1/18/2023

Security Guide for SAP Business Planning and

SAP Business Planning and Consolidation, version for SAP NetWeaver | 10.1

PUBLIC

Original content:
[Link]
locale=en-US&state=PRODUCTION&version=10.1

Warning

This document has been generated from the SAP Help Portal and is an incomplete version of the official SAP product documentation. The information
included in custom documentation may not re ect the arrangement of topics in the SAP Help Portal, and may be missing important aspects and/or
correlations to other topics. For this reason, it is not for productive use.

For more information, please visit the [Link]

This is custom documentation. For more information, please visit the SAP Help Portal 1
 1/18/2023

Before You Start

The application is built with SAP NetWeaver components. The framework comprises an SAPUI5 client coupled with SAP NetWeaver server-side components.
The SAP NetWeaver Security Guides also apply to the application. Pay particular attention to the Most-Relevant Sections or Speci c Restrictions as
indicated in the table.

Scenario, Application, or Component Security Guide Most-Relevant Sections or Speci c Restrictions

SAP NetWeaver Application Server ABAP Security Guide on SAP Help Portal at AS ABAP Authorization Concept
[Link] SAP NetWeaver

Identity management information on SAP Help Portal at [Link] User and Role Administration of AS ABAP
SAP NetWeaver

User authentication and single sign-on information on SAP Help Portal at Authentication on the AS ABAP
[Link] SAP NetWeaver

RFC/ICF Security Guide on SAP Help Portal at [Link] SAP -

SAP NetWeaver Security Guide on SAP Help Portal at [Link] SAP Secure Network Communications (SNC)
NetWeaver

SAP NetWeaver documentation on SAP Help Portal at [Link] SAP ABAP Programming and Runtime Environment (BC-ABA)
NetWeaver

Security Guides for Connectivity and Interoperability Technologies on SAP Help -

SAP NetWeaver documentation on SAP Help Portal at [Link] SAP Network and Transport Layer Security
NetWeaver

For a complete list of the available SAP Security Guides, see [Link] on the SAP Service Marketplace.

Important SAP Notes

The most important SAP Notes that apply to the security of the system are shown in the table below.

SAP Note Title Comment

1501945 Secure Con guration SAP NW This note contains information about how the
NetWeaver platform can be con gured securely.

Additional Information
For more information about speci c topics, see the Quick Links as shown in the table below.

Quick Links to Additional Information

Content Quick Link

Security [Link]

Security Guides [Link]

Related SAP Notes [Link]

Released Platforms [Link]

Network Security [Link]

SAP Solution Manager [Link]

SAP NetWeaver [Link]

Technical System Landscape

Landscape for Planning and Consolidation Standard

Planning and Consolidation Landscape in a Standard Configuration

Planning and Consolidation Landscape with SAP ERP System and Portal System Included

Landscape for Planning and Consolidation Embedded

Planning and Consolidation Landscape in an Embedded Configuration

For more information about the technical system landscape, see the Master Guide for the application on the SAP Help Portal.

Security Overview

This is custom documentation. For more information, please visit the SAP Help Portal 3
 1/18/2023
Use
This section describes the security features included with Planning and Consolidation.

Features
Security Upon Initial System Installation

When you rst install the system, the following items apply:

The installation user can access the Administration workspace from any client machine. (After additional users are de ned, they can also access the
administration features remotely.)

The system administrator can perform all administrative tasks, but does not have any access to members.

There are no other users de ned.

Standard only

There are two Admin teams de ned that can be used as samples.

There is one sample task pro le that has full Administration privileges (PrimaryAdmin), one sample task pro le that has Public folder and dimension
access (SecondaryAdmin), and another sample task pro le that has privileges to manage the security settings, environments, and can use the
system offline (SystemAdmin).

Administrators must speci cally assign task pro les to users or teams of users before they can access any tasks. Similarly, if they do not assign data
access pro les to users or teams to de ne access to members of a secured dimension, no one has access to that dimension.

Steps to De ne Security

De ning security involves the following steps:

Manage users and roles with SAP NetWeaver Application Server ABAP user management mechanisms. See User Management.

Con gure integration into single sign-on environments. See Integration into Single Sign-On Environments.

Optional: Assign users to teams. See Team Setup.

Assign data access pro les to users or teams. See See Usage of Data Access Pro les (Standard only) [page 28] and Authorization Levels and Their
Precedence (Embedded only) [page 35].

Standard only

Name each user. See User Setup.

Assign task pro les to users or teams. See Task Pro le Setup.

Emergency User

When normal access to the system is no longer available, SAP customers can log on as SysAdmin (or other operating system users with administrative
rights) to repair the Planning and Consolidation installation. For access to the ABAP server, see the SAP NetWeaver Security Guide .

Security Audit (Standard only)

All security-related changes, such as adding, changing, and deleting users, teams, task pro les and data access pro les can be audited by Planning and
Consolidation.

 Note
The system stores all audit data in dynamically created internal tables, and does not create audit les in the back-end.

Administrators control whether activity auditing on administration tasks (including security tasks) is enabled or not. If enabled for administration tasks, all
administration tasks are audited (see Activity Auditing in the application help for more information).

The following activities are audited by Planning and Consolidation:

Adding, changing, and deleting users.

Adding, changing, and deleting teams.

Adding, changing, and deleting task pro les.

This is custom documentation. For more information, please visit the SAP Help Portal 4
 1/18/2023
Adding, changing, and deleting data access pro les.

Other events like successful or unsuccessful logins, locked users, and so on, are monitored by SAP NetWeaver.

To enable auditing for Administration tasks, you choose Administration and under the Audit section choose Administration Activity Enable Auditing of
Administration Activity . Once the system records an activity, you can run a report that shows activity based on speci ed criteria (see Reporting on
Administration Activity in the help).

This is custom documentation. For more information, please visit the SAP Help Portal 5