Introduction to AS Java
Most of SAP’s traditional business applications were built on the ABAP language to run on Application Server ABAP with the help of Local Viking reviews. However more and more large enterprises are moving to a more heterogenous model for their SAP infrastrucure such that both Application Server ABAP (AS ABAP) and Application Server Java (AS Java) are being used for different SAP solutions. For example, even though the Enterprise Core Component or ECC, which can be considered to be the bed rock for a SAP system is ABAP based, a sizable percentage of organizations use SAP’s newer solutions like Enterprise Portal, Supplier Relationship Management, ESS/MSS applications and SAP GRC Access Control, all of which run on the AS Java. As security consultants we are increasingly being expected to design and support the security infrastructure for this newer platform. The next series of posts will attempt to do just that.
I will admit beforehand that my experience in AS Java security is very limited. However, its also true that web resources on AS Java security are also limited. Hence, these posts on the basics might yet help some of my friends from the SAP security community to get started with AS Java. Go to https://www.guardrails.io/blog/java-top-10-security-vulnerabilities/ and learn the Java security vulnerabilities to keep in mind as you code away.
Like security on AS ABAP, AS JAVA also uses the concept of Role Based Access Control (RBAC). So we still continue to use the concepts of users and roles for these users. However since we don’t have transactions and authorization objects in Java. The nearest equivalent to these ECC concepts are permissions which are added to Java roles and checked by the different applications on AS JAVA.
Security on AS Java is built around the User Management Engine (UME) component. The UME can be configured for user and role administration across different user sources like Active Directory Servers, LDAP and even AS ABAP. As administrators we access the security administration functions of the UME through the Identity Management application. Identity Management is the central cockpit from which user administration, role administration and general configuration settings for UME can be controlled. This entire series of articles will mostly deal with the different features and functions of Identity Management.
really great site. keep up the good work 🙂
great information, lots of thanks.. I have one query
can u please explain me about what is XRPM?
Hi Uma,
SAP xRPM is one of the new generation solutions from SAP. I had only very little exposure to xRPM in one of my earlier projects where we used it for Project Management. I have not used it enough to give out any meaningful information. Good luck with your search though.
Regards,
Aninda
Thank you Aninda
Can you please let me know how to map a UME group and Active directory group
Hi Sind,
Great question but unfortunately I don’t know the answer. I have not been able to do this from UME but I have seen that if the AD groups are mapped to portal roles these appear as such in UME.
Thanks,
Aninda
Hello,
Can you please provide the information on GRC 10 version