IBP Security Guide

SECURITY GUIDE | PUBLIC
Document Version: 1.5 – 2020-04-09
Security Aspects
For SAP Integrated Business Planning 2002
© 2020 SAP SE or an SAP affiliate company. All rights reserved.
THE BEST RUN

Content
1 Security Aspects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Technical System Landscape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Roles and Authorizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4 Data Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.1 Permission Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Manage Permission Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Permission Filters in IBP Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
4.2 Manage Attribute Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Attribute Permissions in IBP Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5 Security of Data Centers and External Auditing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6 Data Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
7 Secure Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

7.1 Secure Communication for Inbound Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
7.2 Secure Communication for Outbound Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
7.3 Maintain Certificate Trust List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
7.4 Maintain Clickjacking Protection Whitelist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
7.5 Manage Content Security Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Content Security Policy (CSP) in Blocking Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
8 Data Protection and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

8.1 Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.2 Master Data Records. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.3 Business User Records. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
8.4 Relevant Business Catalogs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
9 Display Security Audit Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

9.1 How to Display the Audit Analysis Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
9.2 How to Configure a Personalized View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
10 Virus Scanning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Security Aspects
2 PUBLIC Content
1 Security Aspects
Security has always been an important element for the complete product life cycle of all SAP products,
including product development, planning, and quality-assurance. Like the other SAP Products, SAP Integrated
Business Planning (IBP) was designed to fulfill the highest security standards which guarantee the safety of
your data both from web attacks and from attacks in the cloud. Some of the most important security focus
areas are:
● Technical System Landscape [page 4]

● Security of Data Centers and External Auditing [page 37]
● Data Integration [page 38]
● User Authentication (see the SAP Help Portal at http://help.sap.com/ibp, under Application Help SAP
Integrated Business Planning Administration Identity and Access Management User
Authentication )
● Identity and Access Management (see the SAP Help Portal at http://help.sap.com/ibp, under
Application Help SAP Integrated Business Planning Administration Identity and Access
Management )
● Data Protection and Privacy [page 47]
● Network and communication security (see Secure Communication for Inbound Integration [page 41] and
the SAP Help Portal at http://help.sap.com/ibp, under Application Help SAP Integrated Business
Planning Planning with Microsoft Excel Information for Business Users Self-Service Installation
(Business Users) Setting Up a Connection to IBP and the Planning Area )
● Application-specific virus scanning (see Virus Scanning [page 58] )
● Security-relevant logging and tracing (see the SAP Help Portal at http://help.sap.com/ibp, under
Management IAM Information System )
 Note
You can find SAP HANA Cloud Integration for data services Security Guide at http://help.sap.com/cpi_ds
under Security Security Guide .
SAP takes care of all aspects of security and data protection within the IBP system landscape. On your side,
you need to make sure to:
● Create and assign appropriate business roles to your business users

● Protect the clients in which the IBP add-in for Microsoft Excel is running
● Set up a secure data integration to the systems from which you import data (SAP Cloud Platform
Integration for data services)
Security Aspects
Security Aspects PUBLIC 3
2 Technical System Landscape
SAP Integrated Business Planning is a cloud offering that runs in the SAP Public Cloud.
Since cloud solutions from SAP deal with business data from your core business processes, SAP adheres to the
highest security and quality requirements, as follows:
● The business data is stored securely in SAP data centers.

● Users who require access to the business data must authenticate themselves and their identity must be
verified by SAP Cloud Platform Identity Authentication service or an on-premise identity provider,
depending on the actual system landscape. Users can only perform actions and view or edit data that the
business roles they are assigned to have permission for.
For more information, see SAP Library on the SAP Help Portal at http://help.sap.com/ibp under
Application Help Identity and Access Management User Authentication .
● Customer data always belongs to the customer.
Access to cloud solutions from SAP is possible using a unique and customer-specific URL. Communication is
implemented by means of a reverse proxy component in the SAP data center. The reverse proxy is the SAP Web
Dispatcher, which is developed and maintained by SAP Cloud Support. The communication between the
devices and the SAP Cloud is secured and protected by state-of-the-art open cryptographic standards and
protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). The clients and the SAP
Integrated Business Planning system communicate through an add-in for Microsoft Excel and a Web browser.
SAP Integrated Business Planning also integrates with SAP Cloud Platform Integration for data services. The
integration service directly connects to on-premise systems to extract and securely move data from source
systems to SAP Integrated Business Planning target tables through HTTPS. SAP Cloud Platform Integration for
data services can also be used for exporting SAP Integrated Business Planning calculation scenarios.
Furthermore, SAP Integrated Business Planning integrates with SAP Jam, thus providing a collaborative
decision-making solution that brings together people, information, and proven business approaches to drive
fast and valuable results. SAP Jam enables you to collaborate with other members of your team and to keep
track of your processes and process-related tasks. The communication between SAP Integrated Business
Planning and SAP Jam is secured by HTTPS.
ETL tools can receive SAP Integrated Business Planning key figures for consumption through a RESTful web
service API via HTTPS.
SAP Integrated Business Planning is powered by SAP HANA. All customer data is stored in the HANA database
and data is protected by the security infrastructure and operational procedures of SAP Cloud powered by SAP
HANA.
Security Aspects
4 PUBLIC Technical System Landscape
System Landscape
Security Aspects
Technical System Landscape PUBLIC 5
3 Roles and Authorizations
SAP Integrated Business Planning uses the authorization concept provided by Identity and Access
Management. The authorization concept is based on assigning business catalogs and business users to
business roles, and specifying restrictions for the roles.
For more information, see the SAP Help Portal at http://help.sap.com/ibp, under Application Help SAP
Integrated Business Planning Administration Identity and Access Management Basic Concepts
Business Roles .
Initial User Provisioning
You are provided with a super user for SAP Integrated Business Planning, which has all the necessary
authorizations for setting up your system. With this user, you can create your employee record and business
users, and assign the required business roles to your users.
Please note that you should not use this super user in a productive environment. Once you have finished
setting up your users and roles, the super user should be deactivated.
Security Aspects
6 PUBLIC Roles and Authorizations
4 Data Filters
To restrict the access to data that a user can read or write in IBP, use permission filters and attribute
permissions.
4.1 Permission Filters
Permission filters allow you to define access control rules for read and write access to data in IBP.
Master Data Types
Filter criteria for read access are applied to master data records where at least one of the corresponding
attributes within the condition exists in the master data type. As a consequence, the master data entries visible
to a user are limited.
It’s important to understand that filter criteria for read access don’t apply to master data types unless they
have at least one of the condition attributes. The same goes for compound master data types.
If there are master data type attributes that don’t have any filter criteria for read access applied, users have
access to any of the related data.
 Note
Filter criteria for write access do not apply to master data types.
Key Figure Values
The filter criteria for read and write access are applied to the stored key figure values. The conditions are
applied to the stored input values of the attributes related to the key figure. In other words, when an underlying
input key figure isn’t visible or writable, then the top level key figure isn’t visible or writable either. This ensures
that information can’t be drawn from resulting key figure values when parts of the underlying information,
which make up the key figure values, can't be accessed by the user. Therefore, permission filters must be
designed carefully to consider all stored input key figures.
 Note
Filter criteria for write access apply to the set of data made visible by filter criteria for read access defined
in the same permission filter. Furthermore, filter criteria for write access apply to the set of key figures
defined under Write Access for Key Figures. If these key figures are set to Unrestricted, the filter criteria for
Security Aspects
Data Filters PUBLIC 7
write access apply to all key figure data made visible by the filter criteria for read access of the same
permission filter.
Related Information
Manage Permission Filters [page 8]

Working With Permission Filters [page 9]
Using Operators to Define Filter Criteria [page 10]
Examples of Permission Filters [page 12]
4.1.1 Manage Permission Filters
Permission filters allow you as an administrator to restrict user access to specific master data types and key
figure values. You define these permission filters for specific planning areas (and thereby the associated
planning views) that are available to users by specifying conditions on attribute values.
You can assign permission filters to users either directly or indirectly:
● Direct user assignment to individual users (on the Assigned Users tab)
● Indirect user assignment
○ To user groups on the Assigned User Groups tab)
○ To business roles (in the Maintain Business Roles app)
You can assign multiple permission filters to a single user at once.
 Note
You increase access privileges by assigning multiple permission filters to a single user. The effect is
cumulative rather than restrictive.
All the permission filters that are assigned to a user are combined to give the user access to all the data defined
by the union of the sets of attribute combinations that each of them allows.
You can review all changes that were made to a permission filter on the Change History tab. The change history
shows what was changed where and by whom.
You can check the Permission Filter Report to get an overview of the administrative data and accessible key
figures for a permission filter and the resulting where-clause generated by the system.
Supported Device Types
● Desktop
● Tablet
● Smartphone
Security Aspects
8 PUBLIC Data Filters
Related Information
Working With Permission Filters [page 9]
4.1.1.1 Working With Permission Filters
Find out how to define and change permission filters.
You can create a permission filter in the Manage Permission Filters app as follows:
1. Click New, enter a name and a description (optional), and select a planning area.
2. Specify your filter attributes under Filter Criteria for Read Access, Write Access for Key Figures, or Filter
Criteria for Write Access, if required.
Filter Criteria for Read Access
Select your filter criteria or select Unrestricted. If you select Unrestricted, all values are allowed for read
access.
Write Access for Key Figures
Select one or multiple stored key figures or select Unrestricted.
The selected write key figures define the key figures which are editable on the dataset defined by the filter
criteria for write acces. If you select Unrestricted, all key figures are editable.
Filter Criteria for Write Access
Specify your filter criteria or select Unrestricted or No Access. If you select Unrestricted, the key figures are
editable on all filter criteria you allowed for read access. If you select No Access no key figure is editable.
Note the following:
○ If you define a filter that uses the same attribute more than once, the conditions are combined with OR
as shown in the following example:
Example One
Attribute Operator Value
Customer ID equal to Company ABC
Customer ID equal to Company XYZ
Result: you can view all data where the Customer ID is either Company ABC OR Company XYZ.
○ If you use the same attribute more than once with the Not Equal to operator, the conditions are
combined with AND.
○ If you define a filter that uses two or more different attributes, the conditions are combined with AND
as shown in the following example.
Example Two
Customer ID equal to Company ABC
Security Aspects
Customer ID equal to Company XYZ
Location Region equal to USA
Result: You can view planning data that fulfills both of the following conditions:
○ Belongs to location region USA

○ Belongs to either Company ABC or Company XYZ
3. Select an operator and enter a value.

For more information about operators, see Using Operators to Define Filter Criteria [page 10].
4. Define additional filter criteria as needed.
5. Turn on the Auto-Complete Filter Criteria Value feature if you want to trigger an automatic generation of
values for the dependent attributes of a given key figure.
 Note
On top of the attributes you select for your filter, the base planning level may contain other attributes
that need to be nullified. When the switch is active, the app analyzes the data model of all key figures
with member attributes that you have included in the filter criteria and generates values for the
dependent attributes. If no unit of measure or currency conversion are defined in the filter, the app
considers them as visible.This way, you don’t have to worry about specifying the dependent attribute
values yourself.
6. Assign your permission filter to individual users and user groups as needed or if you would rather define
your filters at a higher level, you can assign the permission filter to a business role in the Maintain Business
Roles app.
All the permission filters that are assigned to a user and to the user's business roles are combined to give
the user access to all the data defined by the union of the sets of attribute combinations that each of them
allows. In a permission filter, the conditions defined under Filter Criteria for Read Access apply to master
data records where the corresponding attributes exist in the master data type. They don't apply to master
data types that don't have attributes in the filter conditions.
For example, you have assigned the following permission filters:
○ Filter 1 with criteria for read access, to business user X: Region = EMEA
○ Filter 2 with criteria for read access, to business role Y, which is in turn assigned to business user X:
Product Group = Monitors
In the master data, user X can now see all the regions (based on Filter 2) and all product groups (based on
Filter 1).
4.1.1.2 Using Operators to Define Filter Criteria
The following table provides an overview of the available operators and explains how they work.
Security Aspects
Operators
Operator Description Example
equal to The user can view planning data for Rule: Customer ID equal to Company
which the attribute value is equal to the ABC
value specified.
Result: You can view planning data for
the specific customer Company ABC.
 Note
If you do not enter a value, the user
can view any data where the spe
cific attribute has no value.
not equal to The user can view planning data for

which the attribute value is not equal to
the value specified.
 Note
If you select the Not Equal to opera
tor and specify no value, the user
can view any data where the attrib
ute has a value.
greater than The user can view planning data for

which the attribute value is greater than
greater than or equal to The user can view planning data for
which the attribute value is greater than
or equal to the value specified.
less than The user can view planning data for

which the attribute value is less than
less than or equal to The user can view planning data for
which the attribute value is less than or
equal to the value specified.
between The user can view planning data for

which the attribute value is between the
two values.
Security Aspects
Operator Description Example
contains The user can view planning data for Rule: Customer ID contains the pattern
which the attribute value matches the "Company*"
pattern defined. You can use the wild-
Result: You can view the details for
cards * and ? as follows:
Company ABC, Company 9000, or any
● * can be substituted for any other other suffix of "Company".
multiple characters in a string
Rule: Customer ID contains pattern
● ? can be substituted for any single
"Company?"
character in a string
Result: You can view the details for a
company with a single character, for ex
ample Company A or Company Z.
4.1.1.3 Examples of Permission Filters
The following example is meant to help you understand how permission filters work.
Example 1
Permission filter 1 has filter criteria for read access for two attributes:
● PRDFAMILY = Shampoo
● LOCID = LOC A
The resulting logical filter criteria for read access would be PRDFAMILY = Shampoo AND LOCID = LOC A.
PRDFAMILY = Shampoo is an attribute of the master data type PRODUCT
LOCID = LOC A is an attribute of master data type LOCATION.
Permission filter 1 grants read access to the following master data records and key figure values:
● Product records in PRODUCT whose PRDFAMILY attribute has Shampoo as a value

● Location records in LOCATION whose LOCID attribute has LOC A as a value
● Records of master data types that depend on PRDFAMILY or LOCID or both and whose attributes match
the above condition
● Records of master data types that do not depend on PRDFAMILY and LOCID.
The same is true for:
● Compound master data types such as LOCATIONPRODUCT if the attributes are not explicitly contained
within the LOCATIONPRODUCT compound master data type
● Stored key figure values with base planning levels that include master data types with attributes
PRDFAMILY and/or LOCID
● Calculated key figure values that depend on the stored key figure values mentioned in the previous bullet
point
Security Aspects
 Note
Permission filter 1 doesn’t grant read access to key figures that are calculated with key figures that
don’t play a deciding role in the last two bullet points.
Example 2
There are two sales managers – Sales Manager 1 and Sales Manager 2, who are responsible for the planning for
product P1 in the countries CN1 and CN2 respectively. These countries roll up to Region R1. The sales
managers need to have a visibility on all sales forecasts for the region R1 but should only be able to edit the
sales forecasts for their assigned country. This scenario can be achieved by defining the following business role
and permission filters:
Role 1
Key Figure Restriction Sales Fcst Qty = READ, WRITE
Permission Filter 1
Filter Criteria for Read Access Region = R1
Write Access for Key Figures Sales Fcst Qty
Filter Criteria for Write Access Country = CN1
Permission Filter 2
Filter Criteria for Read Access Region = R1
Write Access for Keyfigures Sales Fcst Qty
Filter Criteria for Write Access Country = CN2
Sales Manager 1 will be assigned Role 1 and Permission Filter 1 and Sales Manager 2 will be assigned Role 1 and
Permission Filter 2.
Security Aspects
4.1.2 Permission Filters in IBP Applications
This table contains a complete overview of the usage of permission filters across SAP Integrated Business
Planning.
Permission Filters by Application
Business Write (Editability) Crite

Topic Function Read (Visibility) Criteria ria More Information
Admin System Monitoring -> N/A N/A Permission filters are not
istra Session Statistics for relevant for administra
tion IBP Excel Add-In app
tion apps because the as
sumption is that the ad
ministrator has all the
rights.
Admin System Monitoring N/A N/A Permission filters are not

istra app relevant for administra
tion
rights.
Admin Data Linked to Users N/A N/A Permission filters are not
istra app relevant for administra
tion
rights.
Admin Content N/A N/A Permission filters are not

istra Administration app relevant for administra
tion
rights.
Admin User Groups app N/A N/A Permission filters are not
istra relevant for administra
tion
rights.
Security Aspects
Admin Manage Permission N/A N/A Permission filters are not

istra Filters app relevant for administra
tion
rights.
Admin View Personal Master N/A N/A Permission filters are not
istra Data Changes app relevant for administra
tion
rights.
Admin Purge Change History N/A N/A Permission filters are not
istra Data application job relevant for this applica
tion
tion job because it is typi
cally scheduled by admin
istrators, and the as
rights.
Admin Purge Key Figure Data N/A N/A Permission filters are not
istra application job relevant for this applica
tion
rights.
Admin Purge Planning Area N/A N/A Permission filters are not
istra Data application job relevant for this applica
tion
rights.
Security Aspects
Admin Purge Non- N/A N/A Permission filters are not

istra Conforming Data ap relevant for this applica
tion plication job
rights.
Admin Purge Key Figure Data N/A N/A Permission filters are not
istra Outside Planning Area relevant for this applica
tion Planning Horizon ap
plication job
rights.
Model Attributes app No No Permission filters are not

configu- relevant for model config-
ration
uration apps.
Model Master Data Types No No Permission filters are not

configu- app relevant for model config-
ration
uration apps.
Model Time Profiles app No No Permission filters are not

ration
uration apps.
Model Sample Model Entities No No Permission filters are not

ration
uration apps.
Model Reason Codes app No No Permission filters are not

ration
uration apps.
Model Configuration app No No Permission filters are not

ration
uration apps.
Model Transport Model No No Permission filters are not

configu- Entities app relevant for model config-
ration
uration apps.
Security Aspects
Model Planning Areas app No No Permission filters are not

ration
uration apps.
Model Key Figure No No Permission filters are not

configu- Calculations app relevant for model config-
ration
uration apps.
Model Global Configuration No No Permission filters are not

ration
uration apps.
Cross DISAGG operator Yes No The visibility (read) part

applica of the user’s permission
tions
filter is applied while
reading the value of the
source key figure and the
proportional factors. No
permission filter is used
while writing the value to
the target key figure.
Data in Data Integration Jobs No No Permission filters are not

tegra app relevant for this app be
tion
cause it is typically used
by an administrator after
the planning model has
been set up. At this point
in time, permission filters
are normally not required
because the full data set
for that planning model
needs to be imported into
the system. Only with an
unrestricted set of data
can the admin verify if the
planning model has been
correctly set up.
Security Aspects
Data in SAP Cloud Platform No No Permission filters are not

tegra Integration for data relevant for data integra
tion services
tion jobs submitted via
SAP Cloud Platform
Integration for data
services because they are
submitted by a technical
user who cannot be as
signed a permission filter.
Process Manage Processes Yes Yes In process management,

man app permission filters are
age
used in planning-data
ment
permissions to define
which planning data is ac
cessible and editable for
the process step partici
pants. The permission fil-
ter is assigned when the
process step is started
and removed when the
process step is com
pleted. For more informa
tion, see Planning-Data
Permissions
Driver- Driver-Based Planning Yes Yes The visibility part of the

based app permission filter settings
plan
for a user limits the attrib
ning
ute values this user can
see in the driver planning
view.
The editability part of the

permission filter settings
for a user determines the
key figure-attribute com
binations for which the
user can change key fig-
ure values in the driver
planning view.
Security Aspects
Busi Data sharing Yes Yes For provider data sharing

ness plans, the intersection of
network
the visibility (Read) part
collabo
of the user's permission
ration
filter and the permission
filter of the data sharing
arrangement is used.
For consumer data shar

ing plans, the editability
(Write) part of the per
mission filter in the data
sharing arrangement is
used.
De Statistical Forecasting Yes No Forecasting algorithms

mand application job consider the visibility
plan
(Read) part of permission
ning
filters.
De ABC/XYZ No No
mand Segmentation appli
plan cation job
ning
De Forecast Automation No No

mand application job
plan
ning
De Assign Forecast Models Yes No Permission filters are

mand app
used to determine which
plan
planning objects can be
ning
updated during the as
signment process.
De Manage Product Lifecycle Yes No Permission filters are only

mand app considered for the first
plan
level attribute, that is to
ning
say the product. Only the
values of this attribute are
checked.
De Analyze Promotions app Yes No

mand
plan
ning
Security Aspects
De Manage Realignment No No

mand Rules app
plan
ning
De Settings for Product No No

mand Lifecycle app
plan
ning
De Forecast error calcu Yes No Profile-based forecast er

mand lation ror calculations consider
plan
the visibility (Read) part
ning
of permission filters.
Inven
tory op
timiza
tion
Inven DDMRP Buffer Analysis Yes No The visibility part of the

tory op app permission filter settings
timiza
for a user is applied.
tion
Inven Inventory optimization Yes No Permission filters are not

tory op operators considered by Multi-Stage
timiza
Inventory Opt, Calculate
tion
Inventory Components,
Calculate DDMRP buffer
levels, or Recommend
Decoupling Points (Solve)
operators. If filters are ap
plied, they are bypassed
and the entire supply
chain is solved.
Users who run these op

erators should have ac
cess to the required data
to do the computations.
The visibility (Read) part

of permission filters are
considered by the Single-
Stage Inventory Opt,
Forecast Error CV
Calculator, and Expected
Demand Loss operators.
Security Aspects
Time- Time-series-based Yes No The visibility part of the

series- supply planning algo permission filter settings
based rithms
for a user is applied while
supply
reading the values of sup
plan
ning ply planning key figures
and passing them to the
S&OP operator. No per
mission filter is used
while writing the values
back to the supply plan
ning key figures. In any
case, we recommend pro
viding the supply planner
with full visibility of the
entire network. The S&OP
operator runs can be lim
ited to one or more sub
networks, but this limita
tion does not influence
the data reading or writ
ing permissions.
Order- All apps and planning No No Permission filters are not

based runs for order-based applied, because the
plan planning
planning runs and the
ning
apps for order-based
planning consider all de
pendencies within the
supply chain.
Analyt Analytics - Advanced Yes No The visibility part of the

ics app permission filter settings
Analyt Dashboard-Advanced Yes No The visibility part of the

Security Aspects
Analyt Supply Chain Network Yes No The visibility part of the

for a user affects which
values are available for fil-
tering, but have no im
pact on the rendered
chart. While a user can
only define a filter with
values they have permis
sion to access, the gener
ated product nodes indi
cating bill of materials
contents still display for
all products.
Excep Custom Alerts app Yes No The visibility part of the

tion permission filter settings
man
age
ment
Excep Custom Alerts Yes No The visibility part of the

tion Overview app permission filter settings
man
age
ment
Excep Define Custom Alerts Yes No The visibility part of the

man
age
ment
Excep Monitor Custom Yes No The visibility part of the

tion Alerts app permission filter settings
man
age
ment
Excep Manage Cases app Yes No The visibility part of the

tion permission filter settings
man
age
ment
Excep Define Custom Alerts Yes No The visibility part of the

man
age
ment
Security Aspects
Cross Change History app Yes N/A The visibility part of the
applica permission filter settings
tions
for a user is applied when
displaying the change his
tory in the app.
Cross Effects view for Yes N/A The visibility part of the
applica change history in IBP permission filter settings
tions Excel add-in
displaying the change his
tory in the IBP Excel add-
in.
Cross Original changes view No N/A The visibility part of the

applica for change history in permission filter settings
tions IBP Excel add-in for a user is applied.
Cross Copy Operator Yes No The visibility part of the

applica user’s permission filter is
tions
applied while reading the
value of the source key
figure. No permission fil-
ter is used while writing
the value to the target key
figure.
The copy operator neither

considers if the target key
figure has been defined
as editable key figure in
the planning area config-
uration, nor if the busi
ness user who runs the
copy operator has the
permission to edit the tar
get key figure.
Cross Copy Operator Yes No The visibility part of the

applica (Advanced) user’s permission filter is
tions
applied while reading the
value of the source key
figure. No permission fil-
ter is used while writing
the value to the target key
figure.
Security Aspects
Cross Copy Version No No Because the copy version

applica Operator operator is mainly used to
tions copy complete sets of
data from one version to
another version, it does
not consider permission
filters. If it considered
permission filters, copy
ing a complete set of data
might not be possible.
Cross Delete Version No No Because the delete ver

applica Operator sion operator is mainly
tions used to delete complete
sets of data from a ver
sion, it does not consider
permission filters. If it
considered permission fil-
ters, deleting a complete
set of data might not be
possible.
Cross Snapshot operator Yes N/A The visibility part of the

applica and Redo Snapshot permission filter settings
tions operator
snapshoting the keyfig-
ure, but not for cascading
existing snapshots.
Cross Lag-Based Snapshot No No No visibility filter should

applica operator be considered while copy
tions
ing data from the source
key figure to the target
key figure to avoid any
data inconsistency by
missing some snapshot
data while running de
mand sensing, for in
stance.
Cross Snapshot (change No No There should not be any

applica history) filtering applied direclty
tions
or indirectly when reading
the source key figure of
the snapshot.
Security Aspects
Web- Web-Based Planning Yes Yes The visibility part of the

based app permission filter settings
plan
for a user limits the attrib
ning
ute values this user can
see in the planning view.
The editability part of the

permission filter settings
for a user determines the
key figure-attribute com
binations for which the
user can change key fig-
ure values in the planning
view.
Cross Application Logs app Yes N/A For regular application

applica logs, no permission filter
tions
is applied. When down
loading Statistical Fore
casting and Supply Plan
ning attachments, the
permission filters of the
current user will be ap
plied to the download.
Cross Application Jobs app Yes N/A The read part of the per
applica mission filter is consid
tions ered if the IBP compo
nent which delivers the
job templates uses the
permission filters to re
trieve attribute values.
Data in Key figure/master Yes Yes The visibility part of the
tegra data extractors permission filter settings
tion (OData service)
 Note
It is important to be
able to pass a user as
parameter because
the CC user is not
valid for a visibility fil-
ter and a business
user must be mim
icked in this case.
Security Aspects
Data in Key Figure and Master Yes No The service retrieves only
tegra Data External API the values that are al
tion
lowed for the user based
on the VF.
IBP Ex IBP Excel add-in Plan Yes Yes Editability check imple
cel add- ning Views mented with 1802.
in
IBP Ex IBP Excel add-in Mas Yes No Visibility (Read) part of
cel add- ter Data Maintenance the permission filter of
in
the user is applied.
IBP Ex IBP Excel add-in Mas N/A N/A

cel add- ter Data Maintenance
in for external Master
Data Types
IBP Ex IBP Excel add-in Plan No No Documented in release

cel add- ning Object Mainte restriction note 2536930
in nance
and subsequent IBP
versions, that this is not
supported
IBP Ex IBP Excel add-in Job N/A N/A

cel add- Status
in
IBP Ex IBP Excel add-in Plan Yes No Visibility (Read) part of
cel add- ning Notes the permission filter of
in
IBP Ex IBP Excel add-in Plan Yes No Visibility (Read) part of
cel add- ning Object with Key the permission filter of
in Figure Data (Master
Data)
Security Aspects
4.2 Manage Attribute Permissions
You can use this app to specify read and write access for master data attributes and restrict the attributes a
business user can display or modify.
Key Features
● Specifying read and write permission for master data attributes for users and user groups; not applicable
to time profile attributes and change history based calculation attributes
● Checking read and write access for all attributes by applying the attribute permission function using the
Permissions Report
● Creating new attribute permissions
● Modifying existing write permissions
● Displaying change history details
● Assigning multiple attribute permissions to a user
● Adding or removing assignments to attribute permissions for user groups
● Copying existing attribute permissions
Prerequisites
The Manage Attribute Permissions (SAP_IBP_BC_ATTPERM_PC) business catalog must be assigned to the
administrator role for the administrator to see the Manage Attribute Permissions app.
Activities
All business users must have read and write attribute permissions assigned to them. If a user has no
assignments, they won't be able to either see or change any attributes. Similarly, you can assign various
combinations of complex rules on what attributes are included or excluded from write authorization in the
Manage Attribute Permissions.
 Note
Write attribute permissions depend on the read attribute permissions defined. You can only modify the
attributes (without permission) you're able to see.
When you create a new business user, the ATTPERM_ASSIGN_NEW_USER global parameter automatically
assigns the new user to the SAP_ALL_ATTRIBUTES attribute permission. This enables the user to see all
attributes. However, you can assign the user to some other more restrictive attribute permission. You can also
assign user groups to an attribute permission.
Security Aspects
 Note
The value of the global parameter ATTPERM_ASSIGN_NEW_USER influences the assignment of the
SAP_ALL_ATTRIBUTES to the newly created users.
Read and write permissions may be one of the following:
● Unrestricted: User can see or modify all atributes

● Restricted: User can only see specific attributes for which they have permission and can only modify a
subset of these attributes depending on their write permissions
● No Access: The user has no write access to the attributes they can see.
An attribute permission can be deleted if no user or user group is assigned to it.
Check the Permissions Report to verify your entries.
 Example
As an administrator, you must set up attribute permissions for 15 demand planners who need to view all
attributes except one user, demand planner A.
Demand planner A may not be interested in seeing attributes related to the product’s shipping location.
Additionally, the cost of manufacturing a unit of the product may be sensitive information that you may not
want the demand planner to see. Therefore, you decide to block access to the Ship-From Location and
Manufacturing Cost attributes.
To handle this, you must create an attribute permission that excludes the Ship-From Location and
Manufacturing Cost attributes, and assign planner A to that attribute permission.
 Example
As a business user, you have read permission for attributes CUSTOMERID, CUSTOMERNAME, CUSTOMERTYPE,
and CUSTPAYERID. Your write attribute permission allows you to only modify attributes that contain the
letter P. Therefore, according to your write attribute permission, you're only allowed to change the
attributes CUSTOMERTYPE, and CUSTPAYERID.
Multiple Assignments
The user may have no attribute permissions. If there are no assignments, the user will see nothing. If a user has
more than one assignment, then the rule is using a combination (UNION) of the allowed attributes of each set
of attribute permissions.
 Example
User is assigned to both SAP_ALL_ATTRIBUTES (sees all) and another attribute permission ATTPERM001,
which only allows the user to display LOCID and CUSTID. As a result, the user will still see everything.
In other words, the combination of SAP_ALL_ATTRIBUTES and ATTPERM001 results in the least restrictive
attribute permission winning, that is, SAP_ALL_ATTRIBUTES.
Security Aspects
 Example
User is assigned to attribute permission ATTPERM001 (LOCID only) and attribute permission ATTPERM002
(CUSTID only).
The combination (UNION) of ATTPERM001 and ATTPERM002 allows you to see both LOCID and CUSTID.
 Example
Planner A has attribute permissions ATTPERM001 and ATTPERM002. ATTPERM001 allows planner A to read
and write to LOCID but ATTPERM002 only has read attribute permission to LOCID but no permission to
write (modify). In this case, the winning attribute permission is ATTPERM001 since it's the least restrictive
and allows planner A to both read and write to LOCID.
 Recommendation
To see which attribute permissions are assigned to a business user, you can use a filter for this in the
Manage Attribute Permissions app.
Copy Attribute Permissions
You can use the Copy button to copy an existing attribute permission and create a new one.
The copied version includes the values of sections that were set to true (enabled) in the Copy popup window.
The following values are set as default:
● Read Criteria = True

● Write Criteria = True
● User Assignment = False
● User Group Assignment = False
The copied attribute permission is initially created as a draft. You’ll need to manually activate the new attribute
permission by saving it. Like the newly created attribute permission , any newly copied attribute permissions
must have unique names before you’re allowed to save them.
If you want to roll back the copied attribute permission, you can cancel the operation without saving it.
Note that you can only copy a single active attribute permission at a time.
Related Information
Attribute Permissions in IBP Applications [page 30]
Security Aspects
4.2.1 Attribute Permissions in IBP Applications
You can use the Manage Attribute Permissions app to specify read and write permissions for master data
attributes and restrict the attributes a business user can display.
Read attribute permissions must be configured for an end user to enable them to select attributes for the
following:
● Analytics – Advanced app

● Define and Subscribe to Custom Alerts app
● Dashboards – Advanced app
● Manage Cases app
● Data Integration Jobs app
● Planning Filters app
● Application Jobs app
● Web-Based Planning app
● IBP Excel add-in
● External OData services
● S&OP operator with subnetworks
There are some special cases where attribute permissions don’t affect the visibility of master data. Even if
permissions are set to restrict the visibility, the attributes are still displayed.
Business Logs for Statistical Forecasting and S&OP
Application logs are generated for statistical forecasting and S&OP jobs. Additional business logs may be
present. If the information in these logs contains an attribute that has been restricted for a user, the user
cannot see any of the business logs but can see a warning message why they aren’t visible any more.
 Example
A statistical forecasting job is executed and logs are generated. One of them contains further information in
the form of business logs. These business logs contain an attribute (for example, CUSTID) that the user is
not allowed to see. As a result of the read attribute permissions, the user can’t see any of the business logs’
contents and sees a warning message instead telling the user they can’t see the contents because of the
permissions.
Conversion Attributes
If you set up a planning view and have no read permission for a conversion attribute, it will still be visible for
planning purposes. The reason for this is that without conversion the corresponding key figures can’t be
calculated.
The above logic also applies to conversion attributes when scheduling jobs. It does not, however, apply to the
Excel add-in master data maintenance, where the conversion attribute will not be visible.
Security Aspects
Shared and Saved Objects
When using templates or favorites the following two outcomes will apply.
● If it contains an attribute in the planning level definition, for which the business user does not have read
permission, it will not be visible for said user.
● If it contains an attribute in the filter definition, for which the business user does not have read permission,
the filter condition will be cleansed.
If a formerly saved filter contains an attribute in the filter definition, for which the business user does not have
read permission, the filter condition will be cleansed.
The above logic also applies to the Planning Filters app. For more information, see the section on planning
filters.
IBP Excel add-in
If a user does not have read permission for an attribute, then the attribute can’t be selected in the Microsoft
Excel user interface. In case of attribute write permissions, the read permission is a prerequisite for this setting.
You can find out more about special use cases of the read and write permissions in the following list.
● Link between Attribute ID and Attribute Description

You can use attributes that have a link between the attribute ID and the attribute description (for example,
CUSTID and CUSTIDDESC) in your planning view for planning purposes. The read permission setting of the
attribute ID will define the visibility of both.
In the table below you can find the details of these cases.
Attribute Description read permis

Attribute ID read permission sion Attribute visibility
Yes Yes Both Attribute ID and Description will

be visible
No No Neither attribute will be visible
No Yes Neither attribute will be visible
Yes No Only the Attribute ID will be visible
● Subnetworks
In case an end user doesn’t have read permission to a subnetwork, it can’t be selected in the Planning
Scope or Job Run and Schedule. This can result in an S&OP or IO operator to run for the entire network.
● Master Data Workbook Permissions
In case a business user has permission to a master data type (for example, one that contains the attributes
Product ID and Product Group) these are the possible outcomes of read permission settings.
○ If the business user has no read permission for a key attribute (for example, Product ID), then the
master data type will not be visible in the Master Data Workbook.
○ If the business user has no read permission for a required attribute (for example, Product Group), the
master data type will be in read-only mode.
○ If the business user has no read permission for an optional attribute, then there is no change in Master
Data Workbook permissions.
Security Aspects
○ If a business user does not have read permission for a root attribute in the planning level, the planning
level will not be visible in master data maintenance (planning object with key figure data). Similar to
when a business user does not have permission for that particular planning level.
○ If the read access has been granted for the master data type and all its’ key figures the master data
type is available for selection in the sheet definition. (Attributes with read-only access are greyed-out
and in case a user changes a value of a read-only attributes, an error is displayed upon saving.)
In case a business user has permission to a master data type (for example, one that contains the attributes
Product ID and Product Group), read and write permissions have been assigned these are the possible
outcomes of the possible settings.
○ Creation of a new master data type is possible if write access has been set for the master data type,
the key and the required attributes. (Attributes without write permission cannot be maintained. If a
user is trying to create new master data type records, an error is displayed upon save and the key
fields, required fields and changed fields aren’t uploaded through data integration.)
○ Updating an existing master data record is possible if write access has been set for the master data
type and read or write access has been set for the respective attributes that the user want's to change.
Additionally, write permissions are set for the changed attribute. (Attributes without write permission
cannot be maintained and an error is displayed upon saving.)
○ Deleting a master data record can be done if write access has been assigned for the master data type
and on key attributes. (If insufficient permission is set for this action then changes are rejected.)
● Restrictions
To use the Change History Original View, business users need read permission for all attributes, that are
base planning level attributes for history enabled key figures.
● Offline usage
An offline Microsoft Excel workbook is not checked for attribute permissions upon login. Once permission
settings are checked business users can either view the data or will get an error message, depending on
these settings. Please contact your administrator to check your attribute permissions if you come across
this error message.
 Example
An offline workbook is created by business user A with no attribute restrictions set. These settings
contained in the workbook that is later opened by another user, business user B who does have
restricted attribute permissions set. When logging on, the system may display an error message and
the planning view will be updated based on the permissions of business user B, upon a refresh.
Define and Subscribe to Custom Alerts App
Based on the attribute permissions configured by your system administrator, the Calculation Level field will
only display the attributes that the user can see. If you don’t see certain attributes that you expect to see,
please check with your system administrator to see whether your user role contains the necessary permissions
for you to see the missing attributes.
If you use an attribute in the Calculation Level field in one or more of your custom alerts definitions and this
field is restricted later by adding attribute permissions (you do not have read access anymore), the alerts will
not return any results.
In case you’re applying planning filters on your alerts, please note that shared filters won’t display the
conditions for which you have no read permission.
Security Aspects
 Example
The following table lists the attributes for master data type LOCATION:
LOCID LOCDESCR LOCREGION LOCTYPE
LC1 LCD1
NA A
LC2 LCD2
NA A
LC3 LCD3
APJ A
LC4 LCD4
NA A
The administrator would like to restrict users with user role <name of role> from seeing the attribute
LOCREGION where the user does not have read permission, the user is unable to see the column
LOCREGION as a result. The following table is displayed for the user with the attribute permission applied:
LOCID LOCDESCR LOCTYPE
LC1 LCD1
A
LC2 LCD2
A
LC3 LCD3
A
LC4 LCD4
A
In addition to the Group By field, the subscription uses attributes to filter on data. The same principle
applies to the filter field and to the attribute filter.
Analytics - Advanced App
Based on the attribute permissions configured by the system administrator, your Group By and ad hoc filter
fields will only display the attributes that your user can see. If you don’t see certain attributes that you expect
to be available, please check with your system administrator. Your user role may not contain the necessary
permissions for you to see the missing attributes.
Dashboard App
Based on the attribute permissions configured by the system administrator, your ad hoc filter will only display
the attributes that your user can see. If you don’t see certain attributes that you expect to be available, please
check with your system administrator. Your user role may not contain the necessary permissions for you to see
the missing attributes.
Security Aspects
 Note
If an existing dashboard has been using a certain attribute as a filter and that attribute was restricted for
the user at a later time, any chart on the dashboard that is affected by that attribute will no longer display
any data.
Case Management App
Live alerts display calculation level information and a chart. If there is a restriction on a certain attribute that’s
part of the alert, the live alerts and the snapshot won’t display any alert information.
 Note
The History tab is not updated with the attribute permission feature and the restricted attributes will
continue to be displayed.
Data Integration Jobs App
Depending on the data type and the action a user wants to carry out in the Data Integration Jobs app, that user
needs the attribute permissions described in the following sections.
Key Figure Data

For any action a user wants to carry out for key figure data, that user needs at least read permission for the root
attributes of the key figure’s base planning level.
Master Data
Depending on the action a user wants to carry out for master data, that user needs different permissions for
the different attribute types as listed in the following table:
Action Key Attributes Required Attributes Non-key Attributes
Download a template, up Read Write Write

date existing master data
Insert new master data, de Write Write Write

lete or replace existing mas
ter data
 Note
Users should only add those attributes to the CSV file that they have permission for. If the file contains any
attributes they don’t have permission for, the file will be rejected. Required attributes must always be
included. Hence, to perform any action on a master data type, a user should have write permission for all
required attributes of the master data type.
Security Aspects
For updating and inserting data, the Data Integration Jobs app offers the option Insert/Update, which covers
both of these actions. However, because the permission requirements for inserting new master data types are
stricter than for updating existing master data, the system distinguishes between the two actions when you
upload master data using this option.
 Example
Inserting new and updating existing master data
You have a master data type PRODUCT. This master data type has the following attributes:
● PRDID (key attribute)

● PRDDESC
User A has read permission for the attribute PRDID and write permission for the attribute PRDDESC.
The data shown in the following table is already available in the system for master data type PRODUCT:
PRDID PRDDESC
PRD1 Product A
User A wants to change the product description for PRD1 from “Product A” to “Product 1” and insert a
record for a new product at the same time. User A uploads a CSV file that contains the data shown in the
following table using the Insert/Update option:
PRDID PRDDESC
PRD1 Product 1
PRD2 Product 2
Because user A doesn’t have the required write permission for the key attribute PRDID to insert the new
record, the entire file is rejected.
To update the product description for PRD1, user A needs to remove the new record for PRD2 and upload
the CSV file again.
User A is not permitted to insert any new records for this master data type. If this user wants to insert new
records for this master data type, the administrator must first give this user write permission for the key
attribute PRDID.
Planning Filters App
When you create a planning filter from the Planning Filters app, you can only see the attributes for which you
have been assigned read permission.
If read attribute permissions are changed for your user later, you will no longer see the attribute if you try to
edit your planning filter after the permissions have been modified. Since shared planning filters also consider
read attribute permissions, you can only see the attributes that you have read permissions for. Planning filters
are applied in full with all conditions in the jobs execution.
Security Aspects
 Example
In the Planning Filters app, you create a planning filter with the attribute CUSTID, operator EQ and value
ABC.
Your user is X and you create a planning filter P1.
User Y shares the planning filter P2 that contains the attribute CUSTID with your user X.
A couple of days later, your administrator changes your read attribute permission for the CUSTID attribute
and you no longer have read access to it.
You will no longer see the CUSTID attribute in either planning filter P1 or P2. If you now try to edit P1 which
you originally created, the filter dropdown will no longer contain the CUSTID attribute and will be empty.
External OData Services
Based on the attribute permissions configured by the system administrator, the /IBP/EXTRACT_ODATA_SRV
OData service call will return data if all the group by attributes and filter attributes can be accessed by the user.
Otherwise, no data is returned.
Application Jobs App
The selection of the parameters in the Statistical Forecasting and S&OP Operator job templates is restricted
based on the attribute permissions.
S&OP Operator with Subnetworks
You need attribute permissions to run the S&OP operator with subnetworks.You must have read permission for
the Subnetwork ID (PLUNITID) attribute.
If required, you need to give this permission to new users. Existing business users (before release 1905) were
assigned permission for all attributes (SAP_ALL_ATTRIBUTES) during the 1905 upgrade.
Related Information
Manage Attribute Permissions [page 27]
Security Aspects
5 Security of Data Centers and External
Auditing
SAP follows operating best practices for data centers by deploying computation and storage parts of the
solution over separated fire-safe areas to support disaster recovery in the event of a fire. For data backup and
recovery purposes, a redundant hardware storage system performs regular backups. To provide enhanced data
integrity, we have an advanced database management solution to store customer data and securely isolate
each customer’s business information in its own database instance. Data centers used by SAP maintain
multiple connections to several power companies, making a complete power outage highly unlikely. Even if the
local power grid were to fail, the data centers supporting SAP have an uninterruptible power supply for short-
term outages, and a diesel generator backup power supply for longer-term outages. Therefore, power
interruptions or outages are unlikely to affect customer data or solution access. Data centers used by SAP are
logically separated and staffed around the clock, 365 days a year. A security system permits access only to
authorized personnel, and the data centers are partitioned such that authorized personnel can access only
their designated areas. The network employs a number of security technologies. The multilayered, partitioned,
proprietary network architecture permits only authorized access to the data centers that support SAP with
features that include:
● A Web dispatcher farm that hides the network topology from the outside world
● Multiple Internet connections for network redundancy and distributed denial-of-service (DDoS) protection
devices that ensure protection from DDoS attacks
● Layered security measures that continuously monitors solution traffic for possible attacks
● Multiple firewalls that divide the network into protected segments and shield the internal network from
unauthorized Internet traffic
● Third-party audits performed throughout the year to support early detection of any newly introduced
security issues SAP is committed to third-party validations, standards, and certifications of the policies
and procedures we use to maintain our customers’ security, privacy and data integrity.
SAP maintains several certifications and accreditations to ensure that we provide the highest standards of
service and reliability to our customers. SAP will continue efforts to obtain the strictest of industry
certifications in order to verify its commitment to provide secure and reliable services.
Security Aspects
Security of Data Centers and External Auditing PUBLIC 37
6 Data Integration
To be able to fully exploit the functions provided by SAP Integrated Business Planning, you can integrate
business processes and data between your on-premise applications (for example, SAP ERP or SAP APO) and
SAP Integrated Business Planning. These sections below provide an overview of the security aspects of data
integration.
SAP Cloud Platform Integration for Data Services
The SAP Cloud Platform, integration service enables users to import data to and export data from SAP
Integrated Business Planning. For information about the security aspects of these data flows, see the security
guide for SAP Cloud Platform Integration for data services on SAP Help Portal at http://help.sap.com/cpi_ds.
Data Upload Using the Data Integration Jobs App
You can use the Data Integration Jobs app to upload data to SAP Integrated Business Planning in a CSV file.
Uploading Files to the IBP Add-In for Microsoft Excel
The IBP Add-In for Microsoft Excel allows users to save planning views to their computers, make changes to the
files offline, and upload the files back to the system. Users can also share Excel sheets (favorites or templates)
with other users.
When users share favorites with other users, the system temporarily erases all figures for security reasons.
When a recipient opens a shared favorite, the system checks for the required authorizations before loading the
figures. For more information, see the SAP Help Portal at http://help.sap.com/ibp, under Application Help
SAP Integrated Business Planning Planning with Microsoft Excel Information for Business Users Working
with Planning Views Creating Planning View Favorites .
Extracting Data with OData Service
To access the IBP system from outside the IBP cloud and extract data using this OData service, you need to do
the following:
● Create one or more communication users and associate them with the SAP_COM_0143 communication
scenario. The communication user for this scenario is authorized to access the API.
Security Aspects
38 PUBLIC Data Integration
● Set up the new SAP_COM_0143 communication scenario.
● Create the EXTERNAL_DATA_ACCESS user group and add business users to it. Data can only be extracted
on behalf of these business users.
When you request data using this service, you need to provide the attributes, key figures, and the filters for the
data you would like to extract. The service returns the requested data in JSON format. The data can be
returned for any planning area, version or scenario. For more information, see the SAP Help Portal at http://
help.sap.com/ibp, under Integration Data Integration Scenarios Data Integration Using OData Services
Extracting Key Figure Data .
 Caution
Do not use this service for mass extraction of key figures. If you would like to extract large amounts of key
figures, we recommend that you extract those key figures using SAP Cloud Platform Integration for data
services (see Data Export from SAP Integrated Business Planning at http://help.sap.com/ibp).
Sharing Data with Business Network Collaboration
With business network collaboration, you can share your key figure data with your business partners to
synchronize and optimize your supply chains across company boundaries. For information about the security
aspects of these data flows, see the SAP Help Portal at http://help.sap.com/ibp, under Configuration Guide
for Business Network Collaboration Security .
SAP Jam Integration
SAP Integrated Business Planning enables integration with SAP Jam. This channel allows you to share business
objects and documents that may contain sensitive information with external users. If you are using Internet
Explorer as your Web browser, complete these steps to enable secure logon to SAP Jam:
1. In your Internet Explorer, go to Tools Internet options Security and click the Sites button under
Trusted Sites.
2. Now either add or remove both of the following to your trusted sites list simultaneously:
○ https://*.sapjam.com
○ https:/*.scmibp.ondemand.com
3. If you have disabled cookies, go to Tools Internet options Privacy Settings and click the Sites
button under Settings.
4. Now add both https://*.sapjam.com and https:/*.scmibp.ondemand.com to your Per Site Privacy
Actions list.
For information about protecting this data, see SAP Library on SAP Help Portal at http://help.sap.com/nw-
uiaddon under Application Help Social Media Integration Information for Administrators Security .
Security Aspects
Data Integration PUBLIC 39
Related Information
Virus Scanning [page 58]
Security Aspects
40 PUBLIC Data Integration
7 Secure Communication
7.1 Secure Communication for Inbound Integration
Find out which certificate authorities for client certificate authentication are accepted for inbound integration
to the IBP landscape.
Integration scenarios from a customer system to IBP inbound integration require secure communication. For
certificate-based authentication in such scenarios, the customer system must use a client certificate signed by
an appropriate certification authority (CA).
IBP enables API access to inbound integration scenarios using -api URLs.
 Example
System URL Pattern Description
Business user access <tenant>.<domain> UI access
Integration access <tenant>-api.<domain> API-based access
A list of CAs accepted for inbound integration to the IBP landscape is available in SAP Note 2871840 .
Customer systems need to provide client certificates which are signed by one of these CAs. Check this SAP
note if you would like to extend this list of CAs or find out more information.
See also: the SAP Help Portal at http://help.sap.com/ibp, under Application Help SAP Integrated Business
Planning Administration Communication Management .
Related Information
Communication Management
7.2 Secure Communication for Outbound Integration
Secure communication is required in all integration scenarios that connect SAP Integrated Business Planning
to other systems.
Security Aspects
Secure Communication PUBLIC 41
These outbound integration scenarios may include:
● other SAP cloud systems

● customer on-premise systems
● third party systems (cloud, non-cloud)
When establishing the secure communication, the external system must prove its identity using a server
certificate that is signed by a trusted certificate authority (CA).
For secure communication to SAP-owned systems and services, SAP Integrated Business Planning contains a
preconfigured list of trusted CAs (marked as Managed By SAP, not changeable by customers).
For integration to non-SAP systems, the customer can maintain the list of trusted CAs (Managed By
Customer).
7.3 Maintain Certificate Trust List
With this app you can maintain a list of trusted certificates. If certificates of communication partners are
classified as trusted, outbound communication among these partners can be enabled.
With this app you can monitor all available trusted certificates.
Key Features
You can use this app to do the following:
● Display a list of all already existing trusted certificates

● Upload a new certificate
● Display detailed information
● Delete trusted certificates from the list. This feature is enabled only for the certificate type Managed By
Customer. Certificates of the type Managed By SAP cannot be deleted and therefore the Delete button is
disabled.
● Desktop
● Tablet
Related Information
Secure Communication for Inbound Integration [page 41]
Security Aspects
42 PUBLIC Secure Communication
7.4 Maintain Clickjacking Protection Whitelist
With this app you can maintain a list of trusted hosts.
With this app you can define secure applications by adding trusted hosts to the clickjacking protection
whitelist. By default, clickjacking protection is active to protect your systems against malicious clickjacking. If
the system is embedded into another application, the check determines whether the other application is
secure. To add trusted hosts, you have to enter specific details, such as schema and port, for each trusted host
to make sure that malicious hosts are identified and prevented from calling your system.
Key Features
● Add trusted hosts to the whitelist (name, schema, port)

● Edit trusted hosts
● Delete trusted hosts
● Desktop
● Tablet
7.5 Manage Content Security Policy
Content Security Policy is a standard that allows to disable certain HTML/Javascript features to reduce the
attack surface of applications running in a browser (for example as second line of defense against cross-site
scripting attacks).
With this app you can view a whitelist of allowed sources. You can add your own trusted content for example if
you have developed your own SAPUI5 app that loads external resources such as fonts, scripts or styles.
Moreover, you can display any violations of the policy in a log.
Key Features
● Display a whitelist of allowed sources
Security Aspects
● Add new allowed sources to the whitelist
For fonts, use UI_RESOURCES_FONTS; for scripts, use UI_RESOURCES_SCRIPTS, for styles, use
UI_RESOURCES_STYLES.
● Display logs listing violations
Please note the following information about browser-related effects that in some cases might result in
additional violations while in other cases violations are not listed:
○ The violation logs might contain records indicating that an EVAL violation has occurred. These
violations can be ignored. They are caused by unexpected behavior in Google Chrome.
○ Firefox does not send the session cookie with the reporting requests. These requests will therefore be
rejected by the backend, and are thus not included in the log.
○ Browser extensions sometimes insert non-policy conform code into an HTML page. This results in
violation log entries that are not caused by the applications themselves.
● Desktop
● Tablet
Component for Customer Incidents
If you need support or experience issues, please report an incident under component SCM-IBP-SEC.
Related Information
Content Security Policy (CSP) Switched to Blocking Mode
7.5.1 Content Security Policy (CSP) in Blocking Mode
The CSP support has now switched from report mode to blocking mode.
Content Security Policy (https://www.w3.org/TR/CSP3 ) is a standard which allows you to disable certain
HTML/JavaScript features to reduce the attack surface of applications running in a browser (for example, as a
second line of defense against cross-site scripting attacks). The policy uses an explicit whitelist of allowed
sources from where resources (scripts, styles and fonts) can be loaded.
In blocking mode, violations are not only reported but execution of violating code is additionally blocked by the
browser. If you have developed any own HTML or JavaScript code which is served from the SAP Integrated
Business Planning backend (for example to enhance SAP apps or to create own applications) you need to
ensure that this code is compliant with the policy. Inline scripts need to be removed and additional sources of
resources need to be listed in the trusted site lists of the Manage Content Security Policy app. Also the collected
logs can be displayed in that app.
Security Aspects
 Note
Code which is not compliant with the policy will no longer work.
HTML pages loaded from:
● /ui
● /sap/bc/ui2/
● /sap/bc/ui5_ui5/
● /sap/bc/bsp/
will receive the following policy:
default-src 'self' ;
script-src 'self' $UI_RESOURCES_SCRIPTS 'unsafe-eval' ;
style-src 'self' $UI_RESOURCES_STYLES 'unsafe-inline' ;
font-src 'self' data: $UI_RESOURCES_FONTS ;
img-src 'self' https: http: data: blob: ;
media-src 'self' https: http: data: blob: ;
object-src blob: ;
frame-src 'self' https: gap: data: blob: mailto: tel: ;
worker-src 'self' blob: $UI_RESOURCES_SCRIPTS ;
child-src 'self' blob: $UI_RESOURCES_SCRIPTS ;
connect-src 'self' https: wss: ;
base-uri 'self'
● /sap/bc/gui/
● /sap/bc/webdynpro/
will receive the same policy, except for the directive object-src which will be set to:
object-src 'self' blob: ;
● /
will receive the same policy, except for the directive script-src which will be set to:
script-src 'self' $UI_RESOURCES_SCRIPTS $nonce 'unsafe-eval' 'unsafe-inline' ;
In this policy, the following placeholders contain the corresponding trusted site lists, which define from where
resources can be loaded:
● $UI_RESOURCES_SCRIPTS: https://ui5.sap.com https://siteintercept.qualtrics.com

https://*.siteintercept.qualtrics.com https://*.api.here.com
● $UI_RESOURCES_STYLES: https://ui5.sap.com
● $UI_RESOURCES_FONTS: https://ui5.sap.com https://help.sap.com
 Note
For technical reasons, the whitelists might still contain the additional source
https://*.int.sap.hana.ondemand.com. This is planned to be removed with the next release.
In case of problems, it is possible to deactivate the policy. For further information, see the documentation for
the Manage Content Security Policy app.
Security Aspects
Related Information
Manage Content Security Policy [page 43]
Security Aspects
8 Data Protection and Privacy
Data protection is associated with numerous legal requirements and privacy concerns. In addition to
compliance with general data protection and privacy acts, it is necessary to consider compliance with industry-
specific legislation in different countries. SAP provides specific features and functions to support compliance
with regard to relevant legal requirements, including data protection. SAP does not give any advice on whether
these features and functions are the best method to support company, industry, regional, or country-specific
requirements. Furthermore, this information should not be taken as advice or a recommendation regarding
additional features that would be required in specific IT environments. Decisions related to data protection
must be made on a case-by-case basis, taking into consideration the given system landscape and the
applicable legal requirements.
The following records in SAP Integrated Business Planning may contain personal data:
● Master data records: any master data types you have defined in IBP that may contain attributes with
personal data such as user names, email address, and so on. For more information about how such
personal data is handled in SAP Integrated Business Planning, see Master Data Records [page 50].
 Note
These attributes are treated as dynamic attributes values IBP Excel add-in.
For more information, see Dynamic Selection of Values of Master Data Attributes
● Business user records: any data linked to your user ID that is stored by SAP Integrated Business Planning,
for example, favourites that you have defined or IBP settings you have customized. For more information
about how such personal data is handled in SAP Integrated Business Planning, see Business User Records
[page 52].
As a customer, please contact SAP cloud support with any queries you might encounter on the handling of
personal data in SAP Integrated Business Planning.
 Note
SAP does not provide legal advice in any form. SAP software supports data protection compliance by
providing security features and specific data protection-relevant functions, such as simplified blocking and
deletion of personal data. In many cases, compliance with applicable data protection and privacy laws will
not be covered by a product feature. Definitions and other terms used in this document are not taken from
a particular legal source.
 Caution
The extent to which data protection is supported by technical means depends on secure system operation.
Network security, security note implementation, adequate logging of system changes, and appropriate
usage of the system are the basic technical requirements for compliance with data privacy legislation and
other legislation.
Some basic requirements that support data protection are often referred to as technical and organizational
measures (TOM). The following topics are related to data protection and require appropriate TOMs:
Security Aspects
Data Protection and Privacy PUBLIC 47
● Access control: authentication features (see the SAP Help Portal at http://help.sap.com/ibp, under
Management ).
● Permissions: permissions assigned to business roles (see the SAP Help Portal at http://help.sap.com/ibp,
under Application Help SAP Integrated Business Planning Administration Identity and Access
Management Maintain Business Roles Specify Restrictions ).
● Communication security: as described in Data Integration [page 38].
● Availability control: as described in Technical System Landscape [page 4].
● Separation by purpose: is subject to the organizational model implemented and must be applied as part
of the authorization concept.
Sensitive Personal Data
Sensitive personal data is a category of personal data that needs special handling. The definition of what
qualifies as sensitive personal data may differ for different legal areas or industries. Sensitive data may for
example be information on racial or ethnic origin, political opinions, or bank and credit accounts (see Glossary
[page 48]). SAP Integrated Business Planning is not designed to store and process this kind of data.
User Consent
SAP Integrated Business Planning assumes that the user, for example an SAP customer entering data in IBP,
has consent from its data subject (a natural person such as a customer, contact, or account), to collect or
transfer data to the solution.
Disclosure of the Personal Data of Individuals
Data privacy regulations may also require the provisioning of information on what is stored about an individual
person. The standard functions of SAP Integrated Business Planning can be used for this purpose.
8.1 Glossary
The following terms are general to SAP products. Not all terms may be relevant for this SAP product.
Security Aspects
48 PUBLIC Data Protection and Privacy
Term Definition
Blocking A method of restricting access to data for which the primary

business purpose has ended.
Consent The action of the data subject confirming that the usage of
his or her personal data shall be allowed for a given purpose.
A consent functionality allows the storage of a consent re
cord in relation to a specific purpose and shows if a data
subject has granted, withdrawn, or denied consent.
Data subject An identified or identifiable natural person. An identifiable

natural person is one who can be identified, directly or indi
rectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online
identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural, or social
identity of that natural person.
Deletion Deletion of personal data so that the data is no longer avail

able.
End of business Date where the business with a data subject ends, for exam
ple, the order is completed, the subscription is canceled, or
the last bill is settled.
End of purpose (EoP) End of purpose and start of blocking period. The point in
time when the primary processing purpose ends, for exam
ple, a contract is fulfilled.
End of purpose (EoP) check A method of identifying the point in time for a data set when
the processing of personal data is no longer required for the
primary business purpose. After the EoP has been reached,
the data is blocked and can only be accessed by users with
special authorization, for example, tax auditors.
Personal data Any information relating to an identified or identifiable natu

ral person (a data subject).
Purpose The information that specifies the reason and the goal for
the processing of a specific set of personal data. As a rule,
the purpose references the relevant legal basis for the proc
essing of personal data.
Residence period The period of time between the end of business and the end
of purpose (EoP) for a data set during which the data re
mains in the database and can be used in case of subse
quent processes related to the original purpose. At the end
of the longest configured residence period, the data is
blocked or deleted. The residence period is part of the over
all retention period.
Security Aspects
Term Definition
Retention period The period of time between the end of the last business ac
tivity involving a specific object (for example, a business
partner) and the deletion of the corresponding data, subject
to applicable laws. The retention period is a combination of
the residence period and the blocking period.
Sensitive personal data A category of personal data that usually includes the follow
ing type of information:
● Special categories of personal data, such as data reveal

ing racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade union membership, genetic
data, biometric data, data concerning health or sex life
or sexual orientation.
● Personal data subject to professional secrecy
● Personal data relating to criminal or administrative of
fenses
● Personal data concerning insurances and bank or credit
card accounts
Where-used check (WUC) A process designed to ensure data integrity in the case of
potential blocking of business partner data. An application's
where-used check (WUC) determines if there is any depend
ent data for a certain business partner in the database. If de
pendent data exists, this means the data is still required for
business activities. Therefore, the blocking of business part
ners referenced in the data is prevented.
8.2 Master Data Records
Master data records that may contain personal data can be divided in two groups:
● Data that has been configured by the user, which includes any data you have defined such as attributes,
master data types, key figures, and so on. You can define master data type attributes as personal data in
the Master Data Types app by selecting a checkbox Personal Data for the attribute that contains personal
data. After you’ve done that, the system tracks changes made to that attribute. For more information, see
Change Log section of this topic.
● Static data integrated from external systems such as SAP ERP or SAP S/4HANA
Information Report
Data subjects have the right to receive information regarding their personal data undergoing processing. The
personal data record feature helps you to comply with the relevant legal requirements for data protection by
Security Aspects
allowing you to search for and retrieve all personal data for a specified data subject. The search results are
displayed in a comprehensive and structured list containing all personal data of the data subject specified,
organized according to the purpose for which the data was collected and processed.
In the IBP Excel add-in, you can view master data and key figure data that contain personal information by
filtering by the corresponding attribute, for example, you can display data of a particular supplier filtered by
contact person name. For more information, see the SAP Help Portal at http://help.sap.com/ibp, under
Application Help SAP Integrated Business Planning Planning with Microsoft Excel Information for
Business Users Managing Master Data .
The master data and transaction data that are replicated from the external systems and may contain personal
data are only duplicates of the original data in the source systems. You can use the information report in the
respective source system.
Deletion of Personal Data
The processing of personal data is subject to applicable laws related to the deletion of this data when the
specified, explicit, and legitimate purpose for processing this personal data has expired. If there is no longer a
legitimate purpose that requires the retention and use of personal data, it must be deleted. When deleting data
in a data set, all referenced objects related to that data set must be deleted as well. Industry-specific legislation
in different countries also needs to be taken into consideration in addition to general data protection laws. After
the expiration of the longest retention period, the data must be deleted.
SAP Integrated Business Planning might process data (personal data) that is subject to the data protection
laws applicable in specific countries. All kinds of data that is extracted into SAP Integrated Business Planning
and all business planning data that relates to personal data can be deleted using the standard functions
provided by SAP Integrated Business Planning. You first delete the planning data (key figures) related to the
personal data that shall be deleted, and afterwards the personal data (master data such as customer ID) as
well.
For more information about the manual deletion of planning data and master data, see the SAP Help Portal at
http://help.sap.com/ibp, under Data Integration Scenarios Data Integration Jobs Uploading Data from a
CVS File Uploading Master Data Deleting Master Data . For information about automatic deletion using
application job templates, see the SAP Help Portal at http://help.sap.com/ibp, under Application Help SAP
Integrated Business Planning Administration Data Lifecycle Management .
Note that only planning data/master data of views that are connected to the SAP Integrated Business Planning
backend can be securely deleted from the databases in SAP Integrated Business Planning. For this reason you
should make sure that Excel sheets that contain business planning data in general and personal data
specifically should be secured by the security mechanisms of Microsoft Office (for example password
protection) and the client operative system (such as hard drive encryption). Common client protection tools
such as virus scanners on the clients are also highly recommended.
The master data and transactional data that are replicated from the external systems and may contain
personal data are only duplicates of the original data in the source systems. You can block such data in the
respective source system and the data will be automatically deleted from IBP.
Security Aspects
Change Log
Personal data is subject to frequent changes. Therefore, for review purposes or as a result of legal regulations,
it may be necessary to track the changes made to this data. When these changes are logged, you should be
able to check which employee made which change, the date and time, the previous value, and the current
value, depending on the configuration. It is also possible to analyze errors in this way.
You can view a change log of the master data attributes that contain personal data in the View Personal Master
Data Changes app. The app also allows you to download the changes in an Excel file. For more information
about this app, see the SAP Help Portal at http://help.sap.com/ibp, under Application Help SAP Integrated
Business Planning Administration User-Related and Personal Data View Personal Master Data Changes .
The master data and transaction data that are replicated from the external systems and may contain personal
data are only duplicates of the original data in the source systems. You can use the change log in the respective
source system.
8.3 Business User Records
Information Report
Data subjects have the right to receive information regarding their personal data undergoing processing. The
personal data record feature helps you to comply with the relevant legal requirements for data protection by
allowing you to search for and retrieve all personal data for a specified data subject. The search results are
displayed in a comprehensive and structured list containing all personal data of the data subject specified,
organized according to the purpose for which the data was collected and processed.
SAP Integrated Business Planning allows you to view which of the data linked to a specific user ID is stored and
how it is used by IBP. You can view this data in the Data Linked to User app. For more information, see the SAP
Help Portal at http://help.sap.com/ibp, under Application Help SAP Integrated Business Planning
Administration User-Related and Personal Data Data Linked to User .
Employee data can be viewed from Identity and Access Management. For more information, see the SAP Help
Portal at http://help.sap.com/ibp, under Application Help SAP Integrated Business Planning
Administration Identity and Access Management .
Deletion of personal data
The processing of personal data is subject to applicable laws related to the deletion of this data when the
specified, explicit, and legitimate purpose for processing this personal data has expired. If there is no longer a
legitimate purpose that requires the retention and use of personal data, it must be deleted. When deleting data
in a data set, all referenced objects related to that data set must be deleted as well. Industry-specific legislation
Security Aspects
in different countries also needs to be taken into consideration in addition to general data protection laws. After
the expiration of the longest retention period, the data must be deleted.
Employee data can be deleted from SAP Integrated Business Planning. You should first delete the business
user, then the employee it is based on. For more information, see Maintain Business Users, Maintain Employees,
and Information Lifecycle Management at http://help.sap.com/ibp, under Application Help SAP Integrated
Business Planning Administration Identity and Access Management App Descriptions .
In addition, you can view details of deleted business users and allow or block their re-creation using Maintain
Deleted Business Users app. After that, you can destruct the business user data. For more information, see
Maintain Deleted Business Users at http://help.sap.com/ibp, under Application Help SAP Integrated
Business Planning Administration Identity and Access Management App Descriptions .
Change Log
Personal data is subject to frequent changes. Therefore, for review purposes or as a result of legal regulations,
it may be necessary to track the changes made to this data. When these changes are logged, you should be
able to check which employee made which change, the date and time, the previous value, and the current
value, depending on the configuration. It is also possible to analyze errors in this way.
You can see a change log of the employee data records in Maintain Employees app (see the SAP Help Portal at
http://help.sap.com/ibp, under Application Help SAP Integrated Business Planning Administration
Identity and Access Management Maintain Employees ).
8.4 Relevant Business Catalogs
The business catalogs described below are required to be assigned to a business role to maintain personal
data:
Business Catalog ID Business Catalog Name Description
SAP_IBP_BC_EXCEL_ADDIN_PC Basic Planning Tasks Allows users to perform a set of plan

ning tasks including viewing of change
history
SAP_IBP_BC_USERGROUP_PC User Group Allows users to create and edit user

groups for collaboration purposes
SAP_IBP_BC_FILTER_PC Planning Filters Allows users to view, edit, copy, and de
lete filters that are used in other areas
of SAP Integrated Business Planning
Security Aspects
Business Catalog ID Business Catalog Name Description
SAP_IBP_BC_PDV_PC Data Linked to Users Allows users to view changes that were
made to the data linked to them in SAP
Integrated Business Planning, and to
download those changes
SAP_IBP_BC_PDCL_PC Personal Data Changes Allows users to view changes that were
made to personal data of master data
types, and to download those changes
SAP_CORE_BC_IAM (Deprecated) Identity and Access Management Allows users to maintain business roles
and business users
SAP_CORE_BC_IAM_RA Identity and Access Management - Role Allows users to assign business users
Assignment to business roles
SAP_CORE_BC_IAM_UM Identity and Access Management - User Allows users to create and maintain
Management business users
SAP_CORE_BC_IAM_RM Identity and Access Management - Role Allows users to create and maintain
Management business roles
SAP_IBP_BC_PLANMODEL_CF_PC Configuration Allows users to perform a set of tasks

including maintenance of master data
types and attributes, time profiles, plan
ning areas, planning levels, key figures,
versions, and planning operators
SAP_CORE_BC_IAM_UMD Identity and Access Management - User Allows users to display details of de
Management of Deleted Users leted business users, such as the reten
tion period, and allow or block their re-
creation.
SAP_IBP_BC_SYSMON_PC System Monitoring Allows users to monitor KPIs related to

the performance of the IBP system and
the login details of the IBP Excel add-in.
For more information, see the SAP Help Portal at http://help.sap.com/ibp, under Application Help Identity
and Access Management Basic Concepts Business Catalogs .
Security Aspects
9 Display Security Audit Log
Display and access information about security-relevant events.
With this app you can display information about security-relevant events that occur in your SAP system. This
can be necessary in case of an audit.
Key Features
This app provides the following key features:
● Recording of security-relevant events in your SAP system.

● Access to previously specified log files in the form of an audit analysis report.
● Desktop
● Tablet
● Smartphone
9.1 How to Display the Audit Analysis Report
The Display Security Audit Log produces an audit analysis report that contains the audited activities. By using
the audit analysis report, you can analyze events that have occurred and have been recorded in your SAP
System.
Context
Display audit log events using different filters.
Procedure
1. Open the Security Audit Log.
Security Aspects
Display Security Audit Log PUBLIC 55
2. Use the filters to customize your audit log report.
Available Filters:
○ Timestamp
Use this filter to change the time frame for which the log is displayed.
○ Audit Event
Use this filter to change the time frame for which the log is displayed.
○ Program
Use this filter to specify the program that you want to limit the log output to.
○ Transaction Code
Use this filter to specify the transaction that you want to limit the log output to.
3. Choose Go.
9.2 How to Configure a Personalized View
You can use the application settings to configure a personalized view of the security audit log. You can save
created views and share them with other users.
Context
Configure different views of the security audit log depending on your use case.
Procedure
1. Choose  settings.
2. choose either Columns, Sort, or Group.
3. Configure your view.
Option Description
Columns Select or deselect the columns that you want to be shown

in the audit log report. You can change the order of the col
umns with the arrow symbols.
Sort Choose a column by which you want to sort your audit log
report and select Ascending or Descending. You can add
more than one sort method with the plus symbol.
Group Choose dimension by which you want to group your audit

log entries.
4. Choose OK.
Security Aspects
56 PUBLIC Display Security Audit Log
5. Choose the view in the upper left corner.
6. Choose Save As.
7. Choose a name.
8. Select one of the checkboxes.
Option Description
Set as Default The view that you configured will be displayed by default
when you open the Security Audit Log application.
Public Your view is available to other users of the Security Audit

Log.
Apply Automatically The filters that you specified for this view will be applied
and the report is run automatically when you click on it.
9. Choose Save.
You can also send your report to a colleague by e-mail, share it on SAP JAM, or save your report as a tile. To
do this actions choose  shareand choose either:
○  Send E-Mail
○  Share on SAP JAM
○  Save as Tile
Security Aspects
Display Security Audit Log PUBLIC 57
10 Virus Scanning
Any kind of external data such as office documents, images, binaries are considered insecure unless they are
scanned for malicious or suspicious code. In IBP, virus scanning is performed every time you share a document
as a favourite, or upload excel files using the IBP add-in for Microsoft Excel. During upload, the proper MIME-
type of xls files are checked. The following MIME types are supported:
Supported MIME Types
File Extension MIME Type Description
xls application/vnd.ms-excel Excel 2007
xlsx application/ Excel 2013 without macros

vnd.openxmlformats-
officedocument.spreadsheetml.s
heet
xlsm application/vnd.ms- Excel 2013 with macros enabled

excel.sheet.macroEnabled.12
If the file contains a virus, the system does not allow it to be uploaded. We also highly recommend common
client protection tools, such as virus scanners on the clients.
Security Aspects
58 PUBLIC Virus Scanning
Important Disclaimers and Legal Information
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:
● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such
links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.
Beta and Other Experimental Features

Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by
SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use
the experimental features in a live operating environment or with data that has not been sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your
feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Gender-Related Language
We try not to use gender-specific word forms and formulations. As appropriate for context and readability, SAP may use masculine word forms to refer to all genders.
Videos Hosted on External Platforms

Some videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any
advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within
the control or responsibility of SAP.
Security Aspects
Important Disclaimers and Legal Information PUBLIC 59
www.sap.com/contactsap
© 2020 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form

or for any purpose without the express permission of SAP SE or an SAP
affiliate company. The information contained herein may be changed
without prior notice.
Some software products marketed by SAP SE and its distributors

contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for

informational purposes only, without representation or warranty of any
kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or
SAP affiliate company products and services are those that are set forth
in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an
additional warranty.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.
Please see https://www.sap.com/about/legal/trademark.html for

additional trademark information and notices.
THE BEST RUN

IBP Security Guide

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

IBP Security Guide

Caricato da

Copyright:

Formati disponibili

SECURITY GUIDE | PUBLIC

Document Version: 1.5 – 2020-04-09

THE BEST RUN

2 Technical System Landscape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3 Roles and Authorizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

5 Security of Data Centers and External Auditing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

7 Secure Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

8 Data Protection and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

9 Display Security Audit Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

● Technical System Landscape [page 4]

● Create and assign appropriate business roles to your business users

● The business data is stored securely in SAP data centers.

Initial User Provisioning

4.1 Permission Filters

Master Data Types

Key Figure Values

Manage Permission Filters [page 8]

4.1.1 Manage Permission Filters

You can assign permission filters to users either directly or indirectly:

You can assign multiple permission filters to a single user at once.

Supported Device Types

Working With Permission Filters [page 9]

4.1.1.1 Working With Permission Filters

Find out how to define and change permission filters.

Attribute Operator Value

Customer ID equal to Company ABC

Customer ID equal to Company XYZ

Attribute Operator Value

Customer ID equal to Company ABC

Customer ID equal to Company XYZ

Location Region equal to USA

○ Belongs to location region USA

3. Select an operator and enter a value.

4.1.1.2 Using Operators to Define Filter Criteria

Operator Description Example

not equal to The user can view planning data for

greater than The user can view planning data for

less than The user can view planning data for

between The user can view planning data for

4.1.1.3 Examples of Permission Filters

PRDFAMILY = Shampoo is an attribute of the master data type PRODUCT

LOCID = LOC A is an attribute of master data type LOCATION.

● Product records in PRODUCT whose PRDFAMILY attribute has Shampoo as a value

The same is true for:

Key Figure Restriction Sales Fcst Qty = READ, WRITE

Filter Criteria for Read Access Region = R1

Write Access for Key Figures Sales Fcst Qty

Filter Criteria for Write Access Country = CN1

Filter Criteria for Read Access Region = R1

Write Access for Keyfigures Sales Fcst Qty

Filter Criteria for Write Access Country = CN2

Permission Filters by Application

Business Write (Editability) Crite­

Admin­ System Monitoring N/A N/A Permission filters are not

Admin­ Content N/A N/A Permission filters are not

Admin­ Manage Permission N/A N/A Permission filters are not

Admin­ Purge Non- N/A N/A Permission filters are not

Model Attributes app No No Permission filters are not

Model Master Data Types No No Permission filters are not

Model Time Profiles app No No Permission filters are not

Model Sample Model Entities No No Permission filters are not

Model Reason Codes app No No Permission filters are not

Model Configuration app No No Permission filters are not

Model Transport Model No No Permission filters are not

Business Write (Editability) Crite

Admin System Monitoring N/A N/A Permission filters are not

Admin Content N/A N/A Permission filters are not

Admin Manage Permission N/A N/A Permission filters are not

Admin Purge Non- N/A N/A Permission filters are not

Data in Data Integration Jobs No No Permission filters are not

Data in SAP Cloud Platform No No Permission filters are not

Busi Data sharing Yes Yes For provider data sharing

For consumer data shar

De Statistical Forecasting Yes No Forecasting algorithms

De Forecast Automation No No

De Assign Forecast Models Yes No Permission filters are

De Manage Product Lifecycle Yes No Permission filters are only

De Analyze Promotions app Yes No

De Manage Realignment No No

De Settings for Product No No

De Forecast error calcu Yes No Profile-based forecast er

Inven DDMRP Buffer Analysis Yes No The visibility part of the

Inven Inventory optimization Yes No Permission filters are not

Users who run these op

Analyt Analytics - Advanced Yes No The visibility part of the

Analyt Dashboard-Advanced Yes No The visibility part of the

Analyt Supply Chain Network Yes No The visibility part of the

Excep Custom Alerts app Yes No The visibility part of the

Excep Custom Alerts Yes No The visibility part of the

Excep Define Custom Alerts Yes No The visibility part of the

Excep Monitor Custom Yes No The visibility part of the

Excep Manage Cases app Yes No The visibility part of the

Excep Define Custom Alerts Yes No The visibility part of the

Cross Delete Version No No Because the delete ver

IBP Ex IBP Excel add-in Mas N/A N/A

IBP Ex IBP Excel add-in Plan No No Documented in release

IBP Ex IBP Excel add-in Job N/A N/A

Attribute Description read permis