Introduction

This guide does not replace the daily operations manual that we recommend customers create for their specific production operations.

This guide represents the latest state of development. The contents may be changed without prior notice and are not binding for SAP.

Target Audience

·        Technology consultants

·        System administrators

This document is part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the Security Guides provide information that is relevant for all life cycle phases.

Why Is Security Necessary?

With the increasing use of distributed systems and the internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These security requirements naturally also apply to MaxDB. We offer this Security Guide to assist you in securing MaxDB.

About This Document

The Security Guide provides an overview of security-relevant information that applies to MaxDB.

Overview of the Main Sections

The Security Guide comprises the following main sections:

·        Before You Start

This section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide.

·        Technical System Landscape

This section provides an overview of the technical components and communication paths used by MaxDB.

·        User Administration and Authentication

This section provides an overview of the following user administration and authentication aspects:

Ў        Recommended tools for user management

Ў        The user types required by MaxDB

Ў        The standard users delivered with MaxDB

·        Authorizations

This section provides an overview of the MaxDB authorization concept.

·        Network and Communication Security

This section provides an overview of the communication paths used by MaxDB and the security mechanisms that apply.

·        Data Storage Security

This section provides an overview of the critical data used by MaxDB and the security mechanisms that apply.

·        Dispensable Functions with Impacts on Security

This section provides an overview of functions that have impacts on security and can be disabled or removed from the system.

·        Other Security-Relevant Information

This section contains information about:

Ў        User input in SQL statements

·        Trace and Log Files

This section provides an overview of the trace and log files that contain security-relevant information, for example, so you can reproduce activities if a security breach does occur.

·        Appendix

Overview of the variables and examples used in this guide