Secure Area (Launchpad) Help
For more details, refer to the learning map for secure area.
- Value of Secure Area
- Auhorization Concept
- Access Options to Secure Area
- Secure Area Application
- Incident Restricted View
- Display History Log
- Save storage of access data for remote logon to an SAP system.
- Access data is related to the system, not to the incident.
- Access data needs to be created only once per system and can then be used for each incident referring to this system.
- A user's access data can be explicitly assigned to a certain incident in order to restrict the visibility of the user’s password for SAP.
- Access data can be changed at any time.
- All data changes and access to the secure area are tracked in a history log.
- An incident indicates if access data is stored for the system or not.
- S-users with the Maintain my Logon Data authorization can store logon data and display or change logon data they had included before; however, they cannot see the passwords specified by other users (but they can change them).
- S-users (e.g. super-administrators) with the Maintain all Logon Data authorization have full access to create, change and display all stored logon data of all S-users.
Maintain access data:
- directly via the incident by clicking the Secure Area link or
- centrally when creating a new incidentby clicking the Secure Area link under Credential area.
Note: The option to assign specific users to a certain incident is only offered when the secure area has been accessed via an incident (see point 5).
The application is to be used by customers only to maintain and provide customer data for "User", "SAP-Routers", "Servers", "Contacts", and "Info" for SAP Support when necessary. It is only possible to maintain logon data for all the systems assigned to the same customer only. No cross customer visibility is provided.
- Incidents section - used to maintain User Visibility per incident. All the maintained users are visible to SAP Support processor by default.
- History Log - All data changes and access to the secure area are tracked in the history log, per system. The log can be exported to Excel.
Select the header "Related Options" drop-down to view and maintain another customer related system.
Click Display Logon Data after entering the logon data. All entered logon data is shown at a glance in display mode. Only users that have maintained this data and users with the Maintain all Logon Data authorization can see the stored passwords. For users with the Maintain my Logon Data authorization, the stored passwords of other colleagues are not visible, but can be changed.
When creating or working on an incident, you are able to assign specific users to a certain incident. Therefore you can restrict the number of users visible to this specific incident for SAP incident processors. When creating an incident you have to save the incident in order to get access to the restricted view by clicking the Maintain User Restricted View button.
- This restriction refers to SAP system users only and will not affect any other users such as SAPRouter users or users for additional servers.
- Users from other systems or installations are selectable.
- If users are explicitly assigned to the incident, SAP will be able to see only those users that are part of this restricted list. All other users are not displayed.
- If no user is explicitly assigned to the incident, there is no restriction regarding the visibility of the login information. All users and passwords are then visible by SAP.
Note: With this modification it is possible that customers can create a user for a system that is only valid for a specific incident. If the restricted view is created this will be indicated (after refresh) by an icon under the corresponding system by the incident number this view is built for.
All data changes and access to the secure area are tracked in the history log. Also the incident number is logged if the secure area has been called from an incident.
Note: If the same user calls the secure area more than once per day without making any changes, only the first login is tracked to make the log more readable.