Security Guide | PUBLIC

Document Version: 1.0 – 2025-07-28

Security Guide for PLM System Integration 3.0

for SAP S/4HANA
FP03
© 2025 SAP SE or an SAP affiliate company. All rights reserved.

THE BEST RUN

Content

1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2 Before You Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

3 User Authentication and Authorization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

3.1 Authorization Concept Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Authorization Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
HTTP Endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
RFC Endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
3.3 Standard Role Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4 Session Security Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

5 Network and Communication Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

5.1 Content Server Options and Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

6 Data Protection and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
2 PUBLIC Content
1 Introduction

This Security Guide provides information that is relevant for all software lifecycle phases.

Target Audience

• Technology consultants
• Security consultants
• System administrators

Why Is Security Necessary?

With the increasing use of distributed systems and the internet for managing business data, the demands
on security are also on the rise. When using a distributed system, you need to be sure that your data and
processes support your business needs without allowing unauthorized access to critical information. User
errors, negligence, or attempted manipulation of your system should not result in loss of information or
processing time. These demands on security apply to all integrated systems as well as the integration itself. To
assist you in securing PLM system integration for SAP S/4HANA, we provide this Security Guide.

About this Document

The security concept of PLM system integration for SAP S/4HANA offers secure system-to-system
communication using state-of-the-art authentication and authorization technologies. This Security Guide
provides a comprehensive overview of security-relevant information. The information in this guide specifically
applies to PLM system integration for SAP S/4HANA. For security-relevant information of an integrated
external PLM system, refer to the security information provided for this system.

The following documentation uses the term "SAP S/4HANA" to refer to both SAP S/4HANA Cloud Private
Edition and SAP S/4HANA.
For security-relevant information for SAP S/4HANA, refer to the Security Guide for SAP S/4HANA, provided on
the Implement tab in the SAP Help Portal.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
Introduction PUBLIC 3
2 Before You Start

In the case of system integrations, the security standards of the connected systems apply on top of any
integration-specific security requirements.

PLM system integration for SAP S/4HANA is based on SAP S/4HANA. Therefore, the related security guides
also apply to PLM system integration for SAP S/4HANA. You can find Security Guides for SAP S/4HANA on the
SAP Help Portal.

A list of additional security relevant SAP HotNews and SAP Notes is also available on the SAP Support
Portal .

 Note

We recommend that you also consider the Security Requirements of the external PLM system you are
integrating!

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
4 PUBLIC Before You Start
3 User Authentication and Authorization

This section provides an overview of how you manage and authenticate users for an integration between an
external PLM system and SAP S/4HANA.

For the external PLM system, a service user must be created in your SAP S/4HANA instance. The external PLM
system must use this service user to communicate with the SAP S/4HANA system.

All other users are independently created and managed in the SAP system and in the external PLM system
respectively.

The authorization concept for the integration consists of several areas:

• Authorization group
• Role templates (see Standard Role Templates [page 13])
• Endpoint authorization for the integration with an external PLM system:
• HTTP Endpoints [page 11]
• RFC Endpoints [page 11]

For detailed information, see Authorization Concept Overview [page 6].

User Types and Authorization

When calling an HTTP endpoint at SAP or sending data to an external PLM system, the user who is triggering
the call has to be authenticated. This can happen using technical or named users.

 Note

Depending on the assigned authorizations, users may be granted comprehensive permissions to access
and change data in the SAP system as well as in the integrated external PLM system. Verify which user
types are supported by the external PLM system. Make sure to use complex and secure passwords to
improve data security!

Authentication can be granted using a:

• User for data transfer: Users are maintained by an administrator. Name and password/certificate for all
technical users have to be provided during the installation and configuration of the integration. (You need
to provide information about the technical users created in the SAP system to the administrator of the
external PLM system, see also Mandatory Activities).
• User for data federation (display only): This special (technical) user provides the authorizations to use data
federation. It is configured in the SAP system. In the external PLM system, the respective user credentials
need to be entered to receive authorization to use the data federation functionality.

Create both user types in the SAP system. You can use standard role templates to create these users.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
User Authentication and Authorization PUBLIC 5
  Note

We recommend using a speaking name, including the name of the external PLM system, for example,
PLMSYSTEM (technical user for data transfer) and PLMSYSTEM_D (technical user for data federation).

For more information on user management in the SAP system, search for User Management in the SAP Help
Portal.

Authentication Methods

The following authentication methods are supported for a session’s first HTTPS:

• Basic authentication: Can be used for both types of technical users.

 Note

We strongly recommend using HTTPS only, to ensure password encryption. Password changes aren't
supported.

• X.509 client certificate: A client certificate can be used to log a user on with a certificate (rule-based or
explicit user mapping). For more information, search for the chapter Using X.509 Client Certificates on the
AS ABAP on the SAP Help Portal.
After the first logon, the SAP system sends back the HTTP cookies SAP_SESSIONID_<sys>_<client>
in all variants. These can be used in subsequent calls to authenticate without sending user and password
again, unless an HTTP timeout occurs, as defined in the SAP profile parameters.

Related Information

Authorization Concept Overview [page 6]

User Management [page 12]
Standard Role Templates [page 13]

3.1 Authorization Concept Overview

This section outlines the general authorization concept for PLM system integration for SAP S/4HANA.

Endpoints

The integration uses the following endpoints:

• HTTP Endpoints [page 11]

• RFC Endpoints [page 11]

For activities performed in PLMSI and the integrated SAP objects, PLM system integration for SAP S/4HANA
leverages the existing checks in the API layer of the SAP objects.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
6 PUBLIC User Authentication and Authorization
The required authorizations are already part of the standard role templates; there’s no need to provide
authorizations separately (see Standard Role Templates [page 13]).

3.1.1 Authorization Objects

This chapter gives an overview of the available authorization objects for inbound integration between your SAP
system and external PLM systems.

The system checks the authorizations for the integration based on roles:

1. Inbound integration: Authorization Object /PLMF/ACC (PLMSI: Inbound Service Authorization) [page 9]
2. Administration: Authorization Object /PLMF/ADM (PLMSI: Admin Authorization) [page 7]
3. Business user authorizations: Authorization Object /PLMS/UI (Fiori Authorization) [page 11] for SAP
Fiori UIs and Authorization Object /PLMS/FRS [page 10]for the file redirect service.

Related Information

Standard Role Templates [page 13]

3.1.1.1 Authorization Object /PLMF/ADM (PLMSI: Admin

Authorization)

The authorization object /PLMF/ADM (PLMSI: Admin Authorization) defines the allowed actions for various
administrative activities.

This authorization object has the following parameters:

Field Authorization Values Description

ACTVT 01 Add or create

02 Change

03 Display

06 Delete

16 Execute

60 Import

61 Export

A9 Send

RE Restart

W1 Debug

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
User Authentication and Authorization PUBLIC 7
Field Authorization Values Description

/PLMF/FUNC CASE Case

CLEANUP_KM Key Mapping Cleanup

FRDRCT_URL Redirect Service URL Update

KM Key Mapping

LICENSE License Measurement

MESSAGE Extract Message Payloads

MIGRATION Delete data after migration

MPO_LOG Delete logs

SAP_EVENT SAP Event

VDR_KM Vendor Key Mapping

WORKBENCH PLMSI Workbench

The authorization object /PLMF/ADM (PLMSI: Admin Authorization) also controls access to the PLMSI
Workbench and the administration reports, as outlined in this chapter.

The PLMSI Workbench is designed as PLMSI-specific logging and monitoring tool supporting power users
or administrators in operating the integration. You can call up the PLMSI Workbench from the SAP Menu
Cross-Application Components PLM System Integration or using the transactionPLMF/WORKBENCH (see
also PLMSI Workbench.

 Note

You can access all reports mentioned in the following table from the SAP Menu Cross-Application
Components PLM System Integration .

Administration Reports
Report Use

Execute Data Migration – /PLMF/ Migrate data after a software version update from the re-
EXECUTE_DATA_MIGRATION spective data tables (mandatory activity after upgrade!).

Clean Up Data – /PLMF/DATA_CLEANUP Perform various data cleanup tasks after a data migration
or on a regular basis. Delete obsolete migration entries, or-
phaned key mappings, selected key mappings, vendor key
mappings, PLMSI messages and logs, and message object
counters older than 2 years.

Display Stored Message Object Counters – /PLMF/ Generate a list of stored message object counters.
MSG_OBJ_CNT_LIC_MEASURE

Maintain Values for License Measurement – /PLMF/ Maintain the number of authoring users of external PLM
MANAGE_LIC_MEASURE systems that are integrated through PLMSI (optional).

Update File Redirect Service Path URL – /PLMS/ Update all existing dynamic URL files with the current File
DV_FILE_URL_UPDATE Redirect Service path URL.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
8 PUBLIC User Authentication and Authorization
 Report Use

Send Objects to External PLM System - /PLMF/ Send Objects to External PLM System. Manually start the
MANUAL_OUTBOUND outbound integration process to selected target systems for
integration patterns that support the outbound maintain re-
quest.

Additionally, you can use the report in the following table.

 Note

You can access this report using the transaction SE38.

Report Use

/PLMF/CONVERT_MPO_LOG Migrate entries from data tables /PLMF/MPO_LOG and /

PLMF/MPO_LOG_I to data table /PLMF/MPO_SY_MSG for
PLMSI using a Date/Time interval for data selection.

3.1.1.2 Authorization Object /PLMF/ACC (PLMSI: Inbound

Service Authorization)

The authorization object /PLMF/ACC (PLMSI: Inbound Service Authorization) defines the allowed actions for
inbound data transfer coming from an external PLM system.

This authorization object has the following parameters:

Authorization Object for Inbound Data Transfer

Field Authorization Values Description

ACTVT 01 Create, generate

03 Display

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
User Authentication and Authorization PUBLIC 9
Field Authorization Values Description

/PLMF/TYPE CO Change Object

DV Document Version

DVF Document Version File

FC File (Upload) Confirmation

IC Inspection Characteristic

COI Customer Order Item

OPS Customer Order Item Product Struc-

ture
POL
Production Operation List
PR
Product Version Key Reservation
PV
Product Version
SV
Structure Version
VD
Variant Definition
VDR
Vendor
VO
Variant Option
VOR
Variant Option Rule
VSV
View Structure Version

/PLMF/LOGI Authorization of source logical system

3.1.1.3 Authorization Object /PLMS/FRS

The authorization object /PLMS/FRS defines if a user is authorized to use the Document Version File Redirect
Service.

For more information on the Document Version File Redirect Service, see Map DM Document Version to SAP
Document Info Record.

This authorization object has the following parameters:

Authorization Object for File Redirect Service

Field Authorization Values Description

ACTVT 03 Display

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
10 PUBLIC User Authentication and Authorization
3.1.1.4 Authorization Object /PLMS/UI (Fiori
Authorization)

The authorization object /PLMS/UI (Fiori Authorization) defines if a user is authorized to display data
federation information in the Fiori apps for PLM system integration.

For more information on the available Fiori apps for PLM system integration, seesee also Operating PLM
system integration for SAP S/4HANA.

Authorization Object for Fiori

Field Authorization Values Description

ACTVT 03 Display

/PLMS/TYPE CO Change Object

PV Product Version

Users are only authorized to display data for the associated object types. The object type /PLMS/TYPE defines
the type of object for which data can be displayed, for example, product version.

3.1.2 HTTP Endpoints

The integration offers the HTTP endpoints below. Authorization for these endpoints is managed through the
authorization objects as outlined in chapter Authorization Objects [page 7].

• <servername>/sap/bc/rest/plmf/plmsi/0001/: PLM System Integration – Service Version 1: for inbound

data transfer
• <servername>/sap/bc/rest/plmf/plmsi/0002/: PLM System Integration – Service Version 2: for inbound
data transfer (to be used as of release 2.0 FP03, option to process partial payloads)
• <servername>/sap/bc/rest/plmf/plmsi/fileRedirect/: PLM System Integration – File Read Redirect Service:
for the file redirect service.
• <servername>/sap/bc/rest/plmf/plmsi/monitor/: PLM System Integration – Asynchronous: for
asynchronous data processing: This endpoint is used to fetch the response of the previous request during
asynchronous inbound processing. The system checks that the user fetching the response data is the
same as the user who sent the request with asynchronous processing option.

3.1.3 RFC Endpoints

The integration uses the RFC function module /PLMF/EXEC_TASK_PACKAGE for parallelization during inbound
data transfer.

The function module /PLMF/EXEC_TASK_PACKAGE is only intended for internal processing and should not be
used as a user endpoint. For information about parallelization settings, see Define Parallel Processing Settings
for Inbound. The authorization check includes the fields:

• Activity (create or display), depending on request type maintain or display

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
User Authentication and Authorization PUBLIC 11
• Domain Model object type
• Domain Model logical instance

3.2 User Management

PLM system integration for SAP S/4HANA uses the authorization concept provided by SAP S/4HANA.

This means that the recommendations and guidelines for authorizations as described in the Security Guide for
SAP S/4HANA also apply. For more information, see the Security Guide for SAP S/4HANA, provided on the
Implement tab in the SAP Help Portal.

Users for PLM system integration for SAP S/4HANA

PLM system integration for SAP S/4HANA connects an external PLM system with SAP S/4HANA using the
users below. You can use Standard Role Templates [page 13] to create these users:

• Inbound:
User for inbound data transfer to the SAP system (for example, PLMSYSTEM) for data creation and
updates. We recommend that you assign the role template SAP_PLMS_INTEG_USER to this user.
• Outbound:
You can use the same user as for inbound data transfer for outbound data creation and updates. Enter this
user in transaction SM59 for outbound RFC. Additionally, the workflow user SAP_WFRT is required. Each
user needs the role templates SAP_PLMS_BUS_USER and SAP_PLMS_INTEG_USER.
• Data federation: user (for example, technical user PLMSYSTEM_D) to read materials, documents, BOMs,
and so on, display rights only. To create users for data federation, assign the same roles as for the standard
technical user, then remove create, update, and delete rights, and only grant display rights.

Create these users in the SAP system (see also Installation Flow for PLM system integration for SAP S/4HANA.
You can use the role template SAP_PLMS_INTEG_USER to create the roles for these users.

Users who want to install SAP Fiori apps need the role SAP_PLMSI_BCR_BOM_ENGINEER_T assigned.

User Role Creation

You can create these users using the standard tools:

1. Call up transaction SU01.

2. Create a single role in namespace Z, for example, Z_SAP_PLMS_INTEG_USER (template:
SAP_PLMS_INTEG_USER).
3. Maintain a description.
4. Get the required template from Authorizations Change Authorizations . To fix red or yellow entries,
enter Customizing data (for example, specific plants) or choose Full Authorization.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
12 PUBLIC User Authentication and Authorization
 5. Add the role to a transport request.

 Note

The data federation role SAP_PLMSI_BCR_BOM_ENGINEER_T is client-specific, while role templates are
not. After installation, the role will only be available in the client it was created in, it needs to be copied
to other clients, as required. You can use transaction PFCG to verify that all required roles exist in the
respective system/client.

Related Information

Installation Flow for PLM system integration for SAP S/4HANA

3.3 Standard Role Templates

This section gives a detailed outline of the authorization concept for PLM system integration for SAP
S/4HANA.

Role Templates

Role templates can be accessed using the transaction GLOBAL_TEMPLATES or PFCG Utilities Templates .
To call up the available role templates for PLMSI, search for SAP_PLM*. The system offers pre-defined
authorization objects for each role template.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
User Authentication and Authorization PUBLIC 13
Role Templates for Users, Technical Users, and Business Administrators
Role Template Description Role Type System Target Group Comments

SAP_PLMS_IN- General user role Role template SAP S/4HANA Can be assigned Includes authori-
TEG_USER for every integra- to technical or zations for create
tion user, needed named users and update activi-
for outbound and ties of SAP PLMSI
inbound data  Note objects.
transfer; assign to
Verify if the ex-  Note
the technical user
for inbound data ternal PLM
Integrated sol-
transfer system can
utions may
transfer
need addi-
named users. tional authori-
zations, for ex-
ample, for
PEO or change
record func-
tionality.
Please refer to
the authoriza-
tion documen-
tation for
these solu-
tions.

SAP_PLMS_AD- Admin user, ad- Role template SAP S/4HANA Administrator Includes all au-
MIN_USER ministrator role for thorizations for
configuration and maintaining SAP
monitoring PLMSI configura-
tion including re-
porting for the
DV File Redirect
Service, display of
AIF logging (/AIF/
ERR) and Applica-
tion Log (/SLG1)

SAP_PLMS_BUS_ Named user, busi- Role template SAP S/4HANA Can be assigned to Includes all re-
USER ness role for out- named users quired authoriza-
bound integration tions for maintain-
ing SAP objects
which are relevant
for outbound inte-
gration, including
the DV File Redi-
rect Service

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
14 PUBLIC User Authentication and Authorization
 Role Template Description Role Type System Target Group Comments

SAP_PLMS_WFRT optional business Role template SAP S/4HANA Can be assigned Includes all re-
_USER role for managing optionally to quired authoriza-
workflows extend authoriza- tions for managing
tions of workflow workflows for the
user SAP_WFRT feedback loop or
for the feedback CO outbound sce-
loop or CO out- nario
bound scenario, if
necessary.

Role Template for Support Users

Role Template Description Role Type System Target Group Comments

SAP_PLMS_SUPP Support role for Role template SAP S/4HANA Support Includes all au-
RT_USER monitoring (dis- thorizations for
play only) display of SAP
PLMSI objects and
display of SAP
PLMSI configura-
tion, display of
AIF logging (/AIF/
ERR) and Applica-
tion Log (/SLG1)

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
User Authentication and Authorization PUBLIC 15
4 Session Security Protection

We recommend to implement the security measures outlined below.

To increase security and prevent access to the SAP logon ticket and security session cookies, we recommend
activating secure session management.

We also highly recommend using SSL to protect the network communications where these security-relevant
cookies are transferred.

Session Security Protection on the AS ABAP

To activate session security on the AS ABAP, set the corresponding profile parameters and activate the session
security for the clients using the transaction SICF_SESSIONS.

For more information, a list of the relevant profile parameters, and detailed instructions, search for Activating
HTTP Security Session Management on AS ABAP in the SAP Help Portal.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
16 PUBLIC Session Security Protection
5 Network and Communication Security

This section provides an overview of the security-relevant information for PLM system integration for SAP
S/4HANA, including the network topology and communication protocols used.

Target Group

• Technology consultants
• Security consultants
• System administrators

The internal network topology for the PLM system integration for SAP S/4HANA is based on the topology used
by the SAP S/4HANA Platform. The security guidelines and recommendations described in the security guide
for SAP S/4HANA Platform also apply. In particular, see SAP HANA Network and Communication Security in
this security guide, available on the SAP Help Portal.

SAP doesn't deliver pre-defined communication destinations with the PLM system integration for SAP
S/4HANA. An administrator at the customer needs to create the required destinations during the configuration
process (see also Mandatory Activities).

For more information, see the chapter PLMSI Configuration in the Configuration Guide for PLM system
integration for SAP S/4HANA.

Related Information

Before You Start [page 4]

Content Server Options and Security [page 17]

5.1 Content Server Options and Security

Depending on your content management strategy, you can use the SAP Content Server and/or the SAP
Document Management Service on BTP. For all options, you need to follow the instructions below to protect
your documents.

SAP Content Server

The SAP Content Server enables the storage of documents coming from the external PLM system.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
Network and Communication Security PUBLIC 17
The SAP Content Server is designed to manage large quantities of documents efficiently in diverse locations.
These documents usually contain confidential information of considerable value to the company. To protect
these documents, a number of security measures must be taken. You find detailed information in the SAP
Content Server Security Guide.

Generally, the security procedure and settings for the SAP Content Server are independent from the operating
system. Security measures that require different settings for Windows and Unix are described separately.

Make sure that you follow the instructions in this guide to set up the SAP Content Server securely (see also
Content Server Options and Installation).

Specifically, make sure to verify the following settings:

• Ensure that virus scan is active for the content server.

• Ensure that the signature is active (OACT).
• Ensure that the URL is generated in HTTPS (OACT) and that it supports expiry setting (CSADMIN).
To access the SAP Content Server Security Guide, go to the SAP Help Portal and search for SAP Content
Server Security Guide for SAP S/4HANA. Make sure you call up the latest version of the documentation.

 Note

We strongly recommend using HTTPS only.

SAP Document Management Service on BTP

The SAP Document Management Service on BTP enables secure, efficient file management in the cloud. It
provides the logic to send x access tokens, allowing file access during outbound scenarios, such as sending
document maintenance requests from an SAP system to external systems.

Make sure that you follow the instructions to set up the SAP Document Management Service on BTP securely
(see How to configure SAP Document Management Service on BTP as file repository (no official SAP Help
Portal documentation). You must also implement 3246481 (the information in the note also applies to the
PLMSI use case).

You can find general information on BTP Security in the SAP Help Portal: Search for SAP Business Technology
Platform, search your product version, then search for Security.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
18 PUBLIC Network and Communication Security
6 Data Protection and Privacy

This section provides information about how PLM system integration for SAP S/4HANA complies with data
protection requirements.

Data protection is associated with numerous legal requirements and privacy concerns. In addition to
compliance with general data protection and privacy acts, it’s necessary to consider compliance with industry-
specific legislation in different countries/regions. SAP provides specific features and functions to support
compliance with regard to relevant legal requirements, including data protection. SAP doesn’t give any
advice on whether these features and functions are the best method to support company, industry, regional,
or country/region-specific requirements. Furthermore, this information shouldn’t be taken as advice or a
recommendation regarding additional features that would be required in specific IT environments. Decisions
related to data protection must be made on a case-by-case basis, taking into consideration the given system
landscape and the applicable legal requirements.

 Note

SAP does not provide legal advice in any form. SAP software supports data protection compliance by
providing security features and specific data protection-relevant functions, such as simplified blocking and
deletion of personal data. In many cases, compliance with applicable data protection and privacy laws are
not covered by a product feature. Definitions and other terms used in this document aren’t taken from a
particular legal source.

 Caution

The extent to which data protection is supported by technical means depends on secure system operation.
Network security, security note implementation, adequate logging of system changes, and appropriate
usage of the system are the basic technical requirements for compliance with data privacy legislation and
other legislation.

We recommend that you run certain deletion reports on a regular basis. For more information, see
Housekeeping Activities.

Personal Data

Make sure that no personal data enters the system in an uncontrolled or non-purpose-related way, for example,
in free-text fields, through APIs, or extension fields.

User names and IDs as well as e-mail addresses are stored for logging purposes (for example, for users
working with change records). This may include data that is transferred as part of HTML files, for example,
in the form of work instructions. The storage of HTML data is handled and secured by the application where
the data resides, for example, SAP S/4HANA Manufacturing for production engineering and operations (PEO).
The system also stores user IDs for log files. You can use the report PLMSI Messages and Logs to review
and delete message, status, and logging data. You can access this report from the SAP Menu Cross-
Application Components PLM System Integration or using the transaction SE38. For more information, see
Housekeeping Activities.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
Data Protection and Privacy PUBLIC 19
  Note

The add-on may store business partner or vendor data. The add-on itself doesn't include functionality to
delete business partner data (as a standard object). If you need to delete vendor data, we recommend that
you first archive and delete the respective business partner data in your SAP system and then start the
report Delete Vendor Key Mapping to delete the business partner to vendor key mapping. For information
on the deletion of business partner data, refer to the information available from SAP One Support , or
search for Archiving and Deleting Business Partner Data in the SAP Help Portal.

 Note

Depending on your company's requirements, you may need to collect the consent of users to be able to
store any personal data. We assume that software operators, such as SAP customers, collect and store the
consent of data subjects before storing personal data from data subjects.

For general information on data protection and privacy for SAP S/4HANA, including a glossary, search for Data
Protection for the product SAP S/4HANA on the SAP Help Portal.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
20 PUBLIC Data Protection and Privacy
Important Disclaimers and Legal Information

Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:

• Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:

• The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.

• SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.

• Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering an SAP-hosted Web site. By using
such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.

Videos Hosted on External Platforms

Some videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any
advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within
the control or responsibility of SAP.

Beta and Other Experimental Features

Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by
SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use
the experimental features in a live operating environment or with data that has not been sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your
feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.

Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.

Bias-Free Language
SAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities,
genders, and abilities.

Security Guide for PLM System Integration 3.0 for SAP S/4HANA
Important Disclaimers and Legal Information PUBLIC 21
www.sap.com/contactsap

© 2025 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form

or for any purpose without the express permission of SAP SE or an SAP
affiliate company. The information contained herein may be changed
without prior notice.

Some software products marketed by SAP SE and its distributors

contain proprietary software components of other software vendors.
National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for

informational purposes only, without representation or warranty of any
kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or
SAP affiliate company products and services are those that are set forth
in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an
additional warranty.

SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.

Please see https://www.sap.com/about/legal/trademark.html for

additional trademark information and notices.

THE BEST RUN