Approval Using Digital Signatures 
Note
This section of the documentation is relevant only for document management (DM) on the SAP GUI. For information about using digital signatures on the PLM Web UI, see SAP Note 1669547.
Processing steps that play a key role in how a document is processed further should only be executed by authorized persons. Digital signatures are part of an approval procedure that ensures that only authorized employees can influence how the process continues.
You can use the digital signature to fulfill the security requirements that are set for executing these processes in Good Manufacturing Practices (GMP).
Integration
The digital signature in the SAP system is supported by SSF (Secure Store and Forward).
Prerequisites
Customizing Settings
You need to define the following settings in Customizing for Document Management:
Under Approval you can make all settings for the digital signature and the definition of the signature strategy.
See also: Approval Using Digital Signatures
Assign a signature strategy to the document status. The signature check is done when a status is set. The required settings are made under
Control Data 
Define document type Define document status 
.
Processing a Document
You have the following authorizations:
Authorization to set the digital signature
Authorization object C_SIGN_BGR (authorization group for digital signature) in the Production Planning object class.
Authorization to process the document (see Authorization Objects for Documents)
The original application files for a document must be stored in one of the following secure storage areas:
In a storage category when storage is controlled by the Knowledge Provider (see Storage of Data in Storage Systems Using the Knowledge Provider)
In a vault or archive when storage is not controlled by the Knowledge Provider (see Checking an Original Application File into a Vault and Checking an Original Application File into an Archive)
Features
Approval Procedure for Documents
You use the status of a document to determine in which processing situations the digital signature is required. The various approval procedures are defined as a signature strategy in Customizing for Document Management and are then assigned to the document status that determines how the document is processed further.
When you set a status with a signature strategy, the approval process is started according to the defined approval procedure.
The following approval procedures are supported:
Double verification principle
One authorized person must sign the document digitally. The status is set to “active” once the signature has been provided.
Multiple verification principle
Several authorized persons must sign the document digitally.
Once the first authorized person has signed the document digitally, the system automatically recognizes that the approval procedure is not yet complete. Each authorized person signs and saves the document. The status is set to “active” once all the signatures have been provided.
Every person that is authorized to sign can cancel the process completely. In this case, the system returns the status of the document to the status that was valid before the signature process was started.
Note
The document is in an intermediate state during the approval process. You should, therefore, define a special document status (such as, being signed). The next status (for example, released) can only be set once all of the signatures have been provided.
Original Application File in the Approval Procedure
The status for which an electronic signature is required is defined in Customizing for Document Management as a status that automatically creates content versions. For this reason, the original application files must be stored in a secure storage area (storage system of the Knowledge Provider, vault, or archive) during the approval procedure.
Document after the Approval Procedure
Once the signature strategy has been successfully completed, the document is locked with the result that most of the data cannot be changed. You can only carry out the following functions:
Change status
Process object links
Change deletion indicator
Information on the signatures, for example, the name of the signer, signed step, comment, date, and time, is documented and cannot be forged. It can be displayed from the document at any time.
A status for which one or more digital signatures were entered is indicated in the status log. You can also view information on the individual signatures and the processing status of the original application files in the log.
Activities
When a document is being processed, you can set the digital signature (see Setting a Digital Signature for a Document).
You can do the following with the signature data:
You can verify and change the signatures available (see Monitoring and Logging of Signature Processes).
You can search for documents that were approved with a digital signature according to the signature data (see Finding a Document with a Digital Signature).