2020 Nov 26 8:15 AM
Hi everyone,
my name is Clemens Wodtke and I'm currently studying Computer Science at the University of Bremen, Germany. For my Bachelor Thesis in the field of information security I want to analyze the security of the "SAP Mobile Documents" App for Android with various methods.
My professor has already contacted a developer at SAP that can supply us with a test account for a server with SAP Mobile Documents but in order to get it running we apparently need a C User account as well. Since my professor and I haven't ever worked within the SAP ecosystem our knowledge is limited regarding the accounts/licences we would need so I apologize if there are any misunderstandings on my part.
Now my question would be which contact at SAP could supply me a C User account for the limited time of my bachelor thesis (~4 months). I already called the support hotline Germany and they asked me to send an email to info.germany@sap.com. Unfortunately the reply was of no help since they just sent me links to documentation I already had.
I used the contact form of the "Student Training & Rotation Program" and received a similar answer with links and the referral to the community here.
Any help would be greatly appreciated. If you are interested I can further lay out the research I plan on doing.
It is my believe that SAP would also benefit from my research since any weaknesses found in the software will be immediately forwarded over in order to get patched which is why I hope to get access to a C User account.
Thanks in advance for the help and have a great day,
Clemens Wodtke
2020 Nov 26 9:04 AM
Hi cwodtke ,
A great amount of SAP Documentation can be accessed through P User Type - which anyone can have by registering at SAP Universal ID website.
The other two types of commonly used IDs are S and C, which are for SAP Partners/Customers and SAP Contractors - people who work for SAP as non-employee, respectively.
In addition to the above, there are I and D types of IDs too, for SAP Employees, first one for International and second for Germany based.
You may like to see the following discussion related to the above I had a couple of weeks ago with other SAP Professionals:
Different types of SAP User IDs
In case if you still have a question, you can get additional support related to IDs through this link.
All the best 🙂
2020 Nov 26 2:43 PM
Hello faisal.iqbal,
thank you so much for your quick reply.
I guess that my basic problem right now is that I am not sure what I really need in order to use the SAP Mobile Documents App for Android. From the email exchange my professor had with his contact at SAP we got the impression that we basically need a C User Account and also a service user account on the NetWeaver Server that has the Mobile Docs Server installed (source1, source2).
From my understanding of the email exchange my professors contact has a server running Mobile Docs and can give us access to the service user account but we still need a C User account in order to be able to use the service user account.
Is my understanding correct?
My plan is to decompile the app and look for any security issues in the code (static analysis) and also do a dynamic analysis by looking which kind of messages get sent from client to server and vice versa.
Thanks again for your help, I hope this is the right place to ask this kind of question.
2020 Nov 27 8:05 AM
Hi cwodtke
Yes, it's the right place to raise SAP related questions and get the answers from different professionals 🙂
I am not sure how Mobile Docs work as my focus area is different. However, I can relate the scenario to my own experience.
I'm working with SAP as a Contractor, through one of its Partners. And as a Partner Consultant, I have an S ID, which allows me to access resources relevant to Solution Delivery. On the other hand, I was issued a C User ID to be able to work on SAP Assignments. It required me to fill certain forms and pass an assessment.
I think you can get help on this by raising your concern at the following link;