Executing Signature Strategies (SAP Library - Process Management (PP-PI-PMA))

Executing Signature Strategies

Use

You carry out this procedure in the PI sheet if several individual digital signatures defined in a signature strategy are required for the following functions:

To complete a process step

To accept an input value in an input validation

If a signature process has already been started by someone else and you want to cancel it for some reason, you can withdraw the signatures executed so far (see Canceling Signature Processes).

Prerequisites

If you use the user signature as your signature method, you need an external security product that is linked to your SAP System using the basis component Secure Store and Forward (SSF).

In Customizing for the control recipe destination, it has been specified that you must execute a digital signature when you sign a process step in the PI sheet.

A signature strategy has been assigned to the control recipe destination or the process instruction, that is, several individual signatures must be executed.

The process instruction specifies how the signature process is carried out:

Synchronously, that is, the individual signatures must be executed immediately after one another

Asynchronously, that is, several other functions can be carried out in between the individual signatures

You can only use this procedure for signing PI sheets.

The following authorizations have been assigned to you:

The authorization to execute digital signatures in PI sheets (authorization object C_CRPI_BER)

If required, a maintenance authorization for the PI sheet, which is defined in the process instruction (authorization object C_CRPI_BER)

The authorization for the relevant individual signature (authorization object C_SIGN_BGR)

You have not yet executed a signature for the object you have selected.

If the same authorization or user group is used more than once in a signature strategy, the individual signatures must be executed by different members of the group.

Procedure

Enter your user name as the signature.

In ABAP list-based PI sheets, choose the icon for the digital signature instead.

The dialog box appears in which you can execute digital signatures.
The Signatures to be executed section shows which individual signatures must be executed next and which authorization or user group is responsible for it. If required, notify the user who must execute the signature.

If required, enter a comment in the text field.
In the Signatures to be executed section, select the individual signature assigned to your authorization group.

If you use the user signature as your signature method, make sure that the system can access your Personal Security Environment (PSE).

How you do this depends on your security product. If you use a smart card reader, for example, insert your smart card in the reader.

Enter your user ID and password and choose Continue.

The system checks:

Whether you are authorized to execute a digital signature

Whether your entries match the data in your user master record
Whether your entries match the data in your PSE (if you use user signatures)

Depending on the results of these checks, processing is continued as follows:

If you do not have the required authorization or your entries are invalid, or if the system cannot access your PSE, the system takes you back to the dialog box where you can execute your signature again (steps 3 to 5).

The function is canceled after a certain number of unsuccessful attempts that can be defined specifically for each customer. The user is locked and can no longer execute digital signatures. If a system signature was used, the user is even locked against logging on to the system again.

If your entries are correct, the dialog box for digital signatures appears if you follow a synchronous signature process. In this case, you must continue the signature process immediately.

In asynchronous signature processes, the system takes you to the overview screen of the PI sheet where you can cancel the signature process. The next signatory continues the process later.

Notify the person who must execute the next individual signature. He or she must carry out the following steps:

In synchronous signature processes, steps 2 to 5
In asynchronous signature processes, steps 1 to 5

Result

As soon as a release status of the signature strategy has been reached and no more signatures are required, the system completes the signature process.

The process messages of this process step are transferred to process management, which sends them to the corresponding destinations. You can no longer change the data pertaining to the message in the PI sheet.

The signatory names are transferred to the PI sheet.
Detailed data about the signatures, such as the signatory's name and user ID, comment, date, and time, are saved along with the signature.