Security Information for SAP Asset Strategy and Performance Management

Similar documents
Security Information for SAP Asset Strategy and Performance Management

SAP Policy Management, group insurance add-on 1.1

Visual Business Configuration with SAP TM

SAP Business One Upgrade Strategy Overview

SAP Business One Upgrade Strategy Overview

SAP Workforce Performance Builder 9.5

Business Add-Ins (BAdIs) for SD Jam Integration Document Version:

Data Protection and Privacy for Fraud Watch

What's New in SAP Landscape Transformation Replication Server 2.0 SP15

What's New in SAP Landscape Transformation Replication Server 2.0 SP13

SAP Landscape Transformation Replication Server

Security Guide SAP Sports One Document Version: CUSTOMER. SAP Sports One

SAP Business One Hardware Requirements Guide

SAP Enable Now. Desktop Components (Cloud Edition)

How To Protect your Intellectual Property

Security Guide SAP Sports One Document Version: CUSTOMER. SAP Sports One

SAP Business One Hardware Requirements Guide

SAP Business One Hardware Requirements Guide

HA215 SAP HANA Monitoring and Performance Analysis

UX400. OpenUI5 Development Foundations COURSE OUTLINE. Course Version: 02 Course Duration: 5 Day(s)

Automated Java System Post-Copy Configuration Using SAP Landscape Management 3.0, Enterprise Edition

HA240 Authorization, Security and Scenarios

How to Work with Analytical Portal

Deleting SAP HANA Delivery Units and Products

HA240 SAP HANA 2.0 SPS02

SAP Business One, version for SAP HANA Platform Support Matrix

HA301. SAP HANA 2.0 SPS03 - Advanced Modeling COURSE OUTLINE. Course Version: 15 Course Duration:

HA100 SAP HANA Introduction

How to Package and Deploy SAP Business One Extensions for Lightweight Deployment

SAP Business One Hardware Requirements Guide

C4C30. SAP Cloud Applications Studio COURSE OUTLINE. Course Version: 21 Course Duration: 4 Day(s)

HA215 SAP HANA Monitoring and Performance Analysis

SLT100. Real Time Replication with SAP LT Replication Server COURSE OUTLINE. Course Version: 13 Course Duration: 3 Day(s)

S4H01. Introduction to SAP S/4HANA COURSE OUTLINE. Course Version: 04 Course Duration: 2 Day(s)

SAP Workforce Performance Builder 9.5

CLD100. Cloud for SAP COURSE OUTLINE. Course Version: 16 Course Duration: 2 Day(s)

Visual Structure Manager Administration Guide

Quick Guide to Implementing SAP Predictive Analytics Content Adoption rapiddeployment

HA355. SAP HANA Smart Data Integration COURSE OUTLINE. Course Version: 12 Course Duration: 3 Day(s)

How to Set Up and Use Electronic Tax Reporting

UX402 SAP SAPUI5 Development

HA100 SAP HANA Introduction

Software and Delivery Requirements

SAP Mobile Secure Rapiddeployment. Software Requirements

Configuring Client Keystore for Web Services

MDG100 Master Data Governance

BC403 Advanced ABAP Debugging

FAQs OData Services SAP Hybris Cloud for Customer PUBLIC

CA611 Testing with ecatt

SAP Business One Integration Framework

Server Extension User s Guide SAP BusinessObjects Planning and Consolidation 10.0, version for the Microsoft platform

Trigger-Based Data Replication Using SAP Landscape Transformation Replication Server

Partition Wizard User s Guide SAP BusinessObjects Planning and Consolidation 10.0, version for the Microsoft platform

HA100 SAP HANA Introduction

HA150 SQL Basics for SAP HANA

HA150. SAP HANA 2.0 SPS02 - SQL and SQLScript for SAP HANA COURSE OUTLINE. Course Version: 14 Course Duration: 3 Day(s)

BOD410 SAP Lumira 2.0 Designer

SAP Analytics Cloud model maintenance Restoring invalid model data caused by hierarchy conflicts

BC470. Form Printing with SAP Smart Forms COURSE OUTLINE. Course Version: 18 Course Duration:

HA300 SAP HANA Modeling

Authentication of a WS Client Using a SAP Logon Ticket

How to Set Up Data Sources for Crystal Reports Layouts in SAP Business One, Version for SAP HANA

HA 450. Application Development for SAP HANA COURSE OUTLINE. Course Version: 12 Course Duration:

Release Information Document Version: CUSTOMER. SAP Event Ticketing

UX300 SAP Screen Personas 3.0 Development

SAP Workforce Performance Builder

SAP HANA Authorization (HA2)

How To Set up NWDI for Creating Handheld Applications in SAP NetWeaver Mobile 7.1

Standalone Retrofit. Required Steps when Upgrading to SAP Solution Manager 7.2, SP03

Quality Inspection Engine (QIE) Security Guide

FAQs Data Workbench SAP Hybris Cloud for Customer PUBLIC

SAP Single Sign-On 2.0 Overview Presentation

HA100 SAP HANA Introduction

ADM505. Oracle Database Administration COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

BIT660 Data Archiving

BC414. Programming Database Updates COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

FAQs Data Cleansing SAP Hybris Cloud for Customer PUBLIC

Non-SAP Backend System Readiness Check

ADM960. SAP NetWeaver Application Server Security COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day

S4H410. SAP S/4HANA Embedded Analytics and Modeling with Core Data Services (CDS) Views COURSE OUTLINE. Course Version: 05 Course Duration: 2 Day(s)

Development Information Document Version: CUSTOMER. ABAP for Key Users

SAP ME Build Tool 6.1

Let s Exploit DITA: How to automate an App Catalog

SAP Branch Agreement Origination V3.703: Software and Delivery Requirements

BC404. ABAP Programming in Eclipse COURSE OUTLINE. Course Version: 16 Course Duration: 3 Day(s)

BW405. BW/4HANA Query Design and Analysis COURSE OUTLINE. Course Version: 14 Course Duration: 5 Day(s)

BOCRC. SAP Crystal Reports Compact Course COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

HA400 ABAP Programming for SAP HANA

INTERNAL USE ONLY SAP BusinessObjects EPM Add-in for Microsoft Office Support Package 17 / Patch XX Installation Procedure

HA150. SAP HANA 2.0 SPS03 - SQL and SQLScript for SAP HANA COURSE OUTLINE. Course Version: 15 Course Duration:

DS10. Data Services - Platform and Transforms COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

SAP NetWeaver Master Data Management

ADM960. SAP NetWeaver Application Server Security COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

S4D430 Building Views in Core Data Services ABAP (CDS ABAP)

SAP NetWeaver How-To Guide

Access Control 5.3 Implementation Considerations for Superuser Privilege Management ID-Based Firefighting versus Role-Based Firefighting Applies to:

Getting Started with SAP Business One 9.2, version for SAP HANA

Setting Up an Environment for Testing Applications in a Federated Portal Network

HA300 SAP HANA Modeling

SAP NetWeaver How-To Guide

Transcription:

Master Guide SAP Asset Strategy and Performance Management Document Version: 1.0 2017-11-30 Security Information for SAP Asset Strategy and Performance Management

Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Textual cross-references to other documents. Example EXAMPLE Example Example <Example> EXAMPLE Emphasized words or expressions. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER. 2 2017 SAP SE or an SAP affiliate company. All rights reserved. Typographic Conventions

Document History Version Date Change 3.9 <2016-11-22> Review and updated Document History 2017 SAP SE or an SAP affiliate company. All rights reserved. 3

Table of Contents 1 Introduction... 6 1.1 Overview of the Main Sections... 6 2 Before You Start... 8 3 Security Aspects of Data, Data Flow and Processes... 10 4 User Administration and Authentication... 11 5 Data Storage Security... 12 6 Other Security-Relevant Information... 13 7 Data Protection... 14 4 2017 SAP SE or an SAP affiliate company. All rights reserved. Table of Contents

Introduction 2017 SAP SE or an SAP affiliate company. All rights reserved. 5

1 Introduction The Security Guide provides an overview of the security-relevant information that applies to SAP Asset Strategy and Performance Management from a System Administrator perspective. Note: This guide does not replace the administration or operation guides that are available for productive operations. Target Audience System Administrators This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases. Why Is Security Necessary? With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation of your system should not result in loss of information or processing time. These demands on security apply likewise to SAP Asset Strategy and Performance Management. To assist you in securing the SAP Asset Strategy and Performance Management, we provide this Security Guide. 1.1 Overview of the Main Sections The Security Guide comprises the following main sections: Before You Start This section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide. Security Aspects of Data, Data Flow and Processes This section provides an overview of security aspects involved throughout the most widely-used processes within SAP Asset Strategy and Performance Management. User Administration and Authentication This section provides an overview of the following user administration and authentication aspects: o Recommended tools to use for user management o Standard users that are delivered with SAP Asset Strategy and Performance Management o Overview of how integration into Single Sign-On environments is possible Data Storage Security 6 2017 SAP SE or an SAP affiliate company. All rights reserved. Introduction

This section provides an overview of any critical data that is used by the SAP Asset Strategy and Performance Management and the security mechanisms that apply. Data Protection This section provides information about how SAP Asset Strategy and Performance Management protects personal or sensitive data. Introduction 2017 SAP SE or an SAP affiliate company. All rights reserved. 7

2 Before You Start SAP Asset Strategy and Performance Management is built on top of SAP HANA Cloud Platform (HCP) using SAP UI5 as user interface technology as well as SAP ID Service as Identity and Access Management solution. Table 1: Fundamental Security Information Security-Related Material Description SAP HANA Cloud Solution Brief SAP HANA Cloud Solution Overview SAP Data Center Data center home page with focus on security and certification SAP Security Certificates General SAP IT Security Certifications For a complete list of the available SAP Security Guides, see SAP Service Marketplace at http://service.sap.com/securityguide. Additional Information For more information about specific topics, see the Quick Links as shown in the table below. Content Quick Link on SAP Service Marketplace or SCN Security http://scn.sap.com/community/security Security Guides http://service.sap.com/securityguide Related SAP Notes http://service.sap.com/notes http://service.sap.com/securitynotes Released platforms http://service.sap.com/pam Network security http://service.sap.com/securityguide SAP Solution Manager http://service.sap.com/solutionmanager 8 2017 SAP SE or an SAP affiliate company. All rights reserved. Before You Start

Content Quick Link on SAP Service Marketplace or SCN SAP NetWeaver http://scn.sap.com/community/netweaver Before You Start 2017 SAP SE or an SAP affiliate company. All rights reserved. 9

3 Security Aspects of Data, Data Flow and Processes The following general security measures are in place, and are applicable to all scenarios: Encrypted connection through HTTPS User and role mapping with functional restrictions Access control lists limiting access to data only to permitted roles, companies and users The table below shows the security aspect to be considered for the process step and what mechanism applies. Step Description Security Measure User authentication The user logs on to the system. Authentication process based on SAML 2.0 Standard takes place. Access credentials are not stored on site. Invalid session IDs and cookies are intercepted. Document upload Users can upload documents, including Microsoft Excel files, images, VDS files etc. Virus scanning is in place for all uploaded documents. MIME Type check in place to prevent malicious uploads. User administrative tasks Administrators can add and remove user accounts, and change the role assignments of user accounts Division of responsibilities ensures that only company Administrators can carry out the listed user administrative tasks. 10 2017 SAP SE or an SAP affiliate company. All rights reserved. Security Aspects of Data, Data Flow and Processes

4 User Administration and Authentication SAP Asset Strategy and Performance Management uses the authentication mechanisms provided by SAP ID Service. The user management itself is specific to SAP Asset Strategy and Performance Management and does not rely on any external tools. Information about user administration and authentication that specifically applies to SAP Asset Strategy and Performance Management is provided in the following topics: User Management This topic lists the tools to use for user management in SAP Asset Strategy and Performance Management. Integration into Single Sign-On Environment This topic describes how SAP Asset Strategy and Performance Management supports Single Sign-On mechanisms. User Management User management for SAP Asset Strategy and Performance Management uses the SAP HANA Cloud Platform as well as making use of SAP ID Service facilities. For an overview of how these mechanisms apply to SAP Asset Strategy and Performance Management, see the sections below. User Administration Tools SAP Asset Strategy and Performance Management uses the user administration provided by the SAP HANA Cloud Platform to manage Users. System Administrators can add, remove and edit users. They can also provide/revoke multiple pre-defined roles to users. SAP Asset Strategy and Performance Management Provides three predefined roles per application: READ Provides read authorizations to the selected user on selected application. EDIT Provides read and write authorizations to the selected user on selected application. DELETE Provides read, write and delete authorizations to the selected user on selected application. Integration into Single Sign-On Environments SAP Asset Strategy and Performance Management supports the Single Sign-On (SSO) mechanisms provided by SAP HANA Cloud Platform in conjunction with SAP ID Service. SAP Asset Strategy and Performance Management also allows customer trust accounts to be integrated with SAP HANA Cloud Platform to facilitate SSO using their own trust system. User Administration and Authentication 2017 SAP SE or an SAP affiliate company. All rights reserved. 11

5 Data Storage Security SAP Asset Strategy and Performance Management saves data in a dedicated database provided by SAP HANA Cloud Platform. Access to the database comes preconfigured with the infrastructure environment. The database contains personal data (user profiles and company profiles), operational business data, and preferences and configurations. Information is updated continuously upon change. Documents, such as media files and PDFs, are stored in the SAP HANA Cloud document management system. Data Protection SAP Asset Strategy and Performance Management complies with data privacy and protection regulations. SAP Asset Strategy and Performance Management supports the following functionality: helps customers delete personal data stored on the network using the user management application. supports sharing personal data of a person whose details have been stored on SAP Asset Strategy and Performance Management when the user requests for it. maintains audit trial information such as the name of person who changed the personal data, time and date of the data changed or data deleted. 12 2017 SAP SE or an SAP affiliate company. All rights reserved. Data Storage Security

6 Other Security-Relevant Information SAP Asset Strategy and Performance Management is an SAP UI5-based application, and as such makes use of HTML5 and JavaScript. Active content (at least HTML5 and JavaScript) has to be enabled. This is mandatory, as SAP Asset Strategy and Performance Management will not work without it. Session Security Protection SAP Asset Strategy and Performance Management is restricted to operating with Secure Socket Layer (SSL) and activated cookie handling in the browser only. Security Lifecycle Management SAP Asset Strategy and Performance Management is hosted and operated by SAP. The Cloud Operations, Business Operations, and Development Team continuously monitor security-relevant issues and keep the system and software up to date. Other Security-Relevant Information 2017 SAP SE or an SAP affiliate company. All rights reserved. 13

7 Data Protection Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different countries. This section describes the specific features and functions that SAP provides to support compliance with the relevant legal requirements and data privacy. This section and any other sections in this Security Guide do not give any advice on whether these features and functions are the best method to support company, industry, regional or country-specific requirements. Furthermore, this guide does not give any advice or recommendations with regard to additional features that would be required in a particular environment; decisions related to data protection must be made on a case-bycase basis and under consideration of the given system landscape and the applicable legal requirements. Note: In most cases, compliance with data privacy laws is not a product feature. SAP software supports data privacy by providing security features and specific data-protection-relevant functions such as functions for the simplified blocking and deletion of personal data. SAP does not provide legal advice in any form. The definitions and other terms used in this guide are not taken from any given legal source. Table 3: Glossary DPP requirement Implementation Status Personal data Whenever an admin performs changes to the user s personal data, the logs should be reflected mentioning which personal data has been changed. Currently, SAP Asset Intelligence Network performs the following steps. For each data set being subject to logging, the log stores the following information in SAP Asset Intelligence Network specific logging tables: 1. The user who is changing the data 2. The date and time of change 3. The data set's identifying keys and their values 4. The heading name for the attribute that has been changed Consent As SAP Asset Intelligence Network, does not collect any person data non-interactively (such as address book, geographic location, microphone, camera, documents or photos) explicit user consent is not required for SAP Asset Intelligence Network. 14 2017 SAP SE or an SAP affiliate company. All rights reserved. Data Protection

Table 3: Glossary DPP requirement Implementation Status Consent is given by organization to store his user's data while signing the contract with SAP Asset Intelligence Network. So, SAP Asset Intelligence Network doesn t need to take a consent explicitly with each user. Read Access Logging For sensitive personal data, which shall mean information on racial or ethnic origin, political opinions, religious or philosophical beliefs, tradeunion membership, health or sex life and bank account data, the customer shall be able to log successful and unsuccessful attempts to this data using read access logging tools. As SAP Asset Intelligence Network, doesn t have any sensitive personal data stored with it, this requirement is not relevant for SAP Asset Intelligence Network. Deletion Personal Data needs to be destroyed if there is no valid business purpose anymore for which the personal data is required. Currently, SAP Asset Intelligence Network supports the soft deletion of the user, that is, deletion flag will be set to true for that user and this user s info is nowhere displayed in SAP Asset Intelligence Network. SAP Asset Intelligence Network doesn t support retention periods concept and so blocking is not supported (Blocking means to restrict access to personal data) Information SAP Asset Intelligence Network does not provide any report or display function which can be used to inform the data subjects (users) about the personal data stored about them. Protect sensitive data As SAP Asset Intelligence Network, does not store any sensitive personal data, this requirement is not relevant for SAP Asset Intelligence Network. Data Protection 2017 SAP SE or an SAP affiliate company. All rights reserved. 15

Some basic requirements that support data protection are often referred to as technical and organizational measures (TOM). The following topics are related to data protection and require appropriate TOMs: Access control: Authentication features as described in section User Administration and Authentication Authorizations: Authorization concept as described in section Roles Availability control: As described in section Data Storage Security Separation by purpose: Is subject to the organizational model implemented and must be applied as part of the authorization concept. Caution The extent to which data protection is ensured depends on secure system operation. Network security, security note implementation, adequate logging of system changes, and appropriate usage of the system are the basic technical requirements for compliance with data privacy legislation and other legislation. Related Information Roles 16 2017 SAP SE or an SAP affiliate company. All rights reserved. Data Protection

www.sap.com/contactsap 2017 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Please see www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. Material Number:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback