security Patch Process