Best Practice 6.3 – Protect the
database and the application
Security vigilance is imperative at the database and application layers, as a malicious actor gaining access at even a read-only level could compromise the security of critical business data. In all cases, follow the standard SAP best practices for database access protection and application security. These apply to both on-premises and cloud-based installations, and there are guidelines for each supported underlying database for SAP systems.
Suggestion 6.3.1 Follow SAP guidance on database security for your chosen database
Refer to the following for appropriate guidelines:
| Database | Documentation |
|---|---|
| SAP HANA |
|
| SAP ASE | SAP Documentation: Security Administration in SAP ASE |
| IBM Db2 | (Consult SAP or Vendor documentation for guidance) |
| Oracle | SAP Documentation: SAP Database Guide - Oracle |
| Microsoft SQL Server | SAP Note: 3019299 - Security Audit
Questions or Security Customization in NetWeaver and SQL Server systems |
| SAP MaxDB | SAP Documentation: SAP
MaxDB Security Guide |
Suggestion 6.3.2 – Follow SAP guidance on application security
For SAP NetWeaver-based solutions, prescriptive guidance can be found in the SAP NetWeaver Security Guide.
-
SAP Documentation: ABAP Platform Security Guide
