There are three points to look after in order to ensure security −
Confidentiality − Unauthorized disclosure of data
Integrity − Unauthorized modification of data
Availability − Denial of service (a lack of availability of computing resources)
In SAP runtime environment, both application security and unauthorized system access to SAP have to be controlled. The user accounts defined for users in the SAP runtime environment are secured by roles that grant authorizations to them. SAP authorizations control access to transactions (Business Process Activities), or what can be performed within a specific business process step by −
In order to avoid threats, a sound and robust system implements safeguards such as access control, firewall, encryption, O/S hardening, digital certificate, security monitor, and antivirus.
Security can be classified into three different categories −
We can help multiple layers of security in a SAP R/3 system.
Authentication − Only legitimate users should be able to access the system.
Authorization − Users should only be able to perform their designated tasks.
Integrity − Data integrity needs to be granted at all time.
Privacy − Protection of data against unauthorized access.
Obligation − Ensuring liability and legal obligation towards stakeholders and shareholders including validation.