Installation Guide

SAP BusinessObjects Access Control™ 10.0, Process Control™

10.0, and Risk Management™ 10.0

Target Audience
ÇA14óF System Administrators
ÇA14óF Technical Consultants

PUBLIC
ÇA1ÐÖ›ÖB−Páfi#ÌY‚ÌE§÷vÀËÑSl^˝ú9mó¡ô`�tˆ˙”ÛtJ˝ò!ÞMóœ¢Ê‹È¢…q¢uDú] :h-&}ö
 SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf
Germany
T +49/18 05/34 34 34
F +49/18 05/34 34 20
www.sap.com

© Copyright 2011 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission
of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software
vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10,
z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server,
PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,
BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA,
AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems
Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered
trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium,
Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented
by Netscape.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, and other SAP products and services
mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other
countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius,
and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of Business Objects Software Ltd. in the United States and in other countries.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein
as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company.
All other product and service names mentioned are the trademarks of their respective companies. Data contained in this
document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies
(“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not
be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are
those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein
should be construed as constituting an additional warranty.

Disclaimer

Documentation in the SAP Service Marketplace

You can find this document at the following address: https://service.sap.com/instguides

2/52 PUBLIC 2011-04-18

Typographic Conventions

Example Description
<Example> Angle brackets indicate that you replace these words or characters with appropriate
entries to make entries in the system, for example, “Enter your <User Name>”.
Example Arrows separating the parts of a navigation path, for example, menu options
Example
Example Emphasized words or expressions
Example Words or characters that you enter in the system exactly as they appear in the
documentation
http://www.sap.com Textual cross-references to an internet address
/example Quicklinks added to the internet address of a homepage to enable quick access to specific
content on the Web
123456 Hyperlink to an SAP Note, for example, SAP Note 123456
Example A¨A¿°ÿ Words or characters quoted from the screen. These include field labels, screen titles,
pushbutton labels, menu names, and menu options.
A¨A¿°ÿ Cross-references to other documentation or published works
Example A¨A¿°ÿ Output on the screen following a user action, for example, messages
A¨A¿°ÿ Source code or syntax quoted directly from a program
A¨A¿°ÿ File and directory names and their paths, names of variables and parameters, and
names of installation, upgrade, and database tools
EXAMPLE Technical names of system objects. These include report names, program names,
transaction codes, database table names, and key concepts of a programming language
when they are surrounded by body text, for example, SELECT and INCLUDE
EXAMPLE Keys on the keyboard

2011-04-18 PUBLIC 3/52

Document History

CAUTION

Before you start the implementation, make sure you have the latest version of this document.
You can find the latest version at the following location: https://service.sap.com/
instguides.

The following table provides an overview of the most important document changes.
Version Date Description
1.00 2010-12-13 New content SAP BusinessObjects AC 10.0, PC 10.0, RM 10.0 (initial release).
1.10 2011-01-31 Adds SAP BusinessObjects Access Control 10.0 only scenario.
1.20 2011-03-28 Updates to general prerequisites and AC 10.0 and PC 10.0 plug-in prerequisites.
1.30 2011-04-18 Adds a statement to clarify that Content Lifecycle Management (CLM) is currently
only available for SAP BusinessObjects Process Control 10.0 and SAP BusinessObjects
Risk Management 10.0.

4/52 PUBLIC 2011-04-18

Table of Contents

Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.1 About this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2 SAP Notes for the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.3 Information Available on SAP Service Marketplace . . . . . . . . . . . . . . . . . . . . . 10
1.4 Important Upgrade Information for Risk Management . . . . . . . . . . . . . . . . . . 11

Chapter 2 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 3 Preparing for the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.1 Preparing to Install AC/PC/RM 10.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 Downloading AC/PC/RM 10.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.3 Running JAVA Service Program Manager (JSPM) . . . . . . . . . . . . . . . . . . . . . . 17
3.4 Preparing to Install AC/PC/RM 10.0 Portal Core Components . . . . . . . . . . . . . 18
3.5 Preparing to Install Plug-Ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Chapter 4 Installing the Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Chapter 5 Installing the Components in Enterprise Portal . . . . . . . . . . . . . . . . . . . . 23

Chapter 6 Installing TREX (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Chapter 7 Post–Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.1 Client Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.2 Activating the Applications in Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.3 Checking SAP ICF Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.4 Maintaining System Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.5 Maintaining Plug-in Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Chapter 8 Activating Business Configuration (BC) Sets . . . . . . . . . . . . . . . . . . . . . . . 31

8.1 Activating AC/PC/RM 10.0 BC Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.2 Access Control BC Sets Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
8.3 Process Control BC Sets Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

2011-04-18 PUBLIC 5/52

8.4 Shared BC Sets (Process Control & Risk Management) . . . . . . . . . . . . . . . . . . 35
8.5 Risk Management BC Sets Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 9 Portal Package Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

9.1 Creating a System Connection in Enterprise Portal . . . . . . . . . . . . . . . . . . . . . 37
9.2 Creating the Initial User in the ABAP System . . . . . . . . . . . . . . . . . . . . . . . . . . 38
9.3 Creating the Initial User in the Enterprise Portal . . . . . . . . . . . . . . . . . . . . . . . 40

Chapter 10 Content Lifecycle Management (CLM) Installation . . . . . . . . . . . . . . . . . 43

10.1 New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
10.2 SAP Notes for CLM Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
10.3 Planning for CLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
10.4 Preparing to Install CLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
10.5 Installing CLM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
10.6 CLM Post-Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

6/52 PUBLIC 2011-04-18

1 Introduction
1.1 About this Document

1 Introduction

SAP BusinessObjects Access Control 10.0, Process Control 10.0, and Risk Management 10.0 are part of
the SAP Governance, Risk, and Compliance (GRC) solution.
For more information about GRC, go to http://www.sap.com/grc.

SAP BusinessObjects Access Control 10.0

SAP BusinessObjects Access Control is an enterprise software application which enables organizations
to control access and prevent fraud across the enterprise, while minimizing the time and cost of
compliance. The application streamlines compliance processes, including access risk analysis and
remediation, business role management, access request management, superuser maintenance, and
periodic compliance certifications. Access Control delivers immediate visibility of the current risk
situation with real-time data.

SAP BusinessObjects Process Control 10.0

SAP BusinessObjects Process Control is an enterprise software solution for internal controls
management. It enables organizations to document their control environment, test and assess controls,
track issues to remediation, and certify and report on the state and quality of internal controls. Using
a combination of data forms, automated workflows, certification, and interactive reports, this solution
enables members of internal control, audit, and business process teams to effectively manage
compliance activities.

SAP BusinessObjects Risk Management 10.0

SAP BusinessObjects Risk Management is an enterprise software solution that enables organizations to
balance business opportunities with financial, legal, and operational risks to minimize the market
penalties from high-impact events. The application allows customers to collaboratively identify these
risks and monitor them on a continuous basis. Stakeholders and owners are provided with such tools
as analytic dashboards for greater visibility in mitigating risks in their areas of responsibility.

1.1 About this Document

This guide describes how to install SAP BusinessObjects Access Control 10.0, SAP BusinessObjects
Process Control 10.0, and SAP BusinessObjects Risk Management 10.0 (hereafter referred to as AC/PC/
RM 10.0).

2011-04-18 PUBLIC 7/52

1 Introduction
1.2 SAP Notes for the Installation

1.2 SAP Notes for the Installation

You must read the following SAP Notes before you start the installation. These SAP Notes contain the
most recent information on the installation, as well as corrections to the installation documentation.
Make sure that you have the latest version of each SAP Note, which you can find on SAP Service
Marketplace at https://service.sap.com/notes.
The following table outlines the SAP Notes that you need to read before installing the software in either
an Access Control 10.0 only environment or an AC/PC/RM 10.0 environment:
SAP Note
Number Title Description
1353044 Installation Guide: Information about installing a front-end component to integrate
Crystal Report Adapter Crystal Reports with the Advanced List View (ALV)
1366785 Crystal Reports ALV
Integration —
Functional Restrictions
1382730 Crystal Reports ALV
Integration —
Troubleshooting
1490996 Inst/Upgrade Information about installing SAP BusinessObjects AC/PC/RM 10.0
GRCFND_A V1000 on
NW7.02 Enhancement
Pack
1497971 Installing GRCPINW Supplemental information for installing SAP BusinessObjects Process
V1000_620 on ERP Control 10.0 and Access Control 10.0 plug-ins (formerly called Real Time
Enterprise 47x Agents) on ERP Enterprise 47x
1497972 Installing GRCPIERP Supplemental information for installing SAP BusinessObjects Process
V1000_620 on ERP Control 10.0 and Access Control 10.0 plug-ins on ERP Enterprise 47x
Enterprise 47x
1498033 Upgrade to SAP ERP Supplemental information relevant for the upgrade to SAP ERP
Enterprise 470x200 with Enterprise 470x200
GRCPIERP V1000_620
1498034 Upgrade to SAP ERP Supplemental information relevant for the upgrade to SAP ERP
Enterprise 470x200 with Enterprise 470x200
GRCPIERP V1000_620
1500168 Installing GRCPINW Supplemental information for installing SAP BusinessObjects Access
V1000_46C on ERP 4.6C Control 10.0 Non-HR plug-ins on SAP ERP 4.6C
1500169 Installing GRCPIERP Supplemental information for installing SAP BusinessObjects Access
V1000_46C on ERP 4.6C Control 10.0 Non-HR plug-ins on SAP ERP 4.6C
1500689 Installing GRCPIERP Supplemental information for installing SAP BusinessObjects Process
V1000_46C on ERP 4.6C Control 10.0 and Access Control 10.0 plug-ins on SAP ERP 4.6C
1500690 Installing GRCPIERP Supplemental information for installing SAP BusinessObjects Process
V1000_700 on NW 7.0/ Control 10.0 and Access Control 10.0 plug-ins on SAP ERP 2005 (ECC 6.0)
SAP ECC 600 or ECC 604

8/52 PUBLIC 2011-04-18

1 Introduction
1.2 SAP Notes for the Installation

SAP Note
Number Title Description
1500691 Upgrade to SAP ECC 600 Supplemental information relevant for the upgrade to SAP ECC 600
with GRCPIERP
V1000_700
1500692 Upgrade to SAP ECC 600 Supplemental information relevant for the upgrade to SAP ECC 600
with GRCPIERP
V1000_700
1501879 Upgrade to SAP ECC 500 Supplemental information relevant for the upgrade to SAP ECC 500
with GRCPIERP
V1000_640
1501880 Installing GRCPIERP Supplemental information for installing SAP BusinessObjects Process
V1000_640 on NW04/ Control 10.0 and Access Control 10.0 plug-ins on SAP ERP 2004 (ECC 5.0)
SAP ECC 500
1501881 Upgrade to SAP ECC 500 Supplemental information relevant for the upgrade to SAP ECC 500
with GRCPIERP
V1000_640
1501882 Installing GRCPINW Supplemental information for installing SAP BusinessObjects Access
V1000_640 on NW04/ Control 10.0 Non-HR plug-ins on SAP ERP 2004 (ECC 5.0)
SAP ECC 500
1503749 Installing GRCPINW Supplemental information for installing SAP BusinessObjects Access
V1000_710 on NW 7.10 Control 10.0 Non-HR plug-ins on NW710
1503750 Upgrade to SAP ECC 600 Supplemental information relevant for the upgrade to SAP ECC 600
with GRCPIERP
V1000_700
1504132 Release Strategy for
ABAP add-on
GRCPCINW
1504243 Release Strategy for
ABAP add-on
GRCPIERP
1509636 Additional information
for GRC2010 installation
1510002 Installing SAP GRC Information about installing the GRC_POR 1000 software component.
Portal 10.0
1514346 BRF+ Various Bug Fixes
in EHP2 (SP04–SP06)

The following table outlines the additional SAP Notes that you need to read before installing the
software in an AC/PC/RM 10.0 environment:
SAP Note Number Title Description
1470670 User-defined Fields for RM
1505255 Transfer client-specific
Customizing for PC/RM

2011-04-18 PUBLIC 9/52

1 Introduction
1.3 Information Available on SAP Service Marketplace

SAP Note Number Title Description

1509639 Preparation for Installing GRC-RM CAUTION
2010 Review this SAP Note before attempting
installation.
1519164 Create BRF+ application name & ID
for Continuous Monitoring
1522608 Transfer client-specific Information for copying PC-relevant client-specific
Customizing Customizing (upgrade from 3.0 to 10.0).
1526732 Transfer client-specific Information for copying PC-relevant client-specific
Customizing Customizing (new installation of 10.0).

1.3 Information Available on SAP Service Marketplace

More information is available on SAP Service Marketplace, as listed in the following tables.
Documentation
Description Internet Address Title
The security guide describes the https://service.sap.com/securityguide SAP BusinessObjects AC/
settings for a medium security level PC/RM 10.0 Security Guide
and offers suggestions for raising
security levels. A collective security
guide is available for SAP
NetWeaver.
The master guide is the starting https://service.sap.com/instguides SAP BusinessObjects Access
point for implementing an SAP Control Master Guide
solution. It provides scenario- SAP BusinessObjects Process
specific descriptions of preparation, Control Master Guide
execution, and follow-up of an SAP BusinessObjects Risk
implementation. It also provides Management Master Guide
references to other documents,
such as installation guides, the
technical infrastructure guide and
SAP Notes.
The operations guide is the https://service.sap.com/instguides SAP BusinessObjects AC/
starting point for operating a system PC/RM 10.0 Operations
that runs on SAP NetWeaver. This Guide
guide refers users to the tools and
documentation that are needed to
carry out various tasks, such as
monitoring, backup/restore,
master data maintenance,
transports, and tests.
The SAP Library (users guide) is a http://help.sap.com SAP BusinessObjects Access
collection of documentation for It is also available as a documentation DVD. Control 10.0 Application
SAP software covering functions Help
and processes.

10/52 PUBLIC 2011-04-18

1 Introduction
1.4 Important Upgrade Information for Risk Management

Description Internet Address Title

SAP BusinessObjects Process
Control 10.0 Application
Help
SAP BusinessObjects Risk
Management 10.0
Application Help
The installation guide describes https://service.sap.com/instguides SAP NetWeaver Installation
the technical implementation of an Guide
installable unit, taking into account
the combinations of operating
systems and databases. It does not
describe any business-related
configuration.
Details about the add-on Search for Add-On Installation Tool under SAP Add-On Installation Tool
installation tool NetWeaver 7.0 EHP 2 on the SAP Help Portal at
http://help.sap.com

General Quick Links

Description Internet Address
SAP Help Portal http://help.sap.com

SAP Notes https://service.sap.com/notes

Released platforms and operating systems https://service.sap.com/platforms

System sizing https://service.sap.com/sizing

Security https://service.sap.com/security

1.4 Important Upgrade Information for Risk Management

CAUTION

You must read SAP Note 1490996 before attempting to upgrade.

Procedure
Upgrading from SAP Risk Management 3.0 to SAP BusinessObjects Risk Management 10.0 is a same-
box upgrade process. The following steps are typical for this kind of upgrade:
1. Close all open workflow instances and all open survey instances.
2. Perform a system backup.
3. If it is used, delete all Datamart data.
4. Upgrade from SAP NetWeaver 7.01 to NW 7.02.
5. Upgrade from SAP Portal 7.01 to SAP Portal 7.02 (if you use portal, alternatively you can use NWBC
3.0).
6. Install RM10.0 (GRCFND_A V1000).
7. Perform system backup.

2011-04-18 PUBLIC 11/52

1 Introduction
1.4 Important Upgrade Information for Risk Management

8. Survey instances and Heat map color ranges are automatically converted by XPRA; verify the data
conversion.
9. Upload the new BC sets for new features and new roles (optional for Risk Management 10.0 new
features).
10. Perform configuration for optional RM 10.0 new features.
11. If it is used, refill Datamart.

12/52 PUBLIC 2011-04-18

2 Planning

2 Planning

Before you start the installation, you should plan the following preliminary steps:

Procedure
1. Determine the software components and supporting systems needed to run Access Control 10.0
or AC/PC/RM 10.0 by consulting the corresponding master guides on SAP Service Marketplace at:
https://service.sap.com/instguides.
For Access Control 10.0, consult the SAP BusinessObjects Access Control 10.0 Master Guide. For AC/PC/
RM 10.0, consult the SAP BusinessObjects Access Control 10.0 Master Guide, SAP BusinessObjects Process Control
10.0 Master Guide, and SAP BusinessObjects Risk Management Master Guide 10.0
2. Decide what you want to install.
When installing AC/PC/RM 10.0, the following components are available:
Mandatory
ù‰ý¬�ý NetWeaver ABAP
Optional (recommended)
ù‰ý¬�ý NetWeaver Java, if you need to use Adobe Document Services
ù‰ý¬�ý Portal
ù‰ý¬�ý TREX, if you want to use document search (Process Control and Risk Management only).
ù‰ý¬�ý Plug-ins on your ERP system (Access Control and Process Control only).
3. Download and check the relevant SAP Notes. For more information, see section 1.3 above.
CAUTION

Make sure that you review the information in SAP Note 1509636 before you start any
installation procedures.
4. Take all applicable security measures. For more information, see the SAP BusinessObjects AC/PC/RM
10.0 Security Guide on SAP Service Marketplace at https://service.sap.com/securityguide.

2011-04-18 PUBLIC 13/52

This page is left blank for documents
that are printed on both sides.
3 Preparing for the Installation
3.1 Preparing to Install AC/PC/RM 10.0

3 Preparing for the Installation

3.1 Preparing to Install AC/PC/RM 10.0

CAUTION

AC/PC/RM 10.0 should not be installed with SAP Business Suite or with any SAP Business Suite
components such as ERP, SCM, CRM, and SRM.

Prerequisites
You use SAP Solution Manager to download the AC/PC/RM 10.0 applications and patches. SAP Solution
Manager must be available in the system landscape; however, it does not need to be on the same system
as the AC/PC/RM 10.0 applications.
For more information about SAP Solution Manager, see https://service.sap.com/
solutionmanager.
In an Access Control 10.0 only environment, the following components of SAP NetWeaver 7.0 EHP2
SP06 are required:
Component Details
SPAM (Support Not applicable
Package Manager)
40 or higher
SAP NetWeaver ¡ˆqœ…˝ SAP_ABA 7.02 (SP06)
Application ¡ˆqœ…˝ SAP_BASIS 7.02 (SP06)
Server ABAP ¡ˆqœ…˝ PI_BASIS 7.02 (SP06)
Components ¡ˆqœ…˝ SAP_BW 7.02 (SP06)
(Optional) SAP Portal 7.02
NetWeaver
Application
Server Java
Components
SAP Solution Not applicable
Manager 7.00 SP19
or higher
(Optional) SAP SAP NetWeaver Java is required to use Adobe Document Services. It must be available in the
NetWeaver system landscape, but does not need to be installed on the same system as the AC/PC/RM
Application 10.0 applications.
Server Java for You need to create and respectively activate the following JCo destinations:
Adobe Document ¡ˆqœ…˝ WD_ALV_METADATA_DEST
Services ¡ˆqœ…˝ WD_ALV_MODELDATA_DEST
It is essential to create Adobe Credentials; see SAP Note 736902, Adobe Credentials.

2011-04-18 PUBLIC 15/52

3 Preparing for the Installation
3.1 Preparing to Install AC/PC/RM 10.0

Component Details
For more details about troubleshooting, see SAP Note 944221, Troubleshooting if problems occur in
forms processing.
For more information, see https://www.sdn.sap.com/irj/sdn/adobe under Installation &
Configuration.
We recommend BI Java usage type must be installed on the same system as the Adobe Document Services.
that you install BI For more information, see SAP Note 918236, WD ABAP ALV - create print version.
Java usage type
(part of the SAP
NetWeaver Java
stack) to enable
printing of PDFs
from Process
Control reports
and Risk
Management
reports.

In an AC/PC/RM 10.0 environment, the following components of SAP NetWeaver 7.0 EHP2 SP06 are
required:
Component Details
SPAM (Support Not applicable
Package
Manager) 40 or
higher
SAP NetWeaver ¨wø<% SAP_ABA 7.02 (SP06)
Application ¨wø<% SAP_BASIS 7.02 (SP06)
Server ABAP ¨wø<% PI_BASIS 7.02 (SP06)
Components ¨wø<% SAP_BW 7.02 (SP06)
SAP NetWeaver ¨wø<% Adobe Document Services 7.01
Application ¨wø<% Portal 7.02
Server Java ¨wø<% SAP_IGS Version 7000.0.15.1 or higher
Components
Standalone TREX 7.10 (revision 27 or higher)
Engine
SAP Solution Not applicable
Manager 7.00
SP19 or higher
SAP NetWeaver SAP NetWeaver Java is required to use Adobe Document Services. It must be available in the
Application system landscape, but does not need to be installed on the same system as the AC/PC/RM
Server Java for 10.0 applications.
Adobe You need to create and respectively activate the following JCo destinations:
Document ¨wø<% WD_ALV_METADATA_DEST
Services ¨wø<% WD_ALV_MODELDATA_DEST
It is essential to create Adobe Credentials; see SAP Note 736902, Adobe Credentials.
For more details about troubleshooting, see SAP Note 944221, Troubleshooting if problems occur in
forms processing.

16/52 PUBLIC 2011-04-18

3 Preparing for the Installation
3.2 Downloading AC/PC/RM 10.0

Component Details
For more information, see https://www.sdn.sap.com/irj/sdn/adobe under Installation &
Configuration.
We recommend BI Java usage type must be installed on the same system as the Adobe Document Services.
that you install BI For more information, see SAP Note 918236, WD ABAP ALV - create print version.
Java usage type
(part of the SAP
NetWeaver Java
stack) to enable
printing of PDFs
from Process
Control reports
and Risk
Management
reports.

NOTE

If you make use of Process Control 10.0 Policy Survey PDFs, be sure to upgrade to version 9.3.4 of
Adobe Reader.

3.2 Downloading AC/PC/RM 10.0

NOTE

Follow the steps in SAP Note 1490996 to download the files for Access Control, which use the
component GRCFND_A V1000.

Procedure
1. Go to the SAP Software Distribution Center on SAP Service Marketplace at http://
service.sap.com/swdc.
2. Choose Software Downloads Installation and Upgrades A - Z Index G SAP GRC Access Control SAP
GRC ACCESS CONTROL SAP Access Control 10.0 Installation .
3. Select the SAP Access Control/SAP Process Control/SAP Risk Mgmt 10.0 download object, and choose Add
to Download Basket.

3.3 Running JAVA Service Program Manager (JSPM)

Use JSPM to install the SAP GRC Access Control 10.0 Migration on top of your SAP AC 5.3 system. This
section describes how to install the JAVA GRC 10.0 Migration on a GRC Access Control 5.3 system.

NOTE

JSPM must be run as ‹sid›adm user. In versions prior to 5.3, SAP GRC Access Control used the Software
Deployment Manager (SDM) to install and uninstall the software components. As of version 5.3, SAP
GRC Access Control uses JSPM to install (“deploy” in JSPM terms), but still uses SDM to uninstall.

2011-04-18 PUBLIC 17/52

3 Preparing for the Installation
3.4 Preparing to Install AC/PC/RM 10.0 Portal Core Components

Prerequisites
You have downloaded the most recent SAP Access Control 10.0 Support Package and placed it in the
JSPM Inbox in the directory /usr/sap/trans/EPS/in/.
To download the SAP Access Control 10.0 Support Package, go to SAP Software Distribution Center
on SAP Service Marketplace at http://service.sap.com/swdc Software Downloads Installation and
Upgrades A - Z Index G SAP GRC Access Control SAP GRC ACCESS CONTROL SAP Access Control
10.0 Installation .

Procedure
Launch the JSPM, which is found in the directory /usr/sap/‹SID›/‹CD›/j2ee/JSPM/go.bat.
JSPM scans the directory that contains the installation files (/usr/sap/trans/EPS/in/).
Using the JSPM Installer, follow these steps:
1. Select Package Type and then New Software components. Use the radio button to specify the system
role and whether or not the system is under NWDI. Click Next.
2. Specify Queue. Select the software components that you want to install (for SAP Access Control,
select GRCACMIGxx_0.sca, where xx represents the Support Package number). Click Next
3. Check Queue to monitor the installation.

Result
The SAP GRC Access Control 10.0 Migration is installed on top of your SAP AC 5.3 system.

3.4 Preparing to Install AC/PC/RM 10.0 Portal Core

Components
Prerequisites
‰)%S ™ SAP NetWeaver 7.0 EHP2 SP06 or higher
‰)%S ™ SAP NetWeaver Application Server JAVA 7.02 SP06

NOTE

The software component BP ERP05 COMMON PARTS version 1.51 is required to be deployed in
Enterprise Portal if you use the portal as front-end.

Procedure
For download information, see SAP Note 1490996.

3.5 Preparing to Install Plug-Ins

Plug-ins (formerly called Real Time Agents) facilitate the automated testing process and bring in data
required by Access Control and Process Control.

18/52 PUBLIC 2011-04-18

3 Preparing for the Installation
3.5 Preparing to Install Plug-Ins

NOTE

ç‘ k8â Plug-ins are not used in Risk Management. This section applies only to Access Control and
Process Control.
ç‘ k8â If you already have the Process Control 3.0 RTAs, follow the instructions in the SAP
BusinessObjects Process Control 10.0 Upgrade Guide, located on the SAP Service Marketplace at:
http://service.sap.com.

Prerequisites
Use the tables in this section to identify the appropriate SAP Note describing how to install the SAP
GRC 10.0 plug-in on the corresponding platform.
For GRCPINW (AC 10.0 and PC 10.0)
SAP Note Number Platform
1500168 SAP Basis 46C NW
1497971 SAP Basis 620 NW
1501882 SAP Basis 640 NW
1500689 SAP Basis 700 NW
1503749 SAP Basis 710 NW

For GRCPIERP (AC 10.0 and PC 10.0)

SAP Note Number Platform
1500169 SAP Basis 46C ERP
1497972 SAP Basis 620 ERP
1501879 SAP Basis 640 ERP
1500690 SAP Basis 700 ERP

Procedure

Downloading the Plug-ins for Access Control

Integration of AC with ERP uses the following plug-ins:

ç‘ k8â GRCPINW plug-in for AC for non-HR Functions (formerly AC 5.3 VIRSANH RTA)
ç‘ k8â GRCPIERP plug-in for AC and PC HR Functions (formerly AC 5.3 VIRSAHR RTA)

Downloading the Plug-ins for Process Control

Integration of PC with ERP uses the following plug-ins:

ç‘ k8â GRCPINW plug-in for Continuous Monitoring (required to use the Sub-Scenario ABAP Report,
Configurable and Programmed)
ç‘ k8â GRCPIERP plug-in for HR functions (formerly PC 3.0 GRPCRTA)
Download the GRCPINW and GRCPIERP files, based on the SAP release, from the SAP Service Marketplace
at https://service.sap.com.

2011-04-18 PUBLIC 19/52

This page is left blank for documents
that are printed on both sides.
4 Installing the Components

4 Installing the Components

Prerequisites
NOTE

Access Control, Process Control, and Risk Management have specific system requirements, and
cannot run successfully unless these requirements are met. See the earlier sections for the system
prerequisites.

Procedure
The SAP BusinessObjects AC/PC/RM applications require the add-on component GRCFND_A. SAP Note
1490996 explains the procedure for installing this add-on component.

2011-04-18 PUBLIC 21/52

This page is left blank for documents
that are printed on both sides.
5 Installing the Components in Enterprise Portal

5 Installing the Components in

Enterprise Portal

Prerequisites
AC/PC/RM 10.0 requires the add-on portal business package GRC_POR and the software component BP
ERP05 COMMON PARTS version 1.51.
You must upload the content objects to the portal so that you can use the business package after you
have downloaded it.

NOTE

For Access Control 10.0 only environments, installing the components in Enterprise Portal is
optional. You do, however, need to install the NetWeaver Portal Plug-in GRCPIEP in Access
Control 10.0 only environments to enable risk analysis and provisioning using the portal.

Procedure

Downloading from SWDC

1. To download the AC/PC/RM 10.0 portal business packages from the SAP Software Distribution
Center (SWDC), go to http://service.sap.com/swdc Software Downloads Support Packages and
Patches Browse our Download Catalog SAP Solutions for Governance, Risk, and Compliance .
2. Choose your application (SAP GRC Access Control, SAP Process Control, or SAP Risk
Management). For example, for Access Control choose SAP GRC Access Control SAP GRC
ACCESS CONTROL SAP ACCESS CONTROL 10.0 Entry by Component GRC Java Components SAP
GRC PORTAL 10.0 OS independent .
3. Choose the SAP GRC PORTAL 10.0 download object and choose Add to Download Basket.

Downloading NetWeaver Portal Plug-in GRCPIEP

1. To download NetWeaver Portal Plug-in GRCPIEP from the SAP Software Distribution Center
(SWDC), go to http://service.sap.com/swdc Software Downloads Support Packages and Patches
Browse our Download Catalog SAP Solutions for Governance, Risk, and Compliance .
2. Choose SAP GRC Access Control SAP GRC ACCESS CONTROL SAP ACCESS CONTROL 10.0
Entry by Component Portal Plug-in SAP GRC AC PORTAL PLUG–IN 10.0 OS independent .
3. Choose the SAP GRC AC PORTAL PLUG–IN 10.0 download object and choose Add to Download
Basket.

2011-04-18 PUBLIC 23/52

5 Installing the Components in Enterprise Portal

Deploying Packages in NW 7.02

Using JSPM (recommended)

The Java Support Package Manager (JSPM) ensures that you download the latest version of the relevant
SAP software.
For information about using the JAVA Support Package Manager (JSPM) to deploy software packages
in NetWeaver 7.02, go to the SAP NetWeaver Library in SAP Help Portal at http://help.sap.com, click
on the Search Documentation link in the upper right-hand corner of the screen, and enter the search term
“JSPM”.
On the right-hand side of the hit list, you will see a list called Narrow by Info-Class. Click on the
Component info-class, and then in the resulting hit list, click on the entry for “Java Support Package
Manager” to go to the top-level entry for JSPM documentation.

Using SDM

If you must reinstall a prior version of SAP software because of a system crash, you will need to use the
Software Deployment Manager (SDM).
For information about the Software Deployment Manager (SDM) to deploy software packages in
NetWeaver 7.02, go to the SAP NetWeaver Library in SAP Help Portal at http://help.sap.com, click
on the Search Documentation link in the upper right-hand corner of the screen, and enter the search term
Core Development Tasks.
On the right-hand side of the hit list, you will see a list called Narrow by Info-Class. Click on the Component
info-class. In the resulting hit list, click on the first entry “Core Development Tasks,” and then follow
Deployment: Putting It All Together Software Deployment Manager SDM Remote GUI Client SDM Repository
Management .

24/52 PUBLIC 2011-04-18

6 Installing TREX (Optional)

6 Installing TREX (Optional)

You can install the standalone version of TREX if you want to use Enterprise Search for document
search in Process Control 10.0 and Risk Management 10.0.

NOTE

TREX is not an option in Access Control 10.0 only environments.

Procedure
You install TREX 7.10, revision 27 or higher. See the NetWeaver Enterprise Search Installation Guide
on the SAP Service Marketplace at https://service.sap.com/instguides SAP NetWeaver SAP
NetWeaver Enterprise Search Installation Guide for SP3
For more information, see the following SAP Notes:
SAP Note Number Title
1249465 How to install TREX for Embedded Search
1164532 Limitations
1266024 Sizing TREX for Embedded Search
1269011 Additional TREX instance for Embedded Search

2011-04-18 PUBLIC 25/52

This page is left blank for documents
that are printed on both sides.
7 Post–Installation
7.1 Client Copy

7 Post–Installation

After downloading and installing the files described in the previous sections, to configure the product,
follow the post-installation sections in the order they are presented.

7.1 Client Copy

Procedure
NOTE

Client copy is not required in Access Control 10.0 only environments.

For more information, see SAP Note 1505255 .

7.2 Activating the Applications in Clients

After the installation is complete, the AC/PC/RM 10.0 applications are in place. Now you must activate
them in each client.

Procedure
Complete the following steps to activate:
1. Open the SAP Reference IMG in Tools Customizing IMG Project Administration (transaction
SPRO) .
2. Display the SAP Reference IMG.
3. Open SAP BusinessObjects Access Control, Process Control, or Risk Management.
4. Execute Activate Applications in Client.
To activate an application component:
1. Choose the New Entries pushbutton.
2. Select an application component from the dropdown list. Choose GRC-AC, GRC-PC or GRC-
RM (choose GRC-AC for Access Control 10.0 only environments).
3. In the Active column, you must specify if the application component is to be activated or not. If
you are using more than one component, you must set the indicator for each one.

NOTE

This Customizing activity is the same in all the Risk Management, Process Control, and Access
Control nodes. If you are using all three components, they can be activated from the
corresponding Customizing activity of any of the three applications.

2011-04-18 PUBLIC 27/52

7 Post–Installation
7.3 Checking SAP ICF Services

7.3 Checking SAP ICF Services

Specific Internet Communication Framework (ICF), SAP services, and AC/PC/RM services need to be
activated. They are inactive by default after installation or upgrade.

NOTE

Check that all the relevant services are active.

For more information about activating these services, see SAP Note 1088717, Active services for Web Dynpro
ABAP in transaction SICF.

Procedure
1. Activate each of the following ICF service nodes:
ÙÊ<±ƒ /sap/public/bc

ÙÊ<±ƒ /sap/public/bc/icons

ÙÊ<±ƒ /sap/public/bc/icons_rtl

ÙÊ<±ƒ /sap/public/bc/its

ÙÊ<±ƒ /sap/public/bc/pictograms

ÙÊ<±ƒ /sap/public/bc/ur

ÙÊ<±ƒ /sap/public/bc/webdynpro

ÙÊ<±ƒ /sap/public/bc/webdynpro/mimes

ÙÊ<±ƒ /sap/public/bc/webdynpro/adobeChallenge

ÙÊ<±ƒ /sap/public/bc/webdynpro/ssr

ÙÊ<±ƒ /sap/public/bc/webicons

ÙÊ<±ƒ /sap/public/myssocntl

NOTE

You can also activate all ICF services within:

ÙÊ<±ƒ /sap/public
ÙÊ<±ƒ /sap/bc
ÙÊ<±ƒ /sap/grc — for Access Control 10.0 only environments
2. Activate GRAC, GRPC, and GRRM services.
Activate all services under /sap/bc/webdynpro/sap.

7.4 Maintaining System Data

Complete the Add-On Product Version in your system data application so that customer support can
see which SAP BusinessObjects GRC solution applications have been implemented in your
environment.
For more information, see SAP Note 1313108, System Data Maintenance for GRC Process Control.

28/52 PUBLIC 2011-04-18

7 Post–Installation
7.5 Maintaining Plug-in Settings

Procedure
1. Locate the System Data application in the Support Portal in SAP Service Marketplace under Data.
2. Use one of the search functions provided to select an installed SAP system.
3. On the System tab, scroll down to the Add-On Product Version section.
4. Insert a line.
5. Select the SAP BusinessObjects Access Control 10.0 support package, SAP BusinessObjects Process
Control 10.0 application support package, and/or the SAP BusinessObjects Risk Management
10.0 application support package from the list.
6. Save your changes.
7. Repeat this procedure for all SAP systems.

Activating Crystal Reports

To use the Crystal Reports function in GRC10, activate the flag Allow Crystal Reports in Customizing
under SAP NetWeaver Application Server SAP List Viewer (ALV) Maintain Web Dynpro ABAP-Specific
Settings .

7.5 Maintaining Plug-in Settings

After the installation is complete, you need to maintain the plug-in settings, including the exits settings
and the configuration settings.

Procedure
1. Open the SAP Reference IMG in Tools Customizing IMG Project Administration (transaction
SPRO) .
2. Display the SAP Reference IMG.
3. Open Governance, Risk and Compliance (Plug-In) Access Control .
4. Execute Maintain Plug-in Exits Settings.
5. Execute Maintain Plug-in Configuration Settings.

2011-04-18 PUBLIC 29/52

This page is left blank for documents
that are printed on both sides.
8 Activating Business Configuration (BC) Sets
8.1 Activating AC/PC/RM 10.0 BC Sets

8 Activating Business Configuration

(BC) Sets

8.1 Activating AC/PC/RM 10.0 BC Sets

Business Configuration (BC) sets are an official implementation toolset used to simplify the
customization process. You need to activate some of the BC sets that are delivered with AC/PC/RM
10.0. (See the Access Control BC Sets table and the Process Control and Risk Management BC Sets table below.)

NOTE

For Access Control 10.0 only environments, you only need to activate the Access Control BC Sets.

You can activate a particular BC set only if that client is not a production client in the system. When
you activate the BC set, all data in the BC set is transferred into the corresponding original tables. Any
entries already in the original tables are overwritten in this process.
See SAP Solution Manager for information about customizing activities at https://service.sap.com/
solutionmanager. For SAP BusinessObjects Access Control, Process Control and Risk Management
10.0, the appropriate SAP Solution Manager release for enhanced Solution Manager content is ST-ICO
150 SP27.
For more information about the SAP NetWeaver Application Server, see http://help.sap.com/nw70
SAP NetWeaver Library SAP NetWeaver by Key Capability Solution Life Cycle Management by Key Capability
Customizing Business Configuration Sets (BC-SETS)

Procedure
1. Choose Existing BC Sets from the toolbar in the Implementation Guide. This identifies all of the IMG
activities for which the BC set exists.
2. Select one of these IMG activities and choose the pushbutton BC Sets for Activity.
The contents of the BC set are displayed in a new window.
3. To activate this BC set, choose the pulldown menu Go to Activation Transaction .
4. Select the icon for Activate BC Set (or use F7).
The Activation Options screen opens.
5. Choose Continue.
A completion message appears: Activation successfully completed.

2011-04-18 PUBLIC 31/52

8 Activating Business Configuration (BC) Sets
8.2 Access Control BC Sets Table

NOTE

The information that follows applies only when activating AC/PC/RM 10.0 Business
Configuration sets. The following does not apply when activating BC sets in Access Control
10.0 only environments.
Alternatively, if a yellow informational message appears, choose Enter and then the completion
message appears.
CAUTION

You can safely ignore Basis functionality error messages that state:
System table GRPCATTR* cannot be put in a BC Set.
A message colored with a yellow background is only a warning. A message colored red is an
error message.
When activating the BC set tables that begin with GRPC-ATTR-*, errors may be listed in the
progress column. There are five BC sets that need to be activated twice:
ð}Ƀ£_ GRPC-ATTR-CTRL_OBJ_CATEGORY
ð}Ƀ£_ GRPC-ATTR-CTRL_GROUP
ð}Ƀ£_ BC_SET_RISK_LEVEL_MATRIX
ð}Ƀ£_ GRFN-PNS-FDA
ð}Ƀ£_ GRFN-PNS-SOX
1. You can ignore the following error messages during first-time activation:
ð}Ƀ£_ GRPC-ATTR-CTRL_GROUP VC_GRPCATTR Table/View V_GRPCATTRVALUE2: higher-
level entry for & missing

ð}Ƀ£_ GRPC-ATTR-CTRL_GROUP VC_GRPCATTR Entry xxxx xxxx does not exist in

GRPCATTRVALUE (check entry).

ð}Ƀ£_ GRFN-PNS-FDA Entry FDA does not exist in GRPC_MCF_REGCONF (check

entry).

ð}Ƀ£_ GRFN-PNS-SOX Entry SOX does not exist in GRPC_MCF_REGCONF (check

entry).
2. Second-time activation may produce warning messages that can safely be accepted if no
error message occurs.
If you receive a Basis error message with a red background, you must contact your system
administrator.

8.2 Access Control BC Sets Table

You need to activate the BC sets that are delivered with SAP BusinessObjects Access Control 10.0. These
BC sets are categorized by type in the table below.

32/52 PUBLIC 2011-04-18

8 Activating Business Configuration (BC) Sets
8.3 Process Control BC Sets Table

NOTE

You can activate all of the BC sets by using transaction SCPR20, including those that can be activated
via Customizing (marked with an asterisk [*] in the table below).

BC Set BC Set Name

Specific to Access Risk Analysis
GRAC_RA_RULESET_COMMON SOD Rules Set
GRAC_RA_RULESET_JDE JDE Rules Set
GRAC_RA_RULESET_ORACLE ORACLE Rules Set
GRAC_RA_RULESET_PSOFT PSOFT Rules Set
GRAC_RA_RULESET_SAP_APO JDE Rules Set
GRAC_RA_RULESET_SAP_BASIS SAP BASIS Rules Set
GRAC_RA_RULESET_SAP_CRM SAP CRM Rules Set
GRAC_RA_RULESET_SAP_ECCS SAP ECCS Rules Set
GRAC_RA_RULESET_SAP_HR SAP HR Rules Set
GRAC_RA_RULESET_SAP_NHR SAP R/3 less HR Basis Rules Set
GRAC_RA_RULESET_SAP_R3 SAP R/3 AC Rules Set
GRAC_RA_RULESET_SAP_SRM SAP SRM Rules Set
Specific to Access Request Management
GRAC_ACCESS_REQUEST_REQ_TYPE* Request Type
GRAC_ACCESS_REQUEST_EUP* EUP (Note: Only the value EU ID 999 is valid for this
BC set.)
GRAC_ACCESS_REQUEST_APPL_MAPPING* Mapping BRF Function IDs and AC Applications
GRAC_ACCESS_REQUEST_PRIORITY* Request Priority
Specific to Business Role Management
GRAC_ROLE_MGMT_SENTIVITY* Sensitivity
GRAC_ROLE_MGMT_METHODOLOGY* Methodology Process and Steps
GRAC_ROLE_MGMT_ROLE_STATUS* Role Status
GRAC_ROLE_MGMT_PRE_REQ_TYPE* Prerequisite Types
Specific to Superuser Management
GRAC_SPM_CRITICALITY_LEVEL* Criticality Levels
Specific to Workflow
GRC_MSMP_CONFIGURATION* MSMP Workflow Configuration Rules Set

8.3 Process Control BC Sets Table

You need to activate the following BC sets (categorized by type) that are delivered with SAP
BusinessObjects Process Control 10.0:
BC Set Name
Process Control-specific generic BC sets
GRPC-AGENTSLOTC-GLOBAL Global Roles to Receive Tasks in Workflow

2011-04-18 PUBLIC 33/52

8 Activating Business Configuration (BC) Sets
8.3 Process Control BC Sets Table

BC Set Name
GRPC-ROLE-CROSS-REG Role Assignment for PC Cross Regulation Roles
GRPC-SCOPE-MAT-ANA-FREQ Scoping Materiality Analysis Frequency
GRPC-SCOPE-IMPACT-LEVEL Impact Levels
BC_SET_PROBABILITY_LEVEL_ID Maintain Probability Level ID
BC_SET_RISK_LEVEL_MATRIX Maintain Risk Level Matrix

NOTE
Before activating this BC set, first activate
BC_SET_PROBABILITY_LEVEL_ID.

GRPC-SCOPE-CNTL-RISK-FACTOR Control Risk Factor

GRPC-SCOPE-CNTL-RATE-RNG Control Rating Range

GRPC-SCOPE-LVL-EVID-VAL Level of Evidence Value
GRPC-SCOPE-LVL-EVID Level of Evidence
BCSET-GRRM-GRRMVRISKOPPLVL Maintain Risk and Opportunity Levels

GRPC-BP-ATTR-VALUE Business Process Attribute Values

GRPC-ATTR-ASSERTION Financial Assertions
GRPC-ATTR-CATEGORY Control Category
GRPC-ATTR-CTRL_FREQUENCY Frequency of Control Operation
GRPC-ATTR-CTRL_GROUP Control Group and Subgroup
GRPC-ATTR-CTRL_OBJ_CATEGORY Control Objective Category and Control Type

GRPC-ATTR-IELC-FREQ Indirect Entity-Level Control Operation Frequency

GRPC-ATTR-INDUSTRY Industry
GRPC-ATTR-NATURE Nature of Control
GRPC-ATTR-PURPOSE Control Purpose
GRPC-ATTR-RELEVANCE Control Relevance
GRPC-ATTR-RISK_IMPACT Qualitative Risk Impact
GRPC-ATTR-SAMPLE_METHOD GRPC: Add New Sampling Method to BC Set
GRPC-ATTR-SCHED_FREQUENCY Scheduling Frequency
GRPC-ATTR-SIGNIFICANCE Control Significance
GRPC-ATTR-TEST_TECH Test Technique
GRPC-ATTR-TRANSTYPE Transaction Type
Process Control FDA-specific BC sets for FDA regulations
GRFN-PNS-FDA Plan Usage – FDA

NOTE
Before activating this BC set, first activate GRPC-MCF-FDA.
GRPC-AGENTSLOTC-FDA FDA Roles to Receive Tasks in Workflow
GRPC-MCF-FDA Regulation/Policy – FDA
GRPC-ROLE-FDA Roles for Regulation/Policy FDA

NOTE
Before activating this BC set, first activate GRPC-MCF-FDA.

34/52 PUBLIC 2011-04-18

8 Activating Business Configuration (BC) Sets
8.4 Shared BC Sets (Process Control & Risk Management)

BC Set Name
BC sets for SOX regulations:
GRFN-PNS-SOX Plan Usage – SOX

NOTE
Before activating this BC set, first activate GRPC-MCF-SOX.
GRPC-AGENTSLOTC-SOX SOX Roles to Receive Tasks in Workflow
GRPC-MCF-SOX Regulation/Policy – SOX
GRPC-ROLE-SOX Roles for Regulation/Policy SOX

NOTE
Before activating this BC set, first activate GRPC-MCF-SOX.

NOTE

The following BC sets must be activated twice:

xKxH(& GRPC-ATTR-CTRL_OBJ_CATEGORY (Control Objective Category and Control Type)
xKxH(& GRPC-ATTR-CTRL_GROUP (Control Group and Subgroup)

8.4 Shared BC Sets (Process Control & Risk Management)

You need to activate the following BC sets that are delivered with SAP BusinessObjects Process Control
10.0 and Risk Management 10.0:
BC Set Description
GRFN-AHISS-CAPA-REG-CRS Enable CAPA by Regulation Type for Cross Regulation Entities
GRFN-AHISS-OBJECT Enable Ad Hoc Issues by Object Type
GRFN-AHISS-SOURCE Maintain Ad Hoc Issue Sources
GRFN-AHISS-SOURCE-ENTITY Assign Ad Hoc Issue Sources to Entity Types
GRFN-ALLOW-CREATE-LOCAL-CTRL Maintain Possibility to Add Local Controls to Local Subprocess
GRFN-POLICY-ACKN-OPTION Define acknowledgement option
GRFN-POLICY-APPROVAL Define Policy Approvals
GRFN-POLICY-CATEGORY Maintain Policy Categories
GRPC-AMF-MENUITEM-UPGRADE BC Set of AMF menu items for upgrade customers
(for upgrade customers only)

NOTE
This BC set must be activated twice.
GRFN-WORKFLOW-NOTIFICATION Maintain Workflow Notifications
GRPC-FREQUENCY Timeframe Frequencies
GRPC-TIMEFRAME Timeframes
BC_SET_BENEFIT_CATEGORY Maintain Benefit Category
GRPC-RISK-DRIVER-CATEGORY Driver Category of Risk Attributes
GRPC-RISK-IMPACT-CATEGORY Impact Category of Risk Attributes

2011-04-18 PUBLIC 35/52

8 Activating Business Configuration (BC) Sets
8.5 Risk Management BC Sets Table

8.5 Risk Management BC Sets Table

You need to activate the following BC sets that are delivered with SAP BusinessObjects Risk
Management 10.0:
BC Set Name
BC_SET_ANALYSIS_PROFILE Maintain Analysis Profile
BC-SET_ACTIVITY_TYPES Maintain Activity Types
BC_SET_BENEFIT_CATEGORY Maintain Benefit Category
BC_SET_DEFINE_CATEGORIES_POWL Maintain Categories for POWL
BC_SET_DEFINE_THREE_POINT_ANALYS Define Three Point Analysis
BC_SET_DRIVER_CATEGORY Maintain Driver Category
BC_SET_IMPACT_CATEGORY Maintain Impact Category
BC_SET_IMPACT_LEVEL Impact and Risk Levels
BC-SET_INFLUENCE_STRENGTH Define Influence Strength
BC_SET_MAINTAIN_DEFAULT_QUERY Maintain Default Query for POWL
BC-SET_MAINTAIN_OPP_RESP_TYPES Maintain Opportunity Response Types
BC_SET_MAINTAIN_USER_RESP Maintain Users Responsible for Entity
BC_SET_OBJECTIVE_CATEGORIES Maintain Objective Category
BC_SET_PROBABILITY_LEVEL_ID Maintain Probability Level ID
BC_SET_PROBABILITY_LEVEL_MATRIX Maintain Probability Level Matrix
BC-SET_RESPONSE_EFFECTIVENESS Maintain Response Effectiveness
BC-SET_RESPONSE_TYPE Maintain Response Type
BC_SET_RISK_APETITE Maintain Risk Appetite
BC_SET_RISK_LEVEL Impact and Risk Levels
BC_SET_RISK_LEVEL_MATRIX Maintain Risk Level Matrix
BC-SET_RISK_PRIORITY_ID Maintain Risk Priority ID
BC_SET_RISK_PRIORITY_MATRIX Maintain Risk Priority Matrix
BC_SET_ROLES BC Set for Roles
BC_SET_SPEED_OF_ONSET Maintain Speed of Onset
BC-SET_LOSS_MATRIX_COLORS Incident Loss Color Matrix
BC_SET_UNIT_MEASURE Maintain Units of Measures
BC-SET_RISK_RESPONSE_TYPE Maintain Risk Response Type Combination
BCSET-GRRM-GRFNV_DEC_SETUP Define Probability and Maximum Score
BCSET-GRRM-GRFNV_POLICYTYPE Maintain Response Relevance for Policy Types
BCSET-GRRM-GRRMVPOLICYRESP Link Policy Status and Response Completeness
BCSET-GRRM-GRRMVRISKOPPLVL Maintain Risk and Opportunity Levels

36/52 PUBLIC 2011-04-18

9 Portal Package Configuration
9.1 Creating a System Connection in Enterprise Portal

9 Portal Package Configuration

9.1 Creating a System Connection in Enterprise Portal

You need to create a system connection for BusinessObjects Access Control 10.0, Process Control 10.0,
or Risk Management 10.0.

Procedure
To create systems in the portal to access the Web Dynpro applications in the Process Control ABAP
system:
1. Navigate the SAP Help Portal as follows: help.sap.com/nw70 scroll past SAP NetWeaver 7.0 including
Enhancement Package 1 Knowledge Center Support Package Stack 05, September 2009 scroll past Docupedia
Functional View SAP NetWeaver by Key Capability People Integration by Key Capability Portal Portal
Administration Guide System Administration .
Specifically, the topic Workset: System Administration provides tools to configure, maintain, and support
the portal, its services, and system landscape.
2. Use the above path until you reach Portal, then follow this path: Portal Administration Guide Super
Administration Administration Roles Workset: System Administration .
For optimum display of the portal, you need to choose the relevant portal configuration required
depending on the license purchased. Select portal configuration for AC10-only license users or for GRC
Suite multiple application license users (AC10+PC10+RM10 or any combination of two applications).

NOTE

SAP provides a set of sample roles, which include recommended authorizations. You can create
your own PFCG roles or copy the sample roles to your customer namespace, and then modify
them as needed. For more information about the delivered roles for, see Security Guide for SAP
BusinessObjects Access Control 10.0 / Process Control 10.0 / Risk Management 10.0.

Portal Configuration for AC 10.0-only Licensed Users

ºÜ6r+) System Aliases:

The system alias must use SAP-GRC and SAP-GRC-AC.
ºÜ6r+) Portal Roles:
ºÜ6r+F Assign the role GRC ACCESS CONTROL to the user.
ºÜ6r+F Assign the role ERP COMMON to everyone in the user group.

2011-04-18 PUBLIC 37/52

9 Portal Package Configuration
9.2 Creating the Initial User in the ABAP System

Portal Configuration for GRC Suite Licensed Users

System Aliases

Œ€ð,W8 If Access Control 10.0 is activated:

The system alias must use SAP-GRC and SAP-GRC-AC.
Œ€ð,W8 If Process Control 10.0 is activated: The system alias must use SAP-GRC and SAP-GRC-PC.
Œ€ð,W8 If Risk Management 10.0 is activated: The system alias must use SAP-GRC and SAP-GRC-RM.
Portal Roles

Œ€ð,W8 Assign the role GRC SUITE to the user.

Œ€ð,W8 Assign the role ERP COMMON to everyone in the user group.

9.2 Creating the Initial User in the ABAP System

SAP BusinessObjects AC/PC/RM 10.0 uses various roles to interface with the SAP system.

NOTE

This section uses the delivered roles only as an example. As you complete the procedure, it is
essential that you replace the sample roles with equivalent roles in your customer namespace.

Procedure

Access Control 10.0

To create an initial user in the ABAP system for SAP BusinessObjects Access Control 10.0:
1. Initially, all Access Control users need to be assigned to SAP_GRAC_FN_BASE to access AC 10.0
applications.
2. Next, assign the SAP_GRAC_FN_ALL role to the user doing the customizing of the product.
This is the power user role. It gives the designated user the ability to see and do everything without
being assigned to a specific Access Control role.
This role is typically assigned to the user setting up the organization structures and assigning
business roles to all the other users.
The role does not contain the authorizations for Workflow Customizing, Case Management, or Web
services activation. For these authorizations, use the role SAP_GRAC_SETUP.
CAUTION

Assign the SAP_GRAC_FN_ALL role with caution, since a user assigned to this role can make
pervasive changes.
For more information on the SAP_GRAC_FN_ALL role and its authorizations, see the SAP
BusinessObjects AC/PC/RM 10.0 Security Guide on the SAP Service Marketplace at: https://
service.sap.com/securityguide SAP Business User SAP BusinessObjects AC/PC/RM 10.0
Security Guide .
3. Using transaction SU01, create a user.

38/52 PUBLIC 2011-04-18

9 Portal Package Configuration
9.2 Creating the Initial User in the ABAP System

4. On the Address data tab, assign the communications type of e-mail and provide an e-mail address
if this user needs to receive workflow notifications via e-mail.
5. On the Roles tab, assign the SAP_GRAC_FN_BASE, SAP_GRAC_FN_ALL, and SAP_GRAC_ALL roles to this
user.
6. This user can now go to the IMG using transaction code SPRO and complete the configuration,
including such steps as activating the Business Configuration (BC) sets and assigning roles to other
users.

Process Control 10.0 and Risk Management 10.0

To create an initial user in the ABAP system for SAP BusinessObjects Process Control 10.0 and Risk
Management 10.0:
1. Initially, all Process Control users and Risk Management users need to be assigned to
SAP_GRC_FN_BASE to access PC/RM 10.0 applications.
2. Next, assign the SAP_GRC_FN_ALL role to the user doing the customizing of the product.
This is the power user role. It gives the designated user the ability to see and do everything without
being assigned to a specific Process Control or Risk Management role.
This role is typically assigned to the user setting up the organization structures and assigning
business roles to all the other users. It contains all of the authorizations from the role
SAP_GRC_FN_BUSINESS_USER, in addition to the following authorizations:

Ýñ†\MH Administrative functions in the Process Control Implementation Guide (IMG), and Risk
Management IMG.
Ýñ†\MH Structure setup in expert mode.
Ýñ†\MH Data upload for structure setup.
Ýñ†\MH Customizing table maintenance for PC/RM 10.0.
Ýñ†\MH Initiation of role assignment procedures.
The role does not contain the authorizations for Workflow Customizing, Case Management, or Web
services activation. For these authorizations, use the role SAP_GRC_SPC_SETUP.
CAUTION

Assign the SAP_GRC_FN_ALL role with caution, since a user assigned to this role can make
pervasive changes.
For more information on the SAP_GRC_FN_ALL role and its authorizations, see the SAP
BusinessObjects AC/PC/RM 10.0 Security Guide on the SAP Service Marketplace at: https://
service.sap.com/securityguide SAP Business User SAP BusinessObjects AC/PC/RM 10.0
Security Guide .
3. Using transaction SU01, create a user.
4. On the Address data tab, assign the communications type of e-mail and provide an e-mail address
if this user needs to receive workflow notifications via e-mail.
5. On the Roles tab, assign the SAP_GRC_FN_BASE and SAP_GRC_FN_ALL roles to this user.

2011-04-18 PUBLIC 39/52

9 Portal Package Configuration
9.3 Creating the Initial User in the Enterprise Portal

6. This user can now go to the IMG using transaction code SPRO and complete the configuration,
including such steps as activating the Business Configuration (BC) sets and assigning roles to other
users.

9.3 Creating the Initial User in the Enterprise Portal

The Navigation tab and Work Centers for AC 10.0 and PC/RM 10.0 are defined in the portal roles, and these
roles are maintained in the GRC portal package.
After creating the portal user, the portal user administrator needs to assign the user to GRC 10.0 portal
roles. This enables the user to see the GRC Navigation tab and Work Centers.

NOTE

This section uses the delivered roles only as an example. As you complete the procedure, it is
essential that you replace the sample roles with equivalent roles in your customer namespace.

Procedure

Access Control 10.0

1. Log on as portal user administrator and access the User Administration function.
2. If the user has been created by the User Management Engine (UME) that is connected to the GRC
ABAP system, you do not need to create the user in the portal system.
If not, create a new portal user and assign the system to the user in the User Mapping for System
Access tab, along with a mapped user ID and password.
3. After creating the user, go to the Assigned Roles tab and assign the role GRC Suite (name:
pcd:portal_content/com.sap.pct/com.sap.grc.grac/com.sap.grc.ac.roles/
com.sap.grc.ac.Role_All) to the user who has the power user role SAP_GRAC_FN_ALL in the ABAP
system, to enable viewing of all the Work Centers.

Process Control 10.0 and Risk Management 10.0

1. Log on as portal user administrator and access the User Administration function.
2. If the user has been created by the User Management Engine (UME) that is connected to the GRC
ABAP system, you do not need to create the user in the portal system.
If not, create a new portal user and assign the system to the user in the User Mapping for System
Access tab, along with a mapped user ID and password.
3. After creating the user, go to the Assigned Roles tab and assign the role GRC Suite (name:
pcd:portal_content/($installedpath$)/com.sap.grc.GRC_Suite/
com.sap.grc.GRC_Suite_Role/com.sap.grc.GRC_Suite) to the user who has the power user role
SAP_GRC_FN_ALL in the ABAP system, to enable viewing of all the Work Centers.

40/52 PUBLIC 2011-04-18

9 Portal Package Configuration
9.3 Creating the Initial User in the Enterprise Portal

More Information
For more information about visibility of Work Centers, see the SAP BusinessObjects AC/PC/RM 10.0 Security
Guide at https://service.sap.com/securityguide.
Communication is based on the technologies delivered by SAP NetWeaver Portal. For more
information, see the SAP NetWeaver Portal Security Guide at https://service.sap.com/securityguide.

2011-04-18 PUBLIC 41/52

This page is left blank for documents
that are printed on both sides.
10 Content Lifecycle Management (CLM) Installation
10.1 New Features

10 Content Lifecycle Management

(CLM) Installation

10.1 New Features

NOTE

This chapter applies only to SAP BusinessObjects Process Control 10.0 and SAP BusinessObjects
Risk Management 10.0.

Content Lifecycle Management (CLM) aims to support the management of application content. This
is achieved by providing users with a consistent way to package, version-control, inspect, and import
vendor content into their systems. It focuses on the capability to deliver content from vendors’
landscapes to customers’ landscapes.
It is not intended to provide a means to transport content within a single landscape; this is already
facilitated by the ABAP transport system.

10.2 SAP Notes for CLM Installation

You must read the following SAP Notes before you start the installation. These SAP Notes contain the
most recent information on the installation, as well as corrections to the installation documentation.
Make sure that you have the up-to-date version of each SAP Note, which you can find in the SAP Service
Marketplace at service.sap.com/notes.
SAP Note
Number Title Description
1511393 Release strategy for This note provides information about planning the installation and upgrade
the ABAP add-on of ABAP add-on POASBC.
POASBC

1511322 Installing POASBC You want to install an add-on or perform a delta upgrade to SAP NetWeaver
100_702 on NW 7.0 7.0 with Enhancement Package 2.
EHP2
1536594 Support packages for This note contains information about Add-on Support Packages for
POASBC 100_702 POASBC.

CAUTION
Do not import Support Package SP01 (SAPK-10001INPOASBC) and
Support Package SP02 (SAPK-10002INPOASBC) together in a queue
because a termination may occur during the import.

2011-04-18 PUBLIC 43/52

10 Content Lifecycle Management (CLM) Installation
10.3 Planning for CLM

10.3 Planning for CLM

Planning for Content Lifecycle Management
1. Determine the software component and supporting platform versions that are needed to run
Content Lifecycle Management.
2. Identify the managed application system(s) for which content is to be managed using CLM; these
systems are used by CLM for communication during content extraction and content deployment.
3. After identification of CLM and managed application systems; choose either integrated landscape
(in the same system where application is being installed) mode or standalone mode.
4. Identify roles and their activities that will be assigned to CLM users.
5. If you intend to create or import content packages with attachments/supporting files apart from
application content, make sure that CLM is connected to a secured desktop. CLM uses local desktop
for attachments/files upload and download within content packages. Make sure that CLM users
have sufficient authorization to access local files.
Identifying Managed Application Systems
It is not necessary to identify all managed application systems during CLM installation as you can add
extra application systems at a later stage and configure them for communication to CLM. However,
identifying the application systems at this stage can provide a good overview of the overall landscape
in the context of CLM and can help you to decide on existing systems that can be used for CLM
installation.
The systems for which content is to be managed must be technically capable of integrating with Content
Lifecycle Management (CLM). Apart from the current application (with which CLM is shipped), it is
possible to integrate with further applications.

RECOMMENDATION

We recommend integrating Content Lifecycle Management with the following:

[*ïY•ł Consolidation system for deploying content before deploying that content to the actual
production system.

Choosing Landscape Model

You need to decide whether the integrated or standalone mode of the Content Lifecycle Management
(CLM) system is more appropriate for your scenario.
Refer to technical system landscape section in the master guide for the application.

CAUTION

To enable communication between connected SAP systems it might be necessary to set up trust
relationships between systems. When planning the installation of Content Lifecycle Management
on an already existing application system instance alongside an existing application, security and
performance considerations must be taken into account.

Identifying Roles and Activities

44/52 PUBLIC 2011-04-18

10 Content Lifecycle Management (CLM) Installation
10.4 Preparing to Install CLM

Content Lifecycle Management only delivers sample technical roles containing authorizations for
various managed applications and with supported features for each managed application. The delivered
roles are only for reference for a particular managed application; for more restrictions, you need to
plan what roles can exist with regard to CLM and what CLM activities can users with these roles perform.
Documentation of the CLM-based authorization objects and delivered technical roles is included in
the Security Guide.

RECOMMENDATION

We recommend to have the same users for both CLM and the application. The CLM authorization
object can be assigned to users specific to the application via Netweaver ABAP user and role
management.
Authorization checks for application-specific objects and roles are part of the application itself.
Since CLM interacts with these applications for content extraction and deployment; unauthorized
access to content can only be prevented if the same user is used in both CLM and the application.

Software Component
Software Component Prerequisites
POASBC version POA_SBC_100_702 SAP_ABA 7.02 SAP_BASIS 7.02

10.4 Preparing to Install CLM

Preparing to Install Content Lifecycle Management
For more information about installing Content Lifecycle Management (CLM) as a standalone add-on,
see SAP Help Portal at http://help.sap.com SAP NetWeaver Introduction SAP NetWeaver Security
Guide Security Aspects for Lifecycle Management Security Issues in ABAP Software Maintenance Add-On Installation
Tool (if CLM is being installed in standalone mode).
See application-specific installation steps, which would include installation of CLM (if installation is
being done together with application itself).
If you are using Content Lifecycle Management in standalone mode, you can access the Customizing
activities as follows:
1. Run transaction SIMGH.
2. Search for structure Content Lifecycle Management using F4 help.
You can add this structure as a favorite.
3. Choose display mode.
4. You can now maintain the Customizing activities.

10.5 Installing CLM Components

Installation of Content Lifecycle Management

2011-04-18 PUBLIC 45/52

10 Content Lifecycle Management (CLM) Installation
10.6 CLM Post-Installation

1. Verify that CLM is not already installed.

2. Install CLM in the landscape.
Verifying Component is Not Already Available
Check the system status dialog to ensure that there is not already a component with a name starting
POASBC installed.
Installing the Component POASBC in Standalone Mode for Content Lifecycle Management
Use the add-on installation tool to load the required package. The required package is available on the
CD under [rel]/DATA/POA_SBC_[rel].SAR, where [rel] is the SAP_BASIS release version of the target
system.
For more information about installing Content Lifecycle Management (CLM) as a standalone add-on,
see SAP Help Portal at http://help.sap.com SAP NetWeaver .

10.6 CLM Post-Installation

Post-Installation of Content Lifecycle Management
1. Set up communication destinations.
2. Determine naming policy and global configurations.
3. Configure system registry.
4. Configure technical settings.
5. Optional: Set up user mapping.
Setting Up Communication Destinations

NOTE

This step mainly applies to standalone CLM landscape model. In the landscape model where
communication between the application and CLM happens locally, there is no need for
communication destinations.

For each system that has to be managed via CLM there should be at least one RFC destination set up.

NOTE

If it cannot be guaranteed that the same users are used throughout the landscape, it is also the
point when users in the managed system and in the system hosting CLM can be mapped to each
other. This can be done by configuring authentication of the created RFC Destinations (Logon &
Security).

For more information about setting up RFC destinations, see SAP Help Portal at http://
help.sap.com SAP NetWeaver .

46/52 PUBLIC 2011-04-18

10 Content Lifecycle Management (CLM) Installation
10.6 CLM Post-Installation

CAUTION

When configuring the RFC destination, make sure that you set up authentication (logon and
security). Ensure that the user is not asked for RFC connection logon details, as CLM lacks the
capability to prompt users for RFC connection logon details during runtime.

Make a note of the destinations created as these are needed later on during the configuration process.
Determining Naming Policy and Global Configurations
To ensure that a globally unique identification is available for content managed by CLM, namespaces
have to be configured within CLM. When application content is managed in CLM system; it receives
specific identification based on values configured in this step.
Use
There are three levels of unique names within CLM:
¦û—¡5d Vendor namespace
NOTE

Vendor namespace is only necessary for the business process Providing Content. It is not necessary
for the business process Consuming Content.
¦û—¡5d Authoring domains
¦û—¡5d Repository identification
You define these values in Customizing for Content Lifecycle Management under Define Global Settings and
Define Authoring Domains.
For more information about the namespace concept within CLM, see SAP Library documentation
under Content Lifecycle Management Content Group .
Procedure
1. Specify CLM repository ID and vendor namespace that is globally unique for this instance of CLM.
NOTE

To ensure the uniqueness of the chosen namespace, SAP operates a service that issues unique
namespaces for use in SAP Service Marketplace. Vendors are free to use their own namespace
identifier that can distinguish their content from others in CLM.
RECOMMENDATION

We recommend using an existing registered vendor namespace with SAP.

2. Identify at least one authoring domain that is going to be used with this instance of CLM.
These settings are unique per CLM instance — per CLM ABAP system and client combination.
Therefore, in a landscape where CLM is installed in one system, but is used in multiple ABAP clients,
each ABAP client holds client-specific values.
EXAMPLE

You can have Netweaver ABAP server – D1X:

1. Development client 100 has values: Vendor Namespace = XXX, Repository ID = DEV100,
Authoring Domain = O&G_USA

2011-04-18 PUBLIC 47/52

10 Content Lifecycle Management (CLM) Installation
10.6 CLM Post-Installation

2. Test client 200 has values: Vendor Namespace = XXX, Repository ID = QUA100, Authoring
Domain = O&G_USA
You can define the applications that communicate with CLM in Customizing for Content Lifecycle
Management under Define Applications.
Configuring System Registry
The CLM system registry is used for maintaining a list of the managed systems along with their
connectivity information. CLM must have an entry in the system registry for all the systems that are
to be managed by CLM.
You can configure new managed systems in Customizing for Content Lifecycle Management under Maintain
System Registry (transaction SPRO).
For more information, see Maintain System Registry documentation.
During maintenance of system registry, you are asked to specify an existing authoring domain and an
existing RFC destination whose values were set in above steps.
CLM predelivers application-specific API groups containing APIs that are RFC functions modules
residing in application system. When you configure system registry, you associate RFC destination to
API groups and finally you use the system registry at runtime in your business scenarios for content
extraction and deployment.

NOTE

After settings have been made in Customizing, the transaction /POA/CLM_API_TESTER should
be run to test the configured systems, APIs, and function modules before running CLM for actual
extraction and deployment. This tool is only intended for developers and it accepts the system
registry ID. The returned results display the format, signature, and RFC checks against a particular
application system.

You can also maintain the system registry in transaction SE54. Choose Edit View Cluster and enter /POA/
VC_CLM_SYS_REG.
Configuring Technical Settings for Content Lifecycle Management
CLM has the following technical settings that can be maintained:
|1˘}²) Deployment polling count — how many times to check the deployment
|1˘}²) Deployment polling interval (minutes) — how often to check the deployment
|1˘}²) Maximum extract chunk size (KB)
|1˘}²) Refresh (seconds) — how often to refresh the content in the main view
|1˘}²) Comparison threshold (hours) — if a content group you are comparing is older than the defined
threshold, you receive a warning message
To change these settings, see Customizing for Content Lifecycle Management under Maintain Technical
Settings (transaction SPRO).
For more information, see the Maintain Technical Settings documentation.
Content Lifecycle Management (CLM) is delivered with the following SAP ABAP-based roles:

48/52 PUBLIC 2011-04-18

10 Content Lifecycle Management (CLM) Installation
10.6 CLM Post-Installation

ve�⁄x /POA/CLM_GRC_USER
ve�⁄x /POA/CLM_GRC_<application name>_USER
There are three possible information architectures:
SAP GUI Installation
If SAP GUI is used as the information architecture, the following configuration steps must be followed
to allow access to CLM:
The CLM roles include the menu for the CLM Web Dynpro ABAP application and also an authorization
profile for CLM-based authorization objects. For more information about authorizations, see the
application security guide.
As an administrator, you can assign users in the CLM roles or create your own roles as a copy of these
and assign users to these roles.
For example, after assignment of CLM roles to 'CLM_TEST' user in SAP backend, the CLM role is
available in the user menu.
NetWeaver Business Client Installation
If NetWeaver Business Client is used as the information architecture, the following configuration steps
must be followed to allow access to CLM:
SAP BusinessObjects governance, risk, and compliance (GRC) solutions predeliver roles for NetWeaver
Business Client for various applications and various functions such as:
ve�⁄x SAP_GRC_NWBC for overall GRC solutions work centers.

RECOMMENDATION

We recommend that you include CLM in your existing GRC solutions role and provide the
configuration in PFCG as needed. You can either include the menu from the delivered CLM role
or create your own menu path in NetWeaver Business Client pointing to the CLM Web Dynpro
ABAP application /POA/WD_CLM.

The CLM ABAP Web Dynpro application has the following configuration ID to run CLM for GRC
solutions:
/POA/WD_CLM_GRC - Configuration parameter for CLM in GRC solutions

EXAMPLE

The CLM Web Dynpro ABAP application is included as a new folder in a customer role, which is
based on SAP_GRC_NWBC role in PFCG. As a result, the UI that is displayed to a user with this
role includes work centers from an existing GRC solutions role plus a new work center for Content
Lifecycle Management.

Portal-Based Installation
If portal-based access is used as the information architecture, the following configuration steps must
be followed to allow access to CLM:

2011-04-18 PUBLIC 49/52

10 Content Lifecycle Management (CLM) Installation
10.6 CLM Post-Installation

Portal roles are used in GRC solutions to provide NetWeaver portal-based user access for various
functions.
For CLM, no existing portal role is supplied, but the following steps can be used to enable portal users
to access CLM:
1. In NetWeaver Portal, choose Content Administration Portal Content Management Portal Content .
2. Copy an existing model workset, create a new workset, or enhance the old workset with the CLM
link.
3. To add CLM as an application link:
1. Create a new iView based on Web Dynpro ABAP application.
2. Provide WAS server details or an existing SAP system alias.
3. Enter Web Dynpro ABAP application name as wd_clm and enter WDCONFIGURATIONID=%2fPOA
%2fWD_CLM_GRC in Application Parameters field.
4. Assign the workset to existing or new portal roles as needed.
EXAMPLE

You can create a new portal role specifically for CLM, which is only visible to content
administrators or you can assign the CLM work center to an existing role depending on your
requirements.
5. Assign the portal role to relevant users and groups.
6. Enable portal users to use back-end users, with the correct authorization to run CLM. Map the
portal users to back-end users with CLM roles assigned.

50/52 PUBLIC 2011-04-18

 SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf
Germany
T +49/18 05/34 34 34
F +49/18 05/34 34 20
www.sap.com

© Copyright 2011 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained
herein may be changed without prior notice.