SAP Security

SAP Encryption

A SAP system communicates with SAP clients, browsers, applications and other SAP systems via the local network. Data is also exchanged between SAP system components. In all cases, data which needs to be protected is transferred. This includes not only the data used to authenticate users (e.g. user name and password, cookies, certificates, etc.), but also business data processed as part of the activated functions.


Secure Network Communications (SNC) is a software layer developed by SAP which provides end-to-end protection for data communication channels between SAP system components that use SAP protocols such as RFC or DIAG.

The security layers of SNC

With SNC the following security layers are presented for communication:

  • SAP GUI and SAP systems
  • Between two SAP system-server (ABAP und Java)
  • Extern RFC server and SAP system server
  • Between SAP router
  • SAP systems and SAP print server

The SNC itself does not contain a security mechanism, but provides an interface for external security products such as smart cards with the “GSS-API V2” (Generic Security Services Application Programming Interface Version 2).

Protection levels of the security layer


  • 1. Authentication - low protection

    Only identities of communication partners are checked. Data is sent unencrypted.

  • 2. Integrity - medium protection

    all undesired data changes can be detected during transmission. Data is sent unencrypted.

  • 3. Privacy - high protection

    data is transmitted between the partners via cable in encrypted form.