Digital Signature 
Description
As of Release 4.0A, you can specify that a user must execute a digital
signature to be able to carry out particular business transactions in the R/3 System.
The digital signature enables you to meet the security requirements
stipulated in the Good Manufacturing Practices (GMP) with regard to the
execution of these transactions. The digital signature ensures that:
- A transaction can only be carried out by users with a special authorization
- The user identification is unique and forgery-proof
- The name of the users is documented together with the signed
transaction and the date and time, and cannot be manipulated afterwards
In Release 4.0A, the digital signature has been implemented for the following transactions:
- Quality Management (QM) area
- Saving inspection results for an inspection lot
- Recording and changing the usage decision for an inspection lot
- Engineering Change Management (ECH) area
- Changing the status of an engineering change request before object processing
(Converting an engineering change request into an engineering change
order and changing the status from "Order incomplete" to "Order complete")
- Releasing an engineering change order
- Production Planning for Process Industries (PP-PI) area
- Completing a workstep in the PI sheet
- Accepting invalid values within input validations in the PI sheet
Technical Prerequisites
The digital signature has been implemented in the R/3 System using
Secure Store and Forward (SSF). SSF enables the linking of various
security products supporting different identification procedures. In
Release 4.0A however, the above mentioned applications only support the
identification using chip cards. For more information on SSF as well as on how to install it, see release note
Using External Security Products.
Activating the "Digital signature" function
To specify that a digital signature is required for the above mentioned
transactions, you must activate the function in the relevant application. Proceed as follows:
- For inspection results recording, by setting the Dig.signature in results recording
indicator in the material authorization groups
- For the usage decision, by setting the Dig.signature at usage decision
indicator in the material authorization groups
- For status changes of the engineering change request before order processing, by setting the Dig.signature
(digital signature before object processing) indicator in Customizing for change types for object master records
- For change order release, by setting the Dig.signature (digital
signature on release) indicator in Customizing for change types for object master records
- For completing a work step as well as for accepting invalid input values in the PI sheet, by setting the DS
(digital signature) indicator in Customizing for the control recipe destination
- When approving a batch record, the user must always execute an electronic signature.
Authorizations for digital signatures
For users to be able to execute a digital signature, you must assign them the authorizations listed in the table below:
| Electronic signature for |
AuthObject | Field | Value |
|---|
| Worksteps in PI sheet | C_CRPI_BER | Activity | 73 |
| Invalid values in the PI sheet | C_CRPI_BER | Activity | 73 |
| Approving batch records | M_MATE_CHP | Activity | 73 |
| Insp.results recording for insp. lot | Q_MATERIAL | QMATMODUS | M |
| Usage decision for inspection lot | Q_MATERIAL | QMATMODUS | L |
| Processing change orders | C_AENR_BGR | Activity | 73 |
| Releasing change orders | C_AENR_BGR | Activity | 73 |
Processing digital signatures
The procedure for executing a digital signature is identical for all above mentioned transactions:
1. You choose the function that is used to carry out the corresponding transaction in the R/3 System.
2. Based on the settings you have made, the system recognizes that a
digital signature is required and branches to the dialog box for signature execution.
3. You insert your chip card in the card reader and enter your user name and password in the dialog box if required.
4. If you want to enter a comment for your signature, choose Create comment. If not, choose
Continue.
A comment must be entered for some transactions (see the Comment req.
indicator in the dialog box). If this is the case, the system takes you to the text editor irrespective of the function you choose.
5. The system checks:
- In your user master record, whether you are authorized to execute a signature for the function you have selected
- Whether the entries you have made match the data on the chip card
6. Depending on the results of these checks, processing is continued as follows:
- If you are not authorized to execute the signature, the function is canceled.
- If you forgot to insert your card in the card reader or your entries do
not match the chip card data, the system takes you back to the dialog box where you can execute the signature again.
The function is canceled after the third unsuccessful attempt.
- If the signature was correct, processing is continued with step 7.
7. If the signature requires a comment or if you have chosen Create comment
in step 4, you now enter your comment. The text is saved when you leave the editor.
8. You can now continue the function you have called in step 1. When you
save the processed object, the signature is also saved.
Displaying digital signatures
You can display the signatures that have been executed for an
inspection lot, engineering change order, PI sheet, or batch record,
from within the corresponding object. You can find the display function in the following menus:
- In the usage decision under Extras
- In the change master record under Environment -> Reporting
- In the PI sheet under Extras
- When displaying batch records, as a pushbutton in the list of selected records
Finding electronic signatures
For evaluation purposes, you can find digital signatures for the following search criteria:
- Object type for which the signature was executed (for example, engineering change order or inspection lot)
The system generates a list of objects for which digital signatures
have been executed. From this list, you can jump to the objects and display all signatures executed for it.
You can find the search function in the following menus:
- On the initial screen of quality inspection under Insp. lot processing
- On the initial screen of engineering change management under Reporting
- On the initial screen of process management under Evaluations
- On the initial screen for batch maintenance under Environment -> Batch record
Notes on archiving
Note that at present digital signatures are not included when you
archive inspection lots, engineering change orders, and PI sheets.
Change system parameters in customizing
To specify that a digital signature is required for the above mentioned
transactions, you must activate it in the following Customizing settings (see Activating the digital signature
above):