AdminGuideMSSAddOnEHP5 V2

Download as pdf or txt
Download as pdf or txt
You are on page 1of 41

Administrators Guide Manager Self-Service Add-On 1.

0
Using SAP Enhancement Package 5 for SAP ERP 6.0
Target Audience Consultants Administrators Others

Public Document version 2.0 21/08/2012

SAP AG Dietmar-Hopp-Allee 16 69190 Walldorf Germany T +49/18 05/34 34 34 F +49/18 05/34 34 20 www.sap.com

Copyright 2009 SAP AG. All rights reserved. Java is a registered trademark of Sun Microsystems, Inc No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. SAP, R/3, xApps, xApp, SAP NetWeaver, Duet, PartnerEdge, Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Disclaimer Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. Any Java Source Code delivered with this product is only to be used UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Documentation in the SAP Service Marketplace You can find this documentation at the following Internet address:
service.sap.com/instguides

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.

ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

Some components of this product are based on Java. Any code change in these components may cause unpredictable and severe malfunctions and is therefore expressively prohibited, as is any decompilation of these components.

by SAPs Support Services and may not be modified or altered in any way.

Typographic Conventions
Type Style Example Text Represents Words or characters that appear on the screen. These include field names, screen titles, pushbuttons as well as menu names, paths and options. Cross-references to other documentation Example text Emphasized words or phrases in body text, titles of graphics and tables Names of elements in the system. These include report names, program names, transaction codes, table names, and individual key words of a programming language, when surrounded by body text, for example, SELECT and INCLUDE. Screen output. This includes file and directory names and their paths, messages, names of variables and parameters, source code as well as names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Pointed brackets indicate that you replace these words and characters with appropriate entries. Keys on the keyboard, for example, function keys (such as F2) or the ENTER key.

Icons
Icon Meaning Caution Example Note Recommendation Syntax

EXAMPLE TEXT

Example text

Example text

<Example text>

EXAMPLE TEXT

Master Guide for the Manager Self-Service Add-On 1.0

History of Changes
The Master Guide is regularly updated in SAP Service Marketplace at http://service.sap.com/instguides. Make sure you have the latest version of the Master Guide by checking SAP Service Marketplace immediately before starting the installation. The following table provides an overview of the most important changes that were made in the latest versions. Master Guide Version 1.00 (June 2011) 2.00 (August 2012) Name changed to Administrators Guide and other minor ammendments and updates. Important Changes

June 2011

Contents
History of Changes ................................................................................ 4

1 Getting Started ..............................................................................6


1.1 About this Document ....................................................................... 6 1.2 Related Information ......................................................................... 7
1.2.1 Planning Information .......................................................................... 7 1.2.2 Further Useful Links ........................................................................... 7 1.2.3 Related Master Guides ........................................................................ 8

1.3 Important SAP Notes ....................................................................... 9

2 Manager Self-Service (WDA) ......................................................10


2.1 Software Units of Manager Self-Service (WDA) .......................... 10 2.2 System Landscape......................................................................... 11 2.3 Overall Implementation Sequence ............................................... 12

3 Installation Information...............................................................13 4 Operation Information.................................................................14


4.1 Monitoring of MSS (WDA) ............................................................. 14
4.1.1 Detailed Monitoring for SAP ERP Components.............................. 14 4.1.2 Trace and Log Files........................................................................... 14

4.2 Support Packages and Patch Implementation ............................ 15

5 Security Information ...................................................................16


5.1 Before You Start ............................................................................. 19 5.2 Technical System Landscape ....................................................... 21 5.3 User Administration and Authentication ..................................... 22
5.3.1 User Management ............................................................................. 22 5.3.2 Integration into Single Sign-On Environments ............................... 24

5.4 Authorizations ................................................................................ 24 5.5 Session Security Protection ......................................................... 27 5.6 Network and Communication Security ........................................ 28
5.6.1 Network Security ............................................................................... 29 5.6.2 Communication Destinations ........................................................... 29

5.7 Internet Communication Framework Security ............................ 32 5.8 Security-Relevant Logging and Tracing ...................................... 36

6 Upgrade Information ...................................................................37 7 Solution-Wide Topics..................................................................38 8 References...................................................................................39 9 Media List ....................................................................................41


SAP AG Neurottstr. 16 D-69190 Walldorf

1 Getting Started

1 Getting Started
1.1 About this Document
Purpose
This Master Guide is the central source of information for the technical implementation of Manager Self-Service (WDA), available with Manager Self-Service Add-On 1.0 based on SAP enhancement package 5 for SAP ERP 6.0. It provides cross-scenario implementation information as well as scenario-specific information. You can use the Master Guide to get an overview of Manager Self-Service (WDA) and its software units from a technical perspective. The Master Guide is a planning tool that helps you to design your system landscape and it refers you to the detailed documentation that is required, mainly: Installation guides for single software units SAP Notes Configuration documentation SAP Library documentation

This Master Guide is a single source of information for the documentation that is available to support the installation and operation of Manager Self-Service (WDA). Therefore, this Master Guide contains all of the following: Planning Information [page 7] The first two chapters of the Master Guide provide you with the most important information regarding the implementation of Manager Self-Service (WDA) including an overview of the related planning information, its software units, the system landscape and the overall implementation sequence. Installation Information [page 13] This chapter gives you an overview of the installation components and the sequence in which they are installed, as described in detail in the Installation Note 1576982 of Manager Self-Service Add-On 1.0. Operation Information [page 14] This chapter provides you with the most relevant information needed for the operation of Manager Self-Service (WDA). Security Information [page 16] This chapter provides you with the information that you require to operate Manager SelfService (WDA) securely. Upgrade Information [page 37] This chapter provides you with the latest upgrade information.

Constraints
This Master Guide primarily discusses the overall technical implementation of Manager SelfService (WDA), rather than its subordinate components. This means that additional software dependencies might exist without being mentioned explicitly in this document. You can find more information on component-specific software dependencies in the corresponding installation guides.

June 2011

1 Getting Started

1.2 Related Information


1.2.1 Planning Information
For more information about planning topics not covered in this guide, see the following content on SAP Service Marketplace: Content Latest versions of installation and upgrade guides SAP Business Maps - information about applications and business scenarios Sizing, calculation of hardware requirements - such as CPU, disk and memory resource with the Quick Sizer tool Released platforms and technology-related topics such as maintenance strategies and language support Network security High Availability Performance Information about Support Package Stacks, latest software versions and patch level requirements Information about Unicode technology Location on SAP Service Marketplace http://service.sap.com/instguides http://service.sap.com/businessmaps http://service.sap.com/quicksizer

http://service.sap.com/platforms To access the Platform Availability Matrix directly, enter http://service.sap.com/pam. http://service.sap.com/securityguide http://www.sdn.sap.com/irj/sdn/ha http://service.sap.com/performance http://service.sap.com/sp-stacks

http://www.sdn.sap.com/irj/sdn/i18n

1.2.2 Further Useful Links


The following table lists some further, useful, links on SAP Service Marketplace: Content Information about creating error messages SAP Notes search SAP Software Distribution Center (software download and ordering of software) SAP Online Knowledge Products (OKPs) role-specific Learning Maps Location on SAP Service Marketplace http://service.sap.com/messages http://service.sap.com/notes http://service.sap.com/swdc http://service.sap.com/rkt

June 2011

1 Getting Started

1.2.3 Related Master Guides


This Master Guide is based on the component Master Guides. You can find more information about the relevant components in the following documents: Title SAP NetWeaver 7.0 SAP ERP 6.0 Location http://service.sap.com/installNW70 Planning Master Guide [external link] service.sap.com/erp-inst SAP ERP 6.0 Planning Master Guide - SAP ERP 6.0 [external link] http://service.sap.com/erp-inst SAP ERP SAP ERP 6.0 SAP enhancement packages for SAP ERP 6.0 SAP enhancement package 5 for SAP ERP 6.0 Master Guide SAP Enhancement Package 5 for SAP ERP 6.0

SAP Enhancement Package 5 for SAP ERP 6.0

It should be considered that there are several documents available to support the installation of your product and its enhancement packages including: Master Guide Installation Guide Installation Guide: SAP Enhancement Package Installation Using SAP Enhancement Package Installer (SAPehpi) 7.02 Troubleshooting and Administration for Installations Using SAPehpi (ABAP) Practical Guide for How to Install SAP Enhancement Packages You can find all these guides on SAP Service Marketplace under service.sap.com/instguides where the installation guides of your products are located.

June 2011

1 Getting Started

1.3 Important SAP Notes


This section contains the most important SAP Notes for Manager Self-Service (WDA). You must read the first four before you start the installation. These SAP Notes contain the most recent information on the installation, as well as corrections to the installation documentation. You have to apply the remaining SAP Notes to the relevant systems, before installing the Manager Self-Service Add-On 1.0. You should ensure that you have the up-to-date version of each SAP Note, which you can find on SAP Service Marketplace at http://service.sap.com/notes. SAP Note Number 1576982 1582553 1582460 1588625 Title/ Description Installation of Add-On EAHR_MSS 1.0 Release Strategy for the ABAP Add-On EA-HR_MSS 1.0 EA-HR_MSS: Overview Note Release Information for Manager Self-Service Add-On 1.0 Remarks This note is for information only This note is for information only This note is for information only This Note contains release information and information on fixes from other application areas that are relevant for Manager Self-Service Add-On 1.0.

1555377

For Flex Team View, Correction to MSSDIREC Report to Accept User Corrections in Skills & Profile Matchup Components Technical Enhancement for Sideby-Side Comparison Nakisa Enhancements for MSS LPD: Function Module for Displaying Launchpad Two-Level Menu and Corrections to the Layout PFCG/WDA: Dump Using AutoDetect Short Profile for Object Type P BP ERP05 COMMON PARTS enhancements for MSS Add-On 1.0 This Note is required only when using MSS Add-On in SAP Enterprise Portal. This Note should be applied before installing the BP Manager Self Service Add-On 1.0. This Note is required only when using the embedded Organizational Chart Visualization provided by Nakisa.

1577068 1585244 1572200 1579466 1586617 1589335 1575074 1600151

1433225

Organizational Chart Visualization in Manager Self-Service

June 2011

2 Manager Self-Service (WDA)

2 Manager Self-Service (WDA)


Manager Self-Service (WDA) is a new SAP ERP self-service solution for the operative management level, based on Web Dynpro ABAP technology. This solution provides your managers with the applications they need to perform their tasks and gives them centralized access to all of the important data and information they require for their particular area of responsibility. The new technological basis enables a rich and harmonized user experience. Manager Self-Service (WDA) supports your managers in the following: Tasks related to their responsibilities for the personnel within their team Controlling tasks within their budgeting responsibilities Planning tasks Project management tasks Monitoring their own area of responsibility using reports and evaluations

Manager Self-Service (WDA) is available in two deployment options: SAP NetWeaver Portal role Business Package MSS Add-On 1.0 Manager Self-Service in SAP NetWeaver Business Client (NWBC) Some parts of the information in this Master Guide only apply to one of the two MSS (WDA) deployment options. Where this occurs, a comment is provided at the beginning of each such section, explaining which deployment option is valid. If not stated otherwise, the information given in the different sections of the Master Guide applies to both Manager Self-Service (WDA) deployment options.

2.1 Software Units of Manager Self-

Service (WDA)
The Software Units required for Manager Self-Service (WDA) are as follows: Software components Application components (Portal Content, etc.) Third-party components (external products)

Table: Software units for Manager Self-Service (WDA): Type of Component Software Component Software Component Software Component Software Component Software Component Component SAP_ABA 702 SAP_BS_FND 702 WEBCUIF 701 EA_HR 6.05 SAP_HR 6.04 Required for the Following Features Only

10

June 2011

2 Manager Self-Service (WDA)

Software Component Software Component Portal Content Software Component

EA-HR_MSS 1.0 ERECRUIT 605 Business Package SAP MSS Add-On 1.0 Organizational Chart Visualization by Nakisa (EMBORGCH605) Adobe Flash Player E-Recruiting applications in the Manager roles Deployment option SAP NetWeaver Portal Hierarchical team representation for the Team View application (optional) Team View and Talent Management applications and Xcelsius dashboards in the Reports launchpad

External Product

2.2 System Landscape


The following graphic shows the system landscape for Manager Self-Service (WDA) with the required software units and the required business functions:
System Landscape and Business Functions for MSS Add-On 1.0
SAP ECC Server
EA-HR_MSS 1.0

(Main) Product Instance: SAP ECC Server SAP NW EP Core

BF

HCM Business Function: HCM, MSS on Web Dynpo ABAP (HCM_MSS_WDA_1) BF

TU: Human Capital Management


TU: Human Capital Management (MSS Add-On) ABAP Software Components: EA-HR_MSS 1.0 EA-HR 605 SAP_HR 604

BF BF BF BF BF

EA-HR 605

BF
BF

SAP_HR 604

SAP NW EP Core
Portal Content

TU: Human Capital Management, HCM Self Services,


SAP_APPL 600 EA-APPL 600

... BP for Common Parts 1.5 ... BP MSS Add-On 1.0

Further HCM Business Functions: HCM, Administrative Services (HCM_ASR_CI_3) BF

SAP NetWeaver 702 TU = Technical Usage

TU: Human Capital Management

You need to activate the Business Function HCM_PD_UI_1 when you want to use the embedded Organizational Chart Visualization provided by Nakisa. For more information see Organizational Chart Visualization in Manager Self-Services Note 1433225.

11

June 2011

2 Manager Self-Service (WDA)

We strongly recommend that you use a minimal system landscape for test and demo purposes only. For performance, scalability, high availability, and security reasons, do not use a minimal system landscape as your production landscape.

2.3 Overall Implementation Sequence


Purpose
The following table describes the overall installation sequence for Manager Self-Service (WDA). For documentation listed in the following table, see References [page 39].

Process
Implementation Sequence Step Action [Required Documentation] 1 Installation of SAP enhancement package 5 for SAP ERP 6.0 on the SAP ECC server [Installation Guides] [external link] 2 3 SAP NetWeaver Portal with SAP NetWeaver 702 Installation of the MSS Add-On 1.0 on the SAP ECC server [MSS Add-On 1.0 Installation Note 1576982] 4 Activation of all required business functions. As a minimum, you have to activate the MSS Add-On business function HCM_MSS_WDA_1. Installation of BP ERP common parts 1.51 SP04 package Installation of the BP MSS Add-On 1.0 Only for deployment option SAP portal Only for deployment option SAP Portal Only for deployment option SAP Portal Note the prerequisites that have to be fulfilled before the installation (the required software components and notes) Remarks/Subsequent Steps

5 6

12

June 2011

3 Installation Information

3 Installation Information
This chapter gives you an overview of the installation process and the required component versions that have to be installed for Manager Self-Service (WDA). You need to install the stated versions of the following components: Software Component SAP_BASIS 702 SP07 Software Component SAP_ABA 702 SP07 Software Component SAP_BS_FND 702 SP05 Software Component WEBCUIF 701 SP04 Software Component SAP_HR 6.04 SP035 Software Component EA_HR 6.05 SP012 Software Component EA-HR_MSS 1.0 Software Component EMBORGCH605 (Where you use the embedded Organizational Chart Visualization provided by Nakisa.) For the latest component version and patch level requirements, see the MSS Add-On 1.0 Installation Note 1576982.

For the implementation of the MSS Add-On 1.0, you need the SAINT [external link] tool. There is no specific installation sequence required for the above mentioned software components.

For more detailed information on the installation process, see the MSS AddOn 1.0 Installation Note 1576982. After the installation of the technical software units for Manager Self-Service (WDA), you may also have to install the following components (as required): Portal Content Business Package MSS Add-On 1.0 (for deployment option SAP NetWeaver Portal) Organizational Chart Vizalisation by Nakisa (for the hierarchical team representation for the Team View application) Adobe Flash Player (for Team View, Time Recording Status for My Team and applications from Talent Management; if you want to use the Xcelsius dashboards in the Reports launchpad, you require Adobe Flash Player version 9 or higher) SAP NetWeaver 7.0 BI Content Add-On 5 SP01 (for BI reports in the Reports launchpad) Extension for SAP NetWeaver 7.02 BI Content Add-On (for Xcelsius dashboards in the Reports launchpad)

You also need to activate business function HCM, Manager Self-Service on Web Dynpro ABAP (HCM_MSS_WDA_1).

13

June 2011

4 Operation Information

4 Operation Information
This chapter provides you with the most important information regarding the operation of Manager Self-Service (WDA). Within the management of SAP Technology, monitoring is an essential task. A section has therefore been devoted solely to this subject. You can find more information about the underlying technology in the SAP NetWeaver Technical Operations Manual on SAP Help Portal at help.sap.com/nw for SAP NetWeaver 7.0 (including Enhancement Package 2) SAP NetWeaver 7.0 Library English SAP NetWeaver LibraryAdministrators Guide Technical Operations Manual for SAP NetWeaver.

4.1 Monitoring of MSS (WDA)


Proactive, automated monitoring is the basis for ensuring reliable operations for your SAP system environment. SAP provides you with the infrastructure and recommendations needed to set up your alert monitoring to recognize critical situations within your system landscape. Manager Self-Service Add-On 1.0 is based on SAP enhancement package 5 for SAP ERP 6.0 which itself is based on SAP NetWeaver technology, so you can use standard SAP NetWeaver monitoring tools. This includes the Computing Center Management System (CCMS). With the monitoring architecture of the CCMS, SAP provides an infrastructure with which you can monitor your IT landscape centrally. The monitoring architecture is delivered with every SAP NetWeaver Application Server. The architecture runs on every SAP NetWeaver Application Server and can be extended to include additional SAP and non-SAP components. The concept of the monitoring architecture is to make all required information available in a central monitoring system, such as alerts or log files. For more information about the CCMS, see SAP Help Portal at help.sap.com/nw for SAP NetWeaver 7.0 (including Enhancement Package 2) SAP NetWeaver 7.0 Library English SAP NetWeaver LibraryAdministrators Guide Technical Operations Manual for SAP NetWeaver.

4.1.1 Detailed Monitoring for SAP ERP Components


The information regarding detailed monitoring for SAP ERP components, in the Solution Operation Guide SAP ERP 6.0, is also valid for Manager Self-Service (WDA). The Solution Operation Guide can be found here: service.sap.com/instguides SAP Business Suite Applications SAP ERP SAP ERP 6.0 Operations. For ERP-specific information, see Chapter Detailed Monitoring of SAP ERP Components. Since Manager Self-Service (WDA) can be integrated with SAP E-Recruiting, the following information is relevant: Individual alert monitoring is required for SAP E-Recruiting. In SAP E-Recruiting, the application log (transaction SLG1) and the standard monitoring of SAP Web AS is used.

4.1.2 Trace and Log Files


Logging and tracing for ABAP components is done using transaction SLG1. An Application Log comprises a log header and a set of messages. The log header contains general data

14

June 2011

4 Operation Information

(type, created by/on, etc.). Each log in the database also has the attributes Object and Subobject. These attributes describe the application which wrote the log, and classify this application. For Manager Self-Service (WDA), no specific Log Objects / Sub-objects exist. Data tracking is available for some applications in Manager Self-Service (WDA), see also chapter Security-Relevant Logging and Tracing [page 36].

4.2 Support Packages and Patch Implementation


For Manager Self-Service (WDA), the following OSS message component can be used by customers for reporting problem messages: CA-MSS-HCM

The release strategy and information regarding support packages for Manager Self-Service (WDA) is explained in SAP Note 1582553.

15

June 2011

5 Security Information

5 Security Information
This chapter of the Master Guide provides an overview of the security-relevant information that applies to Manager Self-Service (WDA). The following deployment options are available for Manager Self-Service (WDA): Business Package for MSS Add-On 1.0 This Business Package is a classic SAP Business Package that runs in the SAP NetWeaver Portal. The Portal role consists of worksets and iViews based on Web Dynpro ABAP technology. Manager Self-Service in SAP NetWeaver Business Client The role structure for this deployment option is maintained in the back-end system with the SAP role maintenance transaction PFCG. All applications available with this role are based on Web Dynpro ABAP technology.

Some parts of the security information in this chapter only apply to one of the MSS (WDA) deployment options. Where this occurs, a comment is provided at the beginning of each such section, explaining which deployment option is valid. If not stated otherwise, the security information in this chapter applies to both MSS deployment options. See also: For more information about the roles in SAP NetWeaver Portal, see SAP Library for SAP ERP on SAP Help Portal at http://help.sap.com/erp Cross-Application Functions in SAP ERP Roles Business Packages (Portal Content). For more information about the roles in SAP NetWeaver Business Client, see SAP Library for SAP ERP on SAP Help Portal at http://help.sap.com/erp CrossApplication Functions in SAP ERP Roles Roles in SAP NetWeaver Business Client. For more information about SAP NetWeaver Business Client, see SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver SAP NetWeaver by Key Capability Application Platform by Key Capability ABAP Technology UI Technology SAP NetWeaver Business Client.

Reference to General Information in the SAP ERP Central Component Security Guide
The following security-related topics from the SAP ERP Central Component Security Guide are valid for SAP ERP Central Component in general and are also valid for Manager Self-Service (WDA): Before You Start This topic provides an overview of other Security Guides that are a basis for the SAP ERP Central Component Security and of important SAP Notes regarding security.

16

June 2011

5 Security Information

User Data Synchronization This topic provides an overview of the user synchronization strategy if several components or products are integrated.

Integration in Single Sign-On Environments This topic provides an overview of the single sign-on (SSO) mechanisms that are used by SAP ERP Central Component.

Communication Channel Security The topic provides an overview of the communication channels used by SAP ERP Central Component, the protocol used for the connection, and the type of data transferred.

Data Storage Security This topic provides an overview of any critical data that is used by SAP ERP Central Component and the security mechanisms that apply.

Enterprise Services Security This topic provides an overview of the security aspects of the enterprise services that are delivered with SAP ERP Central Component.

Services in Lifecycle Management for Security This topic provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis. For more information, see the SAP ERP Central Component Security Guide in SAP Library for SAP ERP on SAP Help Portal at http://help.sap.com/erp for ERP Central Component Enhancement Package 5 under SAP ERP Cross-Application Functions SAP ERP Security Guides SAP ERP Central Component Security Guide.

Overview of the Main Sections of This Chapter


This chapter comprises the following sections with security-related topics specific to Manager Self-Service (WDA): Before You Start [page 19] This section comprises references to other Security Guides that are relevant for Manager Self-Service (WDA) and a list of the most important notes for Manager SelfService (WDA) regarding security. Technical System Landscape [page 21] This section provides an overview of the technical components and communication paths that are used by Manager Self-Service (WDA). User Administration and Authentication [page 22] This section provides an overview of the following user administration and authentication aspects for Manager Self-Service (WDA):

17

June 2011

5 Security Information

User Management [page 22] This section contains information about the user types that are required by Manager Self-Service (WDA) and standard users for Manager Self-Service (WDA).

Integration into Single Sign-On Environments [page 24] This topic describes how the Manager Self-Service (WDA) supports Single Sign-On mechanisms.

Authorizations [page 24] This section provides an overview of the authorization concept that applies to Manager Self-Service (WDA).

Session Security Protection [page 27] This section provides information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s).

Network and Communication Security [page 28] This section provides an overview of the communication paths used by Manager Self-Service (WDA) and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level: o o Network Security [page 29] Communication Destinations [page 29]

Internet Communication Framework Security [page 32] This section provides an overview of the Internet Communication Framework (ICF) services that are used by Manager Self-Service (WDA).

Security-Relevant Logging and Tracing [page 36] This section provides an overview of the logging and tracing mechanisms that apply to Manager Self-Service (WDA).

18

June 2011

5 Security Information

5.1 Before You Start


Manager Self-Service (WDA) uses specific SAP NetWeaver components. Therefore, the corresponding Security Guides also apply to Manager Self-Service (WDA). You should pay particular attention to the most relevant sections or specific restrictions (if any) in the following table.

Fundamental Security Guides


Scenario, Application, or Component Security Guide SAP NetWeaver Application Server ABAP Security Guide Only relevant for deployment option Business Package for MSS Add-On 1.0: SAP NetWeaver Application Server Java Security Guide Web Dynpro ABAP Security Guide [external link] SAP Interactive Forms by Adobe Security Guide [external link] Only relevant for applications from Talent Management and Talent Development (PATM): Security Guide for Embedded Search [external link] For a complete list of the available SAP Security Guides, see SAP Service Marketplace at http://service.sap.com/securityguide. Most Relevant Sections or Specific Restrictions SAP Authorization Concept [external link] User Administration and Authentication Authorizations [external links]

Important SAP Notes


The most important SAP Notes that apply to the security of Manager Self-Service (WDA) are listed in the table below. Title CO Form Reports: Authorization Concept SAP Note 15211

For a list of additional security-relevant SAP Hot News and SAP Notes, see also SAP Service Marketplace at http://service.sap.com/securitynotes.

19

June 2011

5 Security Information

Additional Information
For more information about specific topics, see the Quick Links shown in the table below. Content Quick Link on SAP Service Marketplace or SDN http://sdn.sap.com/irj/sdn/security http://service.sap.com/securityguide http://service.sap.com/notes Related SAP Notes http://service.sap.com/securitynotes http://service.sap.com/pam http://service.sap.com/securityguide http://service.sap.com/solutionmanager http://sdn.sap.com/irj/sdn/netweaver http://www.sdn.sap.com/irj/sdn/adobe

Security Security Guides

Released Platforms Network Security SAP Solution Manager SAP NetWeaver SAP Interactive Forms by Adobe

20

June 2011

5 Security Information

5.2 Technical System Landscape


The graphic below shows an overview of the technical system landscape for Manager SelfService (WDA): Graphic: Technical System Landscape for Manager Self-Service (WDA):
Front-End Clients
Web Browser SAP NetWeaver Business Client

BI Server (optional)
SAP NetWeaver 7.02 Usage Type BI

SAP NetWeaver Portal


BP MSS Add-On 1.0

AS ABAP Server (with SAP ERP)

SAP NetWeaver Business Client for HTML

SAP ECC Server (with SAP Enhancement Package 5 for SAP ERP 6.0 and MSS Add-On 1.0)

Communication Protocols: HTTP(S) RFC

As the graphic shows, Manager Self-Service (WDA) can be used with SAP NetWeaver Portal or with either of the two SAP NetWeaver Business Client flavors: NWBC for HTML NWBC for Desktop

For more information, see SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver SAP NetWeaver by Key Capability Application Platform by Key Capability ABAP Technology UI Technology SAP NetWeaver Business Client Overview . For more information about the technical system landscape, see the resources listed in the table below. Topic Technical description for SAP ERP and the underlying components such as SAP NetWeaver High availability Guide/Tool Master Guide Quick Link on SAP Service Marketplace or SDN http://service.sap.com/instguides

High Availability for SAP Solutions

http://sdn.sap.com/irj/sdn/ha

21

June 2011

5 Security Information

Technical landscape design Security

See applicable documents See applicable documents

http://sdn.sap.com/irj/sdn/landscapedesign http://sdn.sap.com/irj/sdn/security

5.3 User Administration and Authentication


User management for Manager Self-Service (WDA) uses the mechanisms provided with the SAP NetWeaver Application Server ABAP and Java: The security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Application Server ABAP Security Guide apply to Manager Self-Service in SAP NetWeaver Business Client and as described in the SAP NetWeaver Application Server Java Security Guide apply to the Business Package for MSS Add-On 1.0. In addition to these guidelines, information about user administration and authentication that specifically applies to Manager Self-Service (WDA) is included in the following sections: User Management [page 22] Integration into Single Sign-On Environment [page 24]

Also note the sections on user administration and authentication in the SAP ERP Central Component Security Guide in SAP Library for SAP ERP on SAP Help Portal at http://help.sap.com/erp for SAP ERP Central Component Enhancement Package 5 under SAP ERP Cross-Application Functions SAP ERP Security Guides SAP ERP Central Component Security Guide User Administration User Data Synchronization Integration in Single Sign-On Environments

5.3.1 User Management


User management for Manager Self-Service (WDA) uses the mechanisms provided with the SAP NetWeaver Application Server ABAP and Java (for example, tools, user types, and password policies). For an overview of how these mechanisms apply for Manager Self-Service (WDA), see the sections below.

User Administration Tools


The table below shows the tools for user management and user administration with Manager Self-Service (WDA).

22

June 2011

5 Security Information

User Management Tools Tool User maintenance for ABAPbased systems (transaction SU01) Role maintenance (transaction PFCG) Detailed Description You use the user maintenance transaction to generate users in the ABAPbased systems. You use the role maintenance transaction to generate profiles for your self-service users. For more information, see User and Role Administration of AS ABAP. User Management Engine with SAP NetWeaver AS Java You use this User Management Engine for creating Portal users. For more information, see User Management Engine. Used for the Business Package for MSS Add-On 1.0 Comment Used for both MSS deployment options

Used for both MSS deployment options

For the Business Package deployment option, it is necessary to perform user mapping for the users in the ABAP system and the Portal. For more information, in the SAP Library documentation for Manager Self-Service (WDA), see under Technical Description and Configuration of MSS (WDA) Configuration: Business Package for Manager Self-Service (WDA) Assigning Portal Roles to Users.

User Types
It is often necessary to specify different security policies for different types of users. For example, your policy may specify that individual users who perform tasks interactively must change their passwords on a regular basis, but not those users for which background processing jobs run. The user types required for the Manager Self-Service (WDA) are individual users, such as: Dialog users (Used for SAP GUI for Windows or RFC connections) Internet users (Same policies apply as for dialog users, but used for Internet connections).

For more information about these user types, see section User Types in the SAP NetWeaver AS ABAP Security Guide.

For the Business Package for MSS Add-On 1.0, it is recommended that you set up the connection between the SAP NetWeaver Portal and the connected systems (ECC system, J2EE Engine, BI system) so that each individual user has access. This does not apply to Manager Self-Service in SAP NWBC. For more information, see section Communication Destinations [page 29].

23

June 2011

5 Security Information

Standard Users
For Manager Self-Service (WDA), no standard users are delivered.

5.3.2 Integration into Single Sign-On Environments


Manager Self-Service (WDA) supports the Single Sign-On (SSO) mechanisms provided by SAP NetWeaver. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Security Guide also apply to Manager Self-Service (WDA). For more information about the available authentication mechanisms, see User Authentication and Single Sign-On in the SAP NetWeaver Library and Integration in Single Sign-On Environments in the SAP ERP Central Component Security Guide.

Configuration of Web Services with Client Certificates


For MSS (WDA) applications of the Business Package for MSS Add-On 1.0, the use of client certificates should be configured for authentication when users access the J2EE Engine using an end-to-end connection. To achieve this, in the SAP NetWeaver Application Server Java Security Guide follow the instructions under Configuring the Use of Client Certificates for Authentication.

5.4 Authorizations
Manager Self-Service (WDA) uses the authorization concept provided by the SAP NetWeaver AS ABAP. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP also apply to Manager SelfService (WDA). The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role maintenance, use the profile generator (transaction PFCG) on the AS ABAP and the User Management Engines user administr ation console on the AS Java.

For more information about how to create roles, see in the SAP NetWeaver Library on SAP Help Portal at http://help.sap.com/nw under Role Administration.

Role and Authorization Concept for Manager Self-Service (WDA)


Manager Self-Service (WDA) embraces applications from a variety of components and also uses the authorizations of these individual components. Many services belong to HCM components. For more information, see in the SAP ERP Central Component Security Guide in SAP Library for SAP ERP on SAP Help Portal at http://help.sap.com/erp for ERP Central Component Enhancement Package 5 under SAP ERP Cross-Application Functions SAP ERP Security Guides SAP ERP Central Component Security Guide Human Resources Authorizations.

24

June 2011

5 Security Information

For Manager Self-Service (WDA), we highly recommend that you use the HCMspecific structural authorization check in addition to the general SAP authorization check. For more information see SAP Library for SAP ERP on SAP Help Portal at http://help.sap.com/erp SAP ERP Central Component Human Resources HR Tools Authorizations for Human Resources Structural Authorization Check.

Standard Roles
The table below shows the standard roles that are used for authorizations by Manager SelfService (WDA). Standard Roles for Manager Self-Service (WDA) Role SAP_ASR_MANAGER Description Authorizations for the functions of the PA-AS component (HR Administrative Services) for line managers. Authorizations for line managers in Manager Self-Service (WDA) for applications used to approve leave requests and working times from Employee Self-Service (WDA). Authorizations for managers relating to Talent Management activities. For more information, see Manager in Talent Management [external link]. The structural authorization profile TMS_MAN_PROF is also available as a template for the manager. For more information, see Customizing for Talent Management and Talent Development under Basic Settings Authorizations in Talent Management Define Structural Authorizations. SAP_RCF_MANAGER SAP_MANAGER_MSS_OTH_NWBC Authorizations for the Manager role, which enables access to SAP E-Recruiting Authorizations for remote system applications including applications from SAP E-Recruiting Authorizations for the applications of the HR Manager Training role of the SAP Learning Solution component Authorizations for the applications of the Manager role of the SAP Learning Solution component

SAP_TIME_MGR_XX_ESS_WDA_1

SAP_TMC_MANAGER

SAP_HR_LSO_HR-MANAGER

SAP_HR_LSO_MANAGER

25

June 2011

5 Security Information

SAP_FI_TV_WEB_APPROVER

Authorizations for applications of the Travel Approver role of the SAP Travel Management component Authorizations for applications of the manager role of the Personnel Cost Planning component Authorizations for MSS (WDA) applications

SAP_HR_CPS_DET_PLAN_L_SR_NWBC

SAP_MANAGER_MSS_SR_NWBC_2

The composite role SAP_MANAGER_MSS_NWBC_2, which contains the single roles listed above, is required for the SAP NetWeaver Business Client deployment option of Manager Self-Service (WDA).

Standard Authorization Objects


The following table provides an overview of the security-relevant authorization objects that are used by Manager Self-Service (WDA). Standard Authorization Objects for Controlling Services in MSS (WDA) (Both Deployment Options): Authorization Object K_CCA Description General authorization object for Cost Center Accounting. This is checked in the relevant Monitor iViews, Master Data iViews, and Express Planning services. K_ORDER General authorization object for internal orders. This is checked in the relevant Monitor iViews, Master Data iViews, and Express Planning services. K_PCA Area responsible, Profit Center. This is checked in the relevant Monitor iViews, Master Data iViews, and Express Planning services. K_CSKS_PLA Cost element planning. This is checked in the relevant Express Planning services. K_FPB_EXP Authorization object for Express Planning. This authorization object checks the Express Planning Framework call and the planning round call. The actual plan data is protected by the authorization objects for the individual Express Planning services.

26

June 2011

5 Security Information

For more information about the fields for the authorization objects K_CCA, K_ORDER, and K_PCA, see SAP Note 15211. Apart from these authorization objects, both Manager Self-Service (WDA) deployment options use the authorization objects from the following application areas or application components: Human Capital Management [external link] See the SAP ERP ECC Security Guide at Human Capital Management Authorizations. SAP E-Recruiting [external link] See the SAP ERP ECC Security Guide at Human Capital Management Talent Management SAP E-Recruiting Authorizations. HCM Processes and Forms [external link] See the SAP ERP ECC Security Guide at Human Capital Management Personnel Administration (PA) HCM Processes and Forms Authorizations. Travel Management [external link] See the SAP ERP ECC Security Guide at Accounting Financial Accounting Travel Management (FI-TV).

Authorizations for Business Intelligence (BI) iViews (BP MSS)


For the BI iViews in the Business Package for MSS Add-On 1.0, users need the standard BI authorizations for executing queries. For more information, see Authorization Check When Executing a Query (in the Data Warehouse Management section of the documentation for SAP NetWeaver Business Intelligence). In Human Capital Management, BI queries use a BI variable for personalization. Data is read from the DataStore object for personalization 0PERS_VAR. If required, you can fill this DataStore Object from structural authorizations (see Structural Authorizations - Values [external link] (0PA_DS02) and Structural Authorizations - Hierarchy [external link] (0PA_DS03)).

More Information
For more information, see the SAP Help Portal BI Content documentation for Human Resources at http://help.sap.com SAP NetWeaver SAP NetWeaver by Key Capability Information Integration by Key Capability BI Content BI Content 705 Human Resources Organizational Management ODS Objects.

5.5 Session Security Protection


To increase security and prevent access to the SAP logon ticket and security session cookie(s), it is recommended that you activate secure session management. We also highly recommend using SSL to protect the network communications where these security-relevant cookies are transferred.

27

June 2011

5 Security Information

Session Security Protection on the AS ABAP


The following section is relevant for Manager Self-Service in SAP NetWeaver Business Client: To prevent access in javascript or plug-ins to the SAP logon ticket and security session cookies (SAP_SESSIONID_<sid>_<client>),you can activate secure session management. With an existing security session, users can then start applications that require a user logon without logging on again. When a security session is ended, the system also ends all applications that are linked to this security session. Use the transaction SICF_SESSIONS to specify the following parameter values shown in the table below in your AS ABAP system: Session Security Protection Profile Parameters Profile Parameter icf/set_HTTPonly_flag_on_cookies login/ticket_only_by_https Recommended Value 0 1 Comment Client-Dependent Not ClientDependent

For more information, including a list of the relevant profile parameters and detailed instructions, see Activating HTTP Security Session Management on AS ABAP in the AS ABAP security documentation.

Session Security Protection on the AS Java


The following section is relevant for the Business Package for MSS Add-On 1.0: In the Config Tool, edit the following properties for the Web Container service, which control security-related aspects of HTTP sessions: Property SessionIdRegenerationEnabled SystemCookiesDataProtection SystemCookiesHTTPSProtection Recommended Value true true true

For more information and detailed instructions, see Session Security Protection [external link] in the AS Java Security Guide.

5.6 Network and Communication Security


Your network infrastructure is extremely important in protecting your system. Your network needs to support the communication necessary for your business needs without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system level and application level) or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the back-end systems database or files. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit wellknown bugs and security holes in network services on the server machines.

28

June 2011

5 Security Information

The network topology for Manager Self-Service (WDA) is based on the topology used by the SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to Manager Self-Service (WDA). Details that specifically apply to Manager Self-Service (WDA) are described in the following topics: Network Security [page 29] This topic describes the recommended network topology for Manager Self-Service. It shows the appropriate network segments for the various client and server components and where to use fire walls for access protection. It also includes a list of the ports needed to operate Manager Self-Service. Communication Destinations [page 29] This topic describes the information needed for the various communication paths, for example, which users are used for which communications. For more information, see the following sections in the SAP NetWeaver Security Guide: Network and Communication Security Security Guides for Connectivity and Interoperability Technologies

5.6.1 Network Security


Manager Self-Service (WDA) runs on SAP NetWeaver and uses the ports from the AS ABAP (for Manager Self-Service in SAP NWBC) and from the AS Java (for the Business Package for MSS Add-On 1.0). For more information, see the topics for AS ABAP Ports and AS Java Ports in the corresponding SAP NetWeaver Security Guides. For other components, for example, SAPinst, SAProuter, or the SAP Web Dispatcher, see also the document TCP/IP Ports Used by SAP Applications, which is located on SAP Developer Network at http://sdn.sap.com/irj/sdn/security under Infrastructure Security Network and Communications Security.

5.6.2 Communication Destinations


The tables below provide an overview of the communication destinations required for the two MSS (WDA) deployment options. Manager Self-Service in SAP NetWeaver Business Client For this deployment option, you have to maintain RFC connections using the transaction SM59, see also the following table 1.

29

June 2011

5 Security Information

Table 1: Connection Destinations for Manager Self-Service in NWBC Destination Delivered No SAP_ECC_HumanResources Type ABAP connection Recommended User Authorizations n/a Description System alias for the ECC HCM system System alias for the ECC HCM system System alias for the ECC FI system for Financials applications System alias for the ECC FI system for Financials applications System alias for the SAP ERecruiting system System alias for the SAP ERecruiting system System alias for connecting to BW system

No SAP_ECC_HumanResources_HTTP

HTTP connection

n/a

No SAP_ECC_FINANCIALS

ABAP connection

n/a

No SAP_ECC_FINANCIALS_HTTP

HTTP connection

n/a

No SAP_EREC_TalentManagement

ABAP connection

n/a

No SAP_EREC_TalentManagement_HTTP

HTTP connection

n/a

No SAP_BW

HTTP connection

n/a

Business Package for MSS Add-On 1.0 For this deployment option, you need to set up the system landscape for which you assign the required system aliases. This is required for the iViews to connect to the appropriate back-end systems. Table 2 shows an overview of the system aliases used by the applications in the Business Package for MSS Add-On 1.0.

30

June 2011

5 Security Information

Table 2: System Aliases Used in the BP for MSS Add-On 1.0 Destination Delivered Type Entry in Portal System Landscape Administration Entry in Portal System Landscape Administration Entry in Portal System Landscape Administration Entry in Portal System Landscape Administration Recommended User Authorization n/a Description

SAP_ECC_Human_ Resources SAP_ECC_Financ ials SAP_EREC_Talen tManagement

Yes

System alias for the ECC HCM system System alias for the ECC Financials system System alias for the SAP E-Recruiting system System alias for connecting to the BW system

Yes

n/a

Yes

n/a

SAP_BW

Yes

n/a

For this deployment option, you also have to set up the required SAP Java Connector (JCo) connections on the Web Dynpro J2EE server. This is required in case you have work items coming from other systems into the Universal Worklist (UWL).

You only have to set up the JCo Connections for those areas from which you want to have work items in the UWL for the manager. The table below gives you an example of JCo Connections required for the Leave and ClockIn/Out work item retrieval. Table 3: Example JCo Connections Required for the BP for MSS Add-On 1.0 Destination SAP_R3_HumanRe sources SAP_R3_HumanRe sources_MetaDa ta Delivered Type Recommended User Authorization SSO ticket Description JCo connection for the HCM system JCo connection for the HCM system

Yes

JCo connection

Yes

JCo connection

Service user

More Information
For the Business Package for MSS Add-On 1.0, see the documentation in SAP Library for SAP ERP Add-Ons for Manager Self-Service Add-On 1.0 under SAP ERP Central Component Cross-Application Functions in SAP ERP Roles Business Packages (Portal Content) Business Package for MSS Add-On 1.0 Configuration: MSS (WDA) in SAP NetWeaver Portal Setting Up the System Landscape Setting Up JCo Connections for MSS

31

June 2011

5 Security Information

5.7 Internet Communication Framework Security


You should only activate the services needed for the applications running in your system. For Manager Self-Service in SAP NetWeaver Business Client, the following services are needed which you can find under the path default_host/sap/bc/webdynpro/sap/: For applications from the Suite Inbox (CA-EPT-IBO): IBO_WDA_INBOX

For MSS (WDA) applications (CA-MSS-HCM): HRMSS_HOMEPAGE HRMSS_COMPETENCY_LONG_VIEW HRMSS_TEAM_DETAIL HRMSS_TALENT_HOME_PAGE HRMSS_EMPOVERVIEW_TEAMVIEWER HRMSS_EMP_OVERVIEW_PROFILE hrmss_Organizational_profile HRMSS_ORGPROFILE_TEAMVIEWER HRMSS_POSITION_PROFILE HRMSS_POSPROFILE_TEAMVIEWER hrmss_side_by_side HRMSS_OADP_REPORTING HRMSS_REPORTING_LAUNCHPAD HRMSS_A_CATS_APPROVAL_1 hrmss_a_cico_appr HRMSS_TEAM_PAGE hrmss_timevacation_timeaccount

For applications from HCM Processes and Forms (PA-AS): asr_form_display asr_mass_start_process asr_pa_pd_processes_display

32

June 2011

5 Security Information

asr_processes_display ASR_PROCESS_EXECUTE_FPM asr_process_select asr_srch_pd_process

For applications from Cross-Application Time Sheet (CA-TS) and Personal Time Management (PT): HRMSS_A_CATS_APPROVAL HRESS_A_PTARQ_LEAVREQ_APPL HRESS_A_LEA_TEAM_CALENDAR

For applications from Talent Management and Talent Development (PA-TM): HRTMC_EMPLOYEE_PROFILE HRTMC_LONG_PROFILE hrtmc_side_by_side HRTMC_TA_ASSESSMENT HRTMC_TA_DASHBOARD HRTMC_TA_DEV_PLAN hrtmc_teamviewer

For applications from Performance Management (PA-PD-PM): HAP_MAIN_DOCUMENT HAP_START_PAGE_POWL_UI_MSS HAP_A_PMP_GOALS HAP_A_PMP_OVERVIEW HAP_A_PMP_MAIN

For applications from Enterprise Compensation Management (PA-ECM): HCM_ECM_PLANNING_OVERVIEW_OIF HCM_ECM_PLANNING_UI_GAF HCM_ECM_PROFILE_OIF HCM_ECM_SIDEBYSIDE_OIF HCM_ECM_TEAMVIEWER_OIF

33

June 2011

5 Security Information

For applications from Personnel Cost Planning (PA-CP): WDA_HCP_DET_PLAN

For applications from SAP Learning Solution (PE-LSO): LSO_MANAGE_PARTICIPANTS LSO_MANAGE_MANDATORY_ASSIGN

For applications from SAP E-Recruiting (PA-ER): default_host/sap/bc/erecruiting/dataoverview hrrcf_a_dataoverview hrrcf_a_requi_monitor hrrcf_a_req_assess hrrcf_a_tp_assess hrrcf_a_qa_mss hrrcf_a_substitution_manager hrrcf_a_substitution_admin

You activate the services in Customizing for SAP E-Recruiting at Technical Settings User Interfaces Manager Involvement Specify E-Recruiting Services for MSS. For applications from Travel Management (FI-TV): FITV_POWL_APPROVER FITV_TRIP_FORM FITV_POWL_PERSONALIZATION

34

June 2011

5 Security Information

For applications from the Financials (FI) application area: QISR_UI_STATUSOVERVIEW FPB_EXP_OVERVIEW FCOM_PBC_MONITOR FPB_VARIANCE_MONITOR_OVERVIEW FCOM_EQM_MONITOR FPB_LINEITEM_MONITOR_OVERVIEW

Activities
Use the transaction SICF to activate these services. If your firewalls use URL filtering, then take note of the URLs used for the services and adjust your firewall settings accordingly.

More Information
For more information, see Activating and Deactivating ICF Services in the SAP NetWeaver Library documentation. For more information about ICF security, see the RFC/ICF Security Guide.

35

June 2011

5 Security Information

5.8 Security-Relevant Logging and Tracing


Manager Self-Service (WDA) relies on the logging and tracing mechanisms from SAP NetWeaver. For more information, see the following topics: For the AS ABAP (relevant for Manager Self-Service in SAP NetWeaver Business Client): o o Auditing and Logging Tracing and Logging (for NWBC)

For the AS Java (relevant for the Business Package for MSS Add-On 1.0): o Tracing and Logging

For Manager Self-Service (WDA) data tracking is activated for the profile applications that are in the standard delivery: Employee Profile Organization Profile Position Profile

For more information, see in the SAP Customizing Implementation Guide (transaction SPRO) under Personnel Management Manager Self-Service (WDA) Data Tracking.

You will only be able to see the Customizing settings for Manager SelfService (WDA) if the required business function HCM_MSS_WDA_1 is activated in the relevant system.

36

June 2011

6 Upgrade Information

6 Upgrade Information
For regularly updated release and upgrade information, see the following SAP Notes: Note Number 1582553 1588625 Title / Description Release Strategy for the ABAP Add-On EA-HR_MSS 1.0 Release information for Manager Self-Service Add-On 1.0

37

June 2011

7 Solution-Wide Topics

7 Solution-Wide Topics
In this section, you find a table with the references to information about the main technologies used for Manager Self-Service (WDA).

List of References
The following table lists references to technologies used for Manager Self-Service (WDA): Title Web Dynpro ABAP Where to Find SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver for SAP NetWeaver 7.0 including Enhancement Package 2 SAP NetWeaver 7.0 Library (including Enhancement Package 2) English SAP NetWeaver SAP NetWeaver by Key Capability Application Platform by Key Capability ABAP Technology UI Technology Web UI Technology Web Dynpro ABAP SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver for SAP NetWeaver 7.0 including Enhancement Package 2 SAP NetWeaver 7.0 Library (including Enhancement Package 2) English SAP NetWeaver SAP NetWeaver by Key Capability Application Platform by Key Capability ABAP Technology UI Technology Web UI Technology Floorplan Manager for Web Dynpro ABAP

Floorplan Manager

38

June 2011

8 References

8 References
List of Documents
The following table lists all documents mentioned in this Master Guide: Title SAP NetWeaver Security Guide Where to Find SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver for SAP NetWeaver 7.0 including Enhancement Package 2 SAP NetWeaver 7.0 Library (including Enhancement Package 2) English SAP NetWeaver Administrators Guide SAP NetWeaver Security Guide SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver for SAP NetWeaver 7.0 including Enhancement Package 2 SAP NetWeaver 7.0 Library (including Enhancement Package 2) English SAP NetWeaver Administrators Guide SAP NetWeaver Security Guide Security Guides for SAP NetWeaver According to Usage Types SAP NetWeaver Application Server ABAP Security Guide SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver for SAP NetWeaver 7.0 including Enhancement Package 2 SAP NetWeaver 7.0 Library (including Enhancement Package 2) English SAP NetWeaver Administrators Guide SAP NetWeaver Security Guide Security Guides for SAP NetWeaver According to Usage Types SAP NetWeaver Application Server Java Security Guide SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver for SAP NetWeaver 7.0 including Enhancement Package 2 SAP NetWeaver 7.0 Library (including Enhancement Package 2) English SAP NetWeaver Administrators Guide SAP NetWeaver Security Guide Security Guides for Connectivity and Interoperability Technologies RFC/ICF Security Guide SAP Library for SAP ERP on SAP Help Portal at http://help.sap.com/erp for ERP Central Component Enhancement Package 5 under SAP ERP CrossApplication Functions SAP ERP Security Guides SAP ERP Central Component Security Guide

SAP NetWeaver Application Server ABAP Security Guide

SAP NetWeaver Application Server Java Security Guide

RFC/ICF Security Guide

SAP ERP Central Component Security Guide

39

June 2011

8 References

SAP NetWeaver Business Client documentation

SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver for SAP NetWeaver 7.0 including Enhancement Package 2 SAP NetWeaver 7.0 Library (including Enhancement Package 2) English SAP NetWeaver SAP NetWeaver by Key Capability Application Platform by Key Capability ABAP Technology UI Technology SAP NetWeaver Business Client Overview

40

June 2011

9 Media List

9 Media List
The following table provides you with the information, on which data carrier you can find the software for the MSS Add-On 1.0: Installable Software Unit EA-HR_MSS 1.0 Media Name CD51040897

41

June 2011

You might also like