Security Guide
SAP Dealer Business Management 2
Copyright
© 2015 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.
Security Guide
SAP Dealer Business Management 3
Icons in Body Text
Icon Meaning
Caution
Example
Note
Recommendation
Syntax
Additional icons are used in SAP Library documentation to help you identify different types of
information at a glance. For more information, see Help on Help General Information Classes and Information Classes for Business Information Warehouse on the first page of any version of SAP Library.
Typographic Conventions
Type Style Description
Example text Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options.
Cross-references to other documentation.
Example text Emphasized words or phrases in body text, graphic titles, and table titles.
EXAMPLE TEXT Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE.
Example text Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools.
Example text Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation.
<Example text> Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system.
EXAMPLE TEXT Keys on the keyboard, for example, F2 or ENTER.
Security Guide
SAP Dealer Business Management 4
Contents
Security Guide Template ........................................................................................................... 5
Introduction ............................................................................................................................ 5
Before You Start..................................................................................................................... 7
Technical System Landscape ................................................................................................ 8
User Administration and Authentication ............................................................................... 10
User Management ............................................................................................................ 11
Integration into Single Sign-On Environments ................................................................. 12
Authorizations ...................................................................................................................... 13
Network and Communication Security ................................................................................. 15
Data Storage Security .......................................................................................................... 16
Data Protection .................................................................................................................... 17
Security Guide
SAP Dealer Business Management 5
Introduction
This guide does not replace the administration or operation guides that are available for productive operations.
Target Audience
● Technology consultants
● System administrators
This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases.
Why Is Security Necessary?
With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to the SAP Dealer Business Management. To assist you in securing the SAP Dealer Business Management, we provide this Security Guide.
About this Document
The Security Guide provides an overview of the security-relevant information that applies to the SAP Dealer Business Management.
Overview of the Main Sections
The Security Guide comprises the following main sections:
● Before You Start
This section contains information about why security is necessary, how to use this document and references to other Security Guides that build the foundation for this Security Guide.
● Technical System Landscape
This section provides an overview of the technical components and communication paths that are used by the SAP Dealer Business Management.
● User Administration and Authentication
This section provides an overview of the following user administration and authentication aspects:
○ Recommended tools to use for user management.
○ Overview of how integration into Single Sign-On environments is possible.
● Authorizations
This section provides an overview of the authorization concept that applies to the SAP Dealer Business Management.
● Network and Communication Security
Security Guide
SAP Dealer Business Management 6
This section provides an overview of the communication paths used by the SAP Dealer Business Management and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.
● Data Storage Security
This section provides an overview of any critical data that is used by the SAP Dealer Business Management and the security mechanisms that apply.
● Data Protection and Privacy (DP&P)
This section provides an overview of DP&P aspects of this release.
● Appendix
This section provides references to further information.
Security Guide
SAP Dealer Business Management 7
Before You Start
Fundamental Security Guides
The SAP Dealer Business Management is an Add On for SAP ECC DIMP and is built from the SAP NetWeaver technology. Therefore, the corresponding Security Guides also apply to the SAP Dealer Business Management. Pay particular attention to the most relevant sections or specific restrictions as indicated in the table below.
Fundamental Security Guides
Scenario, Application or Component Security Guide
Most-Relevant Sections or Specific Restrictions
SAP EHP7 for SAP ERP 6.0 SAP Service Marketplace under
service.sap.com/securityguide
SAP ERP Central Component Security Guide SAP Service Marketplace under
service.sap.com/securityguide
SAP ECC DIMP 617 SAP Service Marketplace under
service.sap.com/securityguide
For a complete list of the available SAP Security Guides, see the SAP Service Marketplace at service.sap.com/securityguide.
Important SAP Notes
The most important SAP Notes that apply to the security of the SAP Dealer Business Management are shown in the table below.
SAP Note Title Comment
727839 Authorization role for the SAP SCM - SAP R/3 integration
Additional Information
For more information about specific topics, see the addresses on the SAP Service Marketplace as shown in the table below.
Content SAP Service Marketplace Address
Security service.sap.com/security
Security Guides service.sap.com/securityguide
Related SAP Notes service.sap.com/notes
Released platforms service.sap.com/platforms
Network security service.sap.com/securityguide
SAP Solution Manager service.sap.com/solutionmanager
Security Guide
SAP Dealer Business Management 8
Technical System Landscape
Use
The figures below shows overviews of the technical system landscapes for the SAP Dealer Business Management.
System Landscape for Databases Other Than SAP HANA:
* Automotive Solutions use PP, LE, MM, SD and ECC DIMP which includes Dealer Portal, Vehicle Management System (VMS), etc.
At minimum, you need to install SAP ECC with the SAP ECC DIMP 617, SAP DBM add-ons and TREX
Note: TREX is required for databases other than SAP HANA. For SAP HANA databases, TREX can be avoided and the search can be performed with the SAP HANA-based variant of embedded search).
Security Guide
SAP Dealer Business Management 9
System Landscape for SAP HANA:
For more information about the technical system landscape, see the resources listed in the table below.
Topic Guide/Tool Quick Link to the SAP Service Marketplace
Technical description for SAP Dealer Business Management
Industry Solution Master Guide – SAP for Automotive
service.sap.com/instguides
Technical description of the underlying technological component SAP NetWeaver
Master Guide for SAP NetWeaver
service.sap.com/instguides
Security service.sap.com/security
Security for Industry Scenario
Security Guide for Industry Scenarios
service.sap.com/securityguide
Security Guide
SAP Dealer Business Management 10
User Administration and Authentication
The SAP Dealer Business Management uses the user management and authentication mechanisms provided with the SAP NetWeaver platform, in particular the SAP NetWeaver Application Server ABAP. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Application Server ABAP Security Guide [SAP Library] also apply to the SAP Dealer Business Management.
Security Guide
SAP Dealer Business Management 11
User Management
Use
User management for the SAP Dealer Business Management uses the mechanisms provided with the SAP NetWeaver Application Server ABAP. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Application Server ABAP Security Guide [SAP Library] also apply to the SAP Dealer Business Management.
We recommend changing the user IDs and passwords for users that are automatically created during installation.
Security Guide
SAP Dealer Business Management 12
Integration into Single Sign-On Environments
Use
The SAP Dealer Business Management supports the Single Sign-On (SSO) mechanisms provided by SAP NetWeaver. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Security Guide [SAP Library] also apply to the SAP Dealer Business Management.
The supported mechanisms are listed below.
Secure Network Communications (SNC)
SNC is available for user authentication and provides for an SSO environment when using the SAP GUI for Windows or Remote Function Calls.
For more information, see Secure Network Communications (SNC) [SAP Library] in the SAP NetWeaver AS ABAP Security Guide.
SAP logon tickets
The SAP Dealer Business Management supports the use of logon tickets for SSO when using a Web browser as the frontend client. In this case, users can be issued a logon ticket after they have authenticated themselves with the initial SAP system. The ticket can then be submitted to other systems (SAP or external systems) as an authentication token. The user does not need to enter a user ID or password for authentication but can access the system directly after the system has checked the logon ticket.
You can find more information under SAP Logon Tickets [SAP Library] in the SAP NetWeaver AS ABAP Security Guide.
Client certificates
As an alternative to user authentication using a user ID and passwords, users using a Web browser as a frontend client can also provide X.509 client certificates to use for authentication. In this case, user authentication is performed on the Web server using the Secure Sockets Layer Protocol (SSL Protocol) and no passwords have to be transferred. User authorizations are valid in accordance with the authorization concept in the SAP system.
You can find more information under Client Certificates [SAP Library] in the SAP NetWeaver AS ABAP Security Guide.
Security Guide
SAP Dealer Business Management 13
Authorizations
Use
The SAP Dealer Business Management uses the authorization concept provided by SAP NetWeaver. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP also apply to the SAP Dealer Business Management.
The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role maintenance, use the profile generator (transaction PFCG) when using ABAP technology and the User Management Engine’s user administration console when using Java.
For more information about how to create roles, see Role Maintenance [SAP Library].
Standard Roles
The table below shows the standard roles that are used by the SAP Dealer Business Management.
Standard Roles
Role Description
/DBM/MASTER DBM Master Role
/DBM/CDESK General Role for Cash Desk
/DBM/ORDER General Role for Order
/DBM/PACKAGE General Role for Packages
/DBM/STG General Role for Storage Good Manager
/DBM/TIME_MANAGEMENT General Role for Time Management
/DBM/VEHICLE General Role for Vehicle
/DBM/SERVICE_ADVISOR DBM Service Advisor
/DBM/BACKORDER_PROCESSOR DBM Backorder Processor
/DBM/MODEL_CATALOG DBM role for the authorization to use the model catalog
/DBM/MASS_ACTIONS DBM role for the authorization to carry out mass vehicle actions
/DBM/MASS_ACTION_MENU DBM role for mass vehicle processing in the SAP Menu
/DBM/SALES_ASSISTANT DBM Vehicle Sales Assistant
/DBM/WORKSHOP_CONTROLLER DBM Workshop Controller
Standard Authorization Objects
The table below shows the security-relevant authorization objects that are used by the SAP Dealer Business Management.
Security Guide
SAP Dealer Business Management 14
Standard Authorization Objects
Authorization Object
Field Value Description
/DBM/CDESK Cash Desk
/DBM/CUST Authorization Object for Customer
/DBM/ORDER Authorization Object for Order
/DBM/PACK Authorization Object for Packages
/DBM/STGP Authorization Object for Storage Goods Manager
/DBM/VEH Authorization Object for Vehicle
/DBM/TM_ST Creation of Time Stamps
/DBM/TM_ER DBM Time Recording: error management
/DBM/VMCAT DBM Authorization for vehicle model catalog
/DBM/NSALE Organizational authorization for DBM VSA new vehicle sales
/DBM/USALE Organizational authorization for DBM
VSA used vehicle sales
/DBM/VTEST Organizational authorization for DBM
VSA test drive
/DBM/TRDIN Organizational authorization for DBM
VSA trade-in business
Security Guide
SAP Dealer Business Management 15
Network and Communication Security
Your network infrastructure is extremely important in protecting your system. Your network needs to support the communication necessary for your business needs without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system and application level) or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the backend system’s database or files. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and security holes in network services on the server machines.
The network topology for the SAP Dealer Business Management is based on the topology used by the SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to the SAP Dealer Business Management.
For more information, see the following sections in the SAP NetWeaver Security Guide:
● Network and Communication Security [SAP Library]
● Security Aspects for Connectivity and Interoperability [SAP Library]
Security Guide
SAP Dealer Business Management 16
Data Storage Security
Use In the cash desk functions, SAP DBM only stores the payment type (cash, EC, Visa, MC, check). Credit card numbers are not stored. When checking a customer's credit limit, the system accesses the open items and the customer's credit limit. This access is secured by the SAP authorization concept.
SAP DBM uses some HR data. This data is protected by the SAP authorization concept.
Security Guide
SAP Dealer Business Management 17
Data Protection
Deletion of Personal Data
Integration with Other Solutions
DBM application component is closely integrated with other components such as:
Material Master
Financial Accounting
Controlling
Sales and Distribution
Warranty
Vehicle Management System
SAP Multiresource Scheduling
CRM
HR
Relevant Application Objects and Available Deletion Functionality
The relevant application objects are DBM Order, DBM Deal and DBM Cashdesk.The deletion functionality is enabled for these application objects.
Relevant Application Objects and Available EoP Functionality
DBM EoP functionality is integrated with standard blocking report for Central Business Partners as well as with blocking report for Customer/Vendor/Contact Persons.
Configuration: Simplified Blocking and Deletion
DBM-relevant EoP function modules/class are registered and delivered in appropriate customizing.
Top Related