CLM grc 10
-
Upload
deepa-saha -
Category
Documents
-
view
383 -
download
7
Transcript of CLM grc 10
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com
© 2009 SAP AG
Applies to:
GRC 10.0 release, Process Control 10.0.
Summary
This document describes configuration and use of Content Lifecycle Management (CLM) for SAP GRC
Process Control (PC) 10.0 release. The document includes a Frequently Asked Questions section covering
discussion topics which have come up during presentations to partners and customers.
CLM use for PC has strong resemblances to its use for other GRC products such as Access Control (AC)
10.0, Risk Management (RM) 10.0 and Global Trade Services (GTS) 10.0, although some of the details
differ.
Authors: Jiran Ding, Atul Sudhalkar
Company: Governance, Risk, and Compliance
SAP BusinessObjects Division
Created on: 02 May 2011
Version 2.0
GRC Process Control 10.0
Content Lifecycle Management
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com
© 2009 SAP AG
Document History
Document Version Description
2.0 Atul’s re-format to fit this template
1.10 Atul’s revisions to some descriptions
1.00 First draft
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com
© 2009 SAP AG
Typographic Conventions
Type Style Description
Example Text Words or characters quoted
from the screen. These
include field names, screen
titles, pushbuttons labels,
menu names, menu paths,
and menu options.
Cross-references to other
documentation
Example text Emphasized words or
phrases in body text, graphic
titles, and table titles
Example text File and directory names and
their paths, messages,
names of variables and
parameters, source text, and
names of installation,
upgrade and database tools.
Example text User entry texts. These are
words or characters that you
enter in the system exactly as
they appear in the
documentation.
<Example
text>
Variable user entry. Angle
brackets indicate that you
replace these words and
characters with appropriate
entries to make entries in the
system.
EXAMPLE TEXT Keys on the keyboard, for
example, F2 or ENTER.
Icons
Icon Description
Caution
Note or Important
Example
Recommendation or Tip
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com
© 2009 SAP AG
Table of Contents
1. Business Scenario............................................................................................................... 1
2. Background Information ..................................................................................................... 2
2.1 Customizing data .......................................................................................................... 2
2.2 Master data types managed by CLM ........................................................................... 4
2.3 Master data types NOT managed by CLM ................................................................... 4
3. Prerequisites ........................................................................................................................ 5
4. Step-by-Step Procedure ...................................................................................................... 7
4.1 Create RFC Connection in CLM ................................................................................... 7
4.2 System Registry in CLM ............................................................................................... 7
4.3 Extraction ...................................................................................................................... 8
4.3.1 Procedure ........................................................................................................ 8
4.4 View Content Group ................................................................................................... 12
4.4.1 Procedure ...................................................................................................... 12
4.5 Edit Content Group ..................................................................................................... 13
4.5.1 Procedure ...................................................................................................... 13
4.6 Clean up testing data (Optional) ................................................................................. 15
4.6.1 Procedure ...................................................................................................... 15
4.7 Deployment ................................................................................................................. 16
4.7.1 Procedure ...................................................................................................... 16
4.8 Mass Editor ................................................................................................................. 20
4.8.1 Downloading and Uploading with XML .......................................................... 20
4.8.2 Prerequisites .................................................................................................. 23
4.8.3 Procedure ...................................................................................................... 24
4.8.4 More Information ............................................................................................ 28
5. FAQ ..................................................................................................................................... 30
5.1 What is Content Lifecycle Management? What content does CLM manage? .......... 30
5.2 What is “mass-edit”? Which applications offer mass-editing via CLM? How does
this compare with MDUG? .......................................................................................... 31
5.3 How do I import business process models from BPM systems into GRC?................ 32
5.3.1 Master Data Exchange .................................................................................. 32
5.3.2 Runtime Integration ........................................................................................ 34
5.4 I merged vendor updates into my customized content, now it doesn’t deploy! .......... 35
5.5 I had three CLM instances in my landscape, now everything is all messed up! ........ 36
5.6 How do I use CLM to move content around within my landscape? ........................... 36
5.7 Is CLM licensed separately? Do partners need to purchase licenses for CLM?
How does SAP certify partner content? What channel does SAP provide for
getting partner content to customers? .................................................................. 37
6. Comments and Feedback ................................................................................................. 37
7. Appendix .................................................................................. Error! Bookmark not defined.
8. Copyright ............................................................................................................................ 38
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com
© 2009 SAP AG
IMPORTANT INFORMATION FOR THE "HOW-TO GUIDE" AUTHOR
Before using the template for the first time, copy it to your C:\Documents and
Settings\All Users\Templates folder and use only that copy. This
ensures that you use the same template for all your guides.
Do not delete any pages preceding this page.
Do not alter the layout of the pages preceding this page.
Make sure to delete this entire page before publishing your guide.
Check the GRC joint cRoom to see if you are using the latest template:
https://portal.wdf.sap.corp/irj/go/km/navigation/guid/90c9b481-51c5-2b10-6582-
9ec2783f880e
If you are new to this template, read the separate READ ME FIRST document for
more information about the macros and autotexts that are provided in the
template.
Use the outline provided in this template as a guideline for the structure of your
How-To Guide. You may delete it if it is not applicable.
Do NOT apply styles, create tables, or add notes manually. Use ONLY the
macros and autotexts in the two How-To Guide toolbars.
BEFORE YOU BEGIN WRITING
Make sure that the following toolbars are visible in the toolbar area of Word. If not,
in the View Toolbars menu, select HowToGuide_1 and HowToGuide_2.
• • •
By design, only horizontal border lines between each row are added to tables in
this template; vertical border lines between columns are not displayed.
To toggle the display of vertical and horizontal gridlines of tables, use the Show/Hide Table Gridlines action in the How-To Guide toolbar. In the final print version, your document will only print the horizontal border lines between rows.
Enter the title of the document and your name (or user ID) in the document
properties dialog box (File Properties menu; Summary tab, Title and Author
fields).
1. Business Scenario
SAP BusinessObjects Governance, Risk and Compliance (GRC) customers have long
indicated that the desire better content support from SAP. In this context, content typically
means GRC master data such as risks, controls, regulations, etc.—data which is typically
entered by experts during the implementation, before end-users can work with GRC products.
Some of this content is customer-independent: examples would include regulations, risks and
controls which encode requirements for Public Utility compliance such as NERC/FERC, SOX
compliance, FCPA compliance, etc. Many industry practitioners maintain a „database‟ of
such content, often in well-structured internal databases such as Access, shared with their
colleagues, or in personal notes. The value scenario here is to help such practitioners map this
content to GRC structures, and provide tools to facilitate re-use of such content with many
customers without painful and repetitive data entry.
Some content is necessarily customer-dependent: organizational structure and business
processes, user provisioning, etc are all customer specific. System landscape is another
clearly customer-specific configuration, although that tends to be a little tangential to GRC
PC usage.
Content Lifecycle Management (CLM) is a set of features included in every product which is
part of the SAP BusinessObjects Governance, Risk and Compliance (GRC) suite release 10.0.
This release entered ramp-up in December 2010, and was officially launched at SAP Insider
in March 2011. All four products in GRC—Access Control (AC), Process Control (PC), Risk
Management (RM) and Global Trade Services (GTS)—support CLM functionality.
Content Lifecycle Management (CLM) enables version control, extraction, deployment and
packaging/transport of GRC master data. It allows SAP customers to leverage application
content developed by the ecosystem.
CLM aims to address all types of content eventually. The use cases for customer-specific
content are slightly different from the ones for customer-independent content, but both sets
are necessary and relevant. We want to address all customer and partner needs in this area,
over time. This document explains what CLM does, what content it manages, what
limitations exist, etc.
2. Background Information
CLM helps content providers deliver application content and its subsequent changes via
content packages. Over the lifetime of any content, CLM highlights changes and helps users
manage the evolution of content as regulations change, companies undergo mergers,
acquisitions, reorganizations, expand into new regions, etc.
CLM helps customers bring in content authored across the ecosystem, test, customize and
maintain it in the face of evolving regulations and changes in the organization and business
practices of the company.
This document describes how SAP GRC Process Control 10.0 leverages CLM functionality.
PC CLM covers all the key master data entities which were previously addressed by the
experimental Master Data Upload Generator (MDUG) tool which was given to many partners
to support the PC 3.0 release. Given CLM‟s support for uploads, downloads, mass-edit,
version control and ID re-mapping to enable transport between GRC instances within and
across landscapes, SAP believes CLM supercedes MDUG in all respects.
Other documents describe implementation of the CLM functionality in general. The rest of
this document focuses on the specifics of configuring and using CLM for use with PC 10.0.
Target Audience
System administrators
Technology consultants
SAP GRC partners‟ consultants and business development officers
2.1 Customizing data
Technique Name Name IMG Path Structure Path
IMPACT Risk Impact GRC Shared Master Data Settings Risk and Opportunity Attributes
Maintain Impact Categories
DRVCAT Risk Driver Maintain Driver Categories
CO-OBJCAT Control Objective Category
GRCProcess ControlEdit Attribute Values
Attributes with Dependent Value
AC-ASS Account Group Assertion
Attributes TS-SAMPLING_METHOD
Test Plan Sampling Method
INDUSTRY Subprocess Industry
TR_TYPE Subprocess Traction Type
PR-CATEGORY Control Category
PR-SIG Control Significance
CN_EVIDENCE Control Evidence GRCProcess Control Scoping
Set Level of Evidence Value
CN_CNTR_RISK Control Risk Rating Set Control Rating Range
PR-AUTOM Control Automation
GRCProcess ControlEdit Attribute Values
Attributes with Fixed Values
PR-PURP Control Purpose
Attributes
PR-NATURE Control Nature
RELEVANCE Control Relevance
CN_GROUP Control Group
CN_SUBGROUP Control Subgroup
PR-FREQ Control Frequency
PR-TEST_AUTOM Control Test Automation
Attributes with Fixed Values
PR-TTECHNQ Control Test Technique Attributes
IELC-FREQ IELC Frequency
2.2 Master data types managed by CLM
Technique Name Name
REG_GROUP Regulation Group
REGULATION Regulation
REG_REQ Regulation Requirement
ORGUNIT Orgunit
CRGROUP Central Risk Group
CRISK Central Risk Template
COBJECTIVE Control Objective
ACC_GROUP Account Group
TESTPLAN Test Plan
XPROCESS Central Process
XSUBPROCESS Central Subprocess
XCONTROL Central Control
XECGROUP Central IELC Group
XECONTROL Central IELC
2.3 Master data types NOT managed by CLM
The so-called “local” entities are not managed by CLM in PC 10.0.
Technique Name Name
PROCESS Local Process
SUBPROCESS Local Subprocess
CONTROL Local Control
ECGROUP Local IELC Group
ECONTROL Local IELC
Business Rules and Data Sources are not managed by CLM, but there is a separate program to
help transport BRs and DSs using SAP ABAP transport.
3. Prerequisites
Important SAP Notes
Make sure that you have the up-to-date version of each SAP Note, which you can find on
SAP Service Marketplace at: http://service.sap.com/notes.
Additional Information
For more information about specific topics, see the Quick Links as shown in the table below.
Content Quick Link on the SAP Service Marketplace
Related SAP Notes service.sap.com/notes
Released platforms service.sap.com/platforms
SAP Solution Manager service.sap.com/solutionmanager
Note
SAP POA SBC Content Lifecycle Management for Process Control 10.0 supports Microsoft Excel 2003 and Microsoft Excel 2007. Examples in this document take Microsoft Excel 2007 as its context. Most content in this document applies to Microsoft Excel 2003 as well.
4. Step-by-Step Procedure
4.1 Create RFC Connection in CLM
As CLM will call PC API to extract or deploy content, it is necessary to create a RFC
connection firstly before using CLM.
In CLM system, create a RFC Connection by T-Code SM59, please notice you should have
the authority to do the operation.
4.2 System Registry in CLM
If you initially use CLM, it is necessary to configure the application connection on CLM side.
1. Go to IMG and select “Maintain System Registry” under “Content Lifecycle
Management”.
2. Double click “System Registry” in the left tree, then push button “New Entries” or
“Update” to maintain the registry. For each PC system client in which you want to
use CLM, it is necessary to create a configuration.
3. Create or update system registry entry for the chosen API group and specify the
following details:
a. Select an existing authoring domain
b. Provide a suitable name for the system registry entry.
c. Select the RFC destination.
d. Specify SAP system ID and client: System ID and client can be any text, but it
is best to include the ID and client of an actual SAP back-end system if the
system registry entry corresponds to one.
e. Provide a suitable description for the system registry entry. Here is an example configuration for GRC PC system GF2 client 930.
4.3 Extraction
Extraction pulls current content out of PC into CLM; for objects with date validity (most
master data types in PC have date validity), PC selects what‟s currently valid when CLM
requests an extraction.
The language (i.e., English, German, etc.) of extracted content depends on the RFC
connection logon properties.
4.3.1 Procedure
1. Go to CLM Portal Open Click “Manage Content Group”
2. Click on button “Extract”
3. Enter “Name”, “Description”, “Comment”, and select counterpart extraction system. The
systems listed in the dropdown depend on the system registry configured in back-end.
4. Press “Save”. Extraction executes as a background job, and while it’s running, the content
group icon is yellow.
After finished, the icon comes to green.
NOTE
While extraction is still executing in the background, the status is “initial” (yellow);
Once extraction completes, status changes to “valid” if there’s no error; refreshing the screen thereafter will change the icon’s color to green.
Extraction errors change the content group status to “error”, and a subsequent screen refresh will change the icon color to red.
After deployment, the status is “One or More Deployments Existing” (white).
5. You could go to CLM system log to see detail.
T-Code SLG1, enter the object ID as “/POA/CLM”, the subobject as “CHECKPOINT” to
search the log history.
You could also go to source system to see the extraction log.
T-Code SLG1 in the source system, entering the object as “GRFN”, and Subobject as
“IO_EXPORT” to search the extraction log.
4.4 View Content Group
You could view content group detail and the objects contained in this content group.
4.4.1 Procedure
1. Go to CLM Portal Open Click “Manage Content Group”
2. Select a content group, and click button “View”.
3. The content group is displayed.
Content group information is available to see.
The objects are displayed only for the general attributes, such as Entity Type, ID in the source,
name and description.
For the detail information, you need to use mass-editor to download content and see them.
4.5 Edit Content Group
You could edit content group name, description and comment.
4.5.1 Procedure
1. Go to CLM Portal Open Click “Manage Content Group”
2. Select a content group, and click button “Edit”
3. In the popped up window, content group name, description and comment are available
to edit.
If you want to edit the object in the content group, you could use mass-editor functionality to
support this.
4.6 Clean up testing data (Optional)
Before deploying the content to PC from CLM, if you want a clean-up your master data in the
deployment system, you can run these programs.
4.6.1 Procedure
1. Run T-code: SE38
2. Program Name: GRPC_CLM_CLEANUP.
Check the box before the entity which you want to delete.
Test Mode: when selected, system will do the simulation. All entities will be listed;
Uncheck the box the data will be deleted. The deleted status will be shown as green
when success. (Note: For double check after deleted successful, go back and repeat the
step in test mode to check if they have really been deleted. In theory, you should not see
any entities anymore.)
Text field: Only contains the substring: enter the string you want to deleted contains in
the Master Data
3. After all data deleted in PC, the data should also be deleted in deployment system.
4.7 Deployment
Deploying a content group pushes the contained objects into a PC instance.
4.7.1 Procedure
1. Go to CLM Portal Open Manage Content Group
2. Select the content group and click button “Deploy”
3. Select a target system to deploy.
Test Mode means it will not actually persist the changes in PC.
Valid from and valid to means the validity of the content you want to deploy in target
system. As noted earlier in this document, most PC master data types have date validity;
when deploying such content from CLM to PC, it is necessary to pick a validity date
range which PC should apply to the content. For content types with date validity, any
existing objects which are about to be “overwritten” by content being deployed from
CLM are not actually overwritten. Instead, currently valid settings for those objects are
truncated—that is, the “valid to” date of these is set to today, and the newly deployed
settings are made valid from today to 9999-12-31. These dates are the default; in fact, the
deployment screen (image below) offers the CLM user an opportunity to pick which
dates to use, with the constraint that the validity range must include today.
4. Click “Deploy”, then a background job will be scheduled to deploy. This avoids holding
up the CLM user while the potentially long-running deployment job (which typically
executes over the network for remote PC instances) completes.
5. Then you could close window and wait for a while. Once deployment completes,
successfully or otherwise, subsequent screen refreshes will update the status icon.
6. Then you go to CLM system log to see the deploy status. Enter the subobject as
“DEPLOYMENT”
You could also go to deployment target system to see detail log.
T-Code SLG1 in the target system, entering the object as “GRFN”, and Subobject as
“IO_IMPORT” to search the deployment log.
4.8 Mass Editor
Mass-edit addresses the oft-expressed desire of SAP customers to avoid creating or maintaining
master data object-by-object and screen-by-screen in a browser-based UI. Customers find it far more
productive to use desktop tools such as Microsoft Excel, by downloading vast selections of objects,
changing them using familiar desktop tools, and uploading after all changes are made and reviewed.
PC CLM supports mass-editing via an XML interface. This enables users to use their favorite
desktop XML data editor. Since MS Excel includes (limited) XML support, SAP has elected
to provide a shortcut to Excel for PC CLM customers. But note that the underlying mass-edit
support is more general, and partners and customers are encouraged to use XML editors of
their choice.
4.8.1 Downloading and Uploading with XML
You can download a content group to your local file system in XML format and analyze the
XML file using a third-party application. You can upload the content back into CLM (Content
Lifecycle Management).
4.8.1.1 Prerequisites
A content group must be available in CLM for download. Content must be available in the appropriate XML format for upload to CLM.
4.8.1.2 Procedure
CAUTION
You must not move content across landscapes using the download and upload functions. You
can download and upload content in the same CLM repository (system-wide instance) in the
form of content groups. More specifically, using the XML mass-edit channel, you should
only upload to a CLM instance, content that is newly authored, or changes to content which
was previously downloaded to XML from the same CLM instance.
For content shipment across CLM repositories and across landscapes, packages must be used.
Within a package, include existing content groups from CLM and use the packages for
content distribution.
While mass-edit XML download/upload across CLM instances (i.e., export to XML from one
instance, and upload to another after some change) could conceivably succeed, CLM IDs not
present in the target could cause errors. Also, CLM IDs are critical in content versioning, and
such misuse of mass edit features would cripple subsequent content change comparisons.
Mass Editing with XML
From the Content Lifecycle Management entry screen, go to Manage Content Groups.
1. Select a content group from the list and choose Mass Edit Download to XML.
You must specify the location on your local system where you want to save the content group. It is saved as a zip file.
2. Extract the content of the zip file to a folder.
The XML file and metadata is extracted.
3. You can analyze and edit the content of the XML file using a third-party application. 4. To upload the content back into CLM, you need to upload only the XML file.
In the Manage Content Groups screen, choose Mass Edit Upload from XML and select the XML file to upload back into CLM.
The uploaded content is represented as a new content group in the list.
4.8.1.3 Downloading and Uploading with Microsoft Excel
You can download a content group to your local file system in XML format and pass it to
Microsoft Excel to edit the contained content records directly. You can upload the content
back into Content Lifecycle Management (CLM).
EXAMPLE
There is a life science regulation under which you want to add or remove processes,
subprocesses, and controls. Each individual process, sub process, and control represents one
content record and is visible as a single row in the spreadsheet application.
4.8.2 Prerequisites
A content group must be available in CLM for download. Content must be available in the appropriate XML format for upload to CLM.
4.8.3 Procedure
Mass Editing with Microsoft Excel
1. From the Content Lifecycle Management entry screen, go to Manage Content Groups. 1) Select a content group from the list and choose Mass Edit Download to Excel.
2) Select the language that you want to display content records for from the Language Filter dropdown list and choose Download.
EXAMPLE
If content records are available in multiple languages (e.g., German and English), these languages appear as options in the dropdown list.
3) You can specify the location on your local system where you want to save the content group. It is saved as a zip file containing an XML file and the Microsoft Excel file; the metadata is embedded in the Microsoft Excel file.
2. Extract the content of the zip file to a folder.
3. To edit the content records, which have been downloaded in the XML file, open the Microsoft Excel file and enable macros, or in the developer tab, choose Import and import the relevant XML file.
NOTE
4. If developer tab is not displayed, please enable it in Excel Options (see below).
Another way to load content is: enabling the macro script in the file.
Nested hierarchies that are available in the XML file are flattened when you import the content into Microsoft Excel.
1) You can edit the content in Microsoft Excel: You can add or remove details, and edit the content records.
NOTE
The ID field for new content records obviously not CLM-generated. You must enter a new ID for the content record using a combination of letters and numbers. This should be unique across the content being uploaded for cross-references from other content records being uploaded together. Such user-supplied IDs do NOT persist in CLM (except in upload logs), and have no significance once the upload completes—CLM replaces all such IDs with internally generated CLM IDs.
5. When you are finished making changes, save the Microsoft Excel file under a new name in the original folder. Choose Export from the developer tab and save the XML file to the same folder.
CAUTION
Validation errors can occur when you try to export the content, for example, if you remove the ID column, you receive an error.
You must provide the same names for the XML and Microsoft Excel files or an error occurs.
6. In the Manage Content Groups screen in CLM, choose Mass Edit Upload from Excel and select the XML file to upload back into CLM.
The uploaded content is represented as a new content group in the list.
While our narration here always refers to content being downloaded, changed and
subsequently uploaded, note that it is possible to upload entirely new content from scratch.
That‟s just a special case, where the “downloaded” content is empty—and CLM UI makes
that explicit by providing a “Generate Template” option in the Mass-Edit dropdown (see
picture above).
4.8.4 More Information
NOTE
If you include a Microsoft Excel file in a package (manually in the zip folder as an
attachment), it is not uploaded as a content group in the CLM repository when you import the
package. It is available as an attachment only; CLM treats all attachments essentially as user-
facing documentation.
Generate Template
To be able to generate a template, the necessary application adapter must be registered on the
system.
To create an XML-based template on your local system, choose Generate Template.
Select an application from the list and choose Download. You can add and edit content in the
template and upload it back into CLM, for example HR organizational units for a particular
organization.
NOTE
It is possible to generate a template for registered applications even if no content groups exist in CLM.
No previous extract is required and a template can be generated as the first action within CLM.
Although CLM supports the idea of mass-edit templates for applications, Process Control 10.0 is the only GRC 10.0 application which supports this functionality. For the remaining applications, mass-edit in the PC sense is not supported.
5. FAQ
5.1 What is Content Lifecycle Management? What
content does CLM manage?
CLM enables partners and customers to take a holistic view of master data content in GRC
applications. The master data types includes PC controls, regulations, RM risks and KRIs, AC
rulesets, functions, etc., and GTS sanction party lists. A complete list of CLM-managed master data
types is given below, by GRC application.
Process Control Risk Management Access Control
Organization Impact Category Access Risk Central Risk Category Driver Category Function Central Risk Benefit Category Rule Set Control Objective Activity Type Global Trade
Account Group Response Type SPL Central Indirect Entity-Level Control Group Risk Category Delimiters Central Indirect Entity-Level Control Opportunity Category Aliases Regulation Group Risk Template Regulation Opportunity Template Regulation Requirements Activity Category Central Process
Central Subprocess
Central Control
Test Plan
Process Control Business Rules and Data Sources are not under CLM management, but there is an
IMG program which enables partners and customers to transport these without having to know
technical details of their persistence. The picture below shows the location of this functionality in IMG.
This IMG program helps customers and partners transport business rules and data sources between
GRC PC instances, and keeps tracks of their interdependencies. It also helps find and transport
underlying BRF+ rule definitions. Optionally, the program also remaps system-generated IDs if asked
to, which eliminates accidental collisions, especially if the transport is across landscapes (e.g., partner
to customer).
But the IMG program here uses Netweaver ABAP transports, and so does not offer advanced CLM
facilities such as version control, compare-and-merge, mass edit, etc.
5.2 What is “mass-edit”? Which applications offer
mass-editing via CLM? How does this compare
with MDUG?
The term “mass edit” refers to a feature of CLM which enables customers and partners to
import/export all managed master data en-masse. CLM offers an overview of all the managed data
types via an XML schema for each supporting application. This schema can be used as a template for
creating multiple instances of all the supported master data types, including their interdependencies
(cross-references). Users create XML documents with such data. These instances can all be
uploaded together to CLM, and thence to the target application.
Since these documents are based on an XML schema as template, customers and partners can use
any desktop XML tool (such as XMLSpy, or even Microsoft Office) to create and validate the data to
be uploaded.
The old PC 2.5 and 3.0 MDUG tool, and its equivalent in the old MIC product offered similar
functionality. But where the PC 3.0 MDUG tool only supported uploads, CLM mass edit enables
downloads of PC content as well. Along with CLM version control features, this allows users to
repeatedly use mass edit capabilities, without mistaken duplication or overwrites.
5.3 How do I import business process models from
BPM systems into GRC?
Since CLM works off a formal XML schema of all managed master data types in an application, this
also presents an interface for importing master data from other (non-GRC) systems. A popular
example is the need to import business process models from modeling tools.
5.3.1 Master Data Exchange
Customers can exchange master data such as business process models, organizational charts,
regulations, risks, controls, etc. between legacy or reference systems (e.g., ARIS) and GRC 10.0.
This exchange is mediated through the Content Lifecycle Management (CLM) functionality, new to the
10.0 release. CLM extracts master data from, and deploys it into, GRC applications. CLM maintains
its own versioned repository of such content in XML form. Such XML representations therefore serve
as the medium of exchange with other applications and repositories of master data content.
Since CLM can extract as well as deploy content from/to GRC applications, it provides a two-way
bridge for content between GRC and other systems. That is, master data content can be sent both
ways: from legacy or reference systems to GRC, and vice versa. As a practical matter, it is highly
unlikely that customers would want changes happening to key master data in more than one
application—how would parallel and conflicting changes in multiple applications be compared and
merged? CLM provides versioning, but only for GRC data schemas; and most modeling applications
(e.g., for BPM) do not support versioning at all.
Extracting structured data out of reference systems and transforming the data into a valid GRC XML
document remain the customer’s responsibility when provisioning GRC 10.0 from a legacy system.
For the reverse flow, transforming GRC XML data into a form suitable for upload to the legacy system
also remain the customer’s responsibility.
Since GRC versions of master data such as business process models are rather specialized for GRC
purposes, we expect customers to find it much more useful to bring such models into GRC from
reference systems, than the reverse.
The sequence of pictures below explains the issues via an example.
5.3.2 Runtime Integration
Runtime-, or live integration between such master data modeling systems and GRC is also possible,
but may require additional (custom) programming for the currently in-market and upcoming 10.0
releases. For instance, BPM users have been known to ask for a navigational link (URL) linking their
process maps to corresponding GRC PC process/subprocess nodes. Most entities in GRC
applications can have their details pulled up for display or edit via a parameterized URL string, as in
the example shown below. As a practical matter, though, this poses some challenges for customers:
they need to extract GRC entity IDs and other GRC specific parameters such as validity dates
(“timeframes”), and map these to their own IDs for corresponding entities. GRC applications lack APIs
for extracting such information. Furthermore, most customers will use GRC applications via the SAP
Portal or NWBC; these add another navigational layer, and requiring further coding.
As an example, the picture above shows the result of an experimental “deep link” to a SOX Control in
GRC PC 10.0. It shows that such deep linking is possible, but the picture below shows the required
parameters for constructing the URL.
Specifically, the technical ID of the entities in question, e.g. 50000654, is system-generated and
cannot be known to the referencing application until the control (in this example) is actually deployed
into the GRC system instance. As of release 10.0, neither CLM (which might mediate the initial
master data transfer) nor the GRC applications provide any API or other facility for easily extracting
this mapping.
Finally, only those GRC (or, more generally, Webdynpro) applications which have non-modal UIs
support such “deep linking”.
5.4 I merged vendor updates into my customized
content, now it doesn’t deploy!
Many master data types have cross-references between them. For instance, PC sub-processes refer
to their parent processes, and any attempts to deploy a subprocess from CLM to a PC instance would
fail, if the parent process wasn’t already deployed or being deployed concurrently.
When merging an update with an existing content group, CLM allows users to accept each change or
reject it. Clearly, rejecting some changes while accepting others can cause inconsistencies. For
instance, if a (parent) business process node is changed, then rejecting that change while accepting
changes to its child subprocesses would leave them orphaned.
So why does CLM allow users to make inconsistent changes? The point is that when there are
parallel changes (e.g., customer customizations versus vendor updates), it is difficult to predict which
set of changes is more extensive. Our goal is to provide tool support for the bigger set of changes,
and allowing customers to make the smaller set of updates by hand.
So while CLM merge functionality can lead the unwary into trouble, the experienced user will find such
incomplete merges to be significant time-savers when used properly. In any case, a botched merge
does not have any ill-effects: the resulting content group would fail to deploy due to inconsistencies,
and users would find themselves fixing the errors either via mass-edit, or by re-doing the merge.
5.5 I had three CLM instances in my landscape, now
everything is all messed up!
SAP customers and partners maintain many instances of SAP applications. The most common
example is separate systems for development, testing and production, but there are plenty of other
good reasons for this practice.
The goal of CLM is to provide a single, version-controlled repository of master data content of GRC
applications within a single (partner or customer) landscape. From this repository, customers or
partners can manage content in all GRC application instances.
In such cases, it clearly does not pay to have multiple instances of CLM repositories—that would be
like running ERP with multiple copies of the same database! Which one would be the correct, or most
recent?
Our recommendation is that, unlike almost all other SAP applications, CLM be operational in only ONE
instance within a landscape. In this case, please note that we mean only one SID/client be enabled
for CLM; all other application instances should be provisioned from this single CLM instance.
Of course, that only applies for one landscape—customers and partners will all have their own CLM
instance, but only one for each.
And, of course, this is only a guideline. Some partners who maintain multiple disjoint practices
(separated by geography, for instance, or by practice area) may have reason to maintain separate
repositories. This may also be true of multinational customers who maintain separate GRC instances
for different region’s business units. The point of this guidance is that CLM has been designed to
support clean separation between different system’s content, and to the extent possible, we believe
customers and partners will be best served by a single repository per landscape.
5.6 How do I use CLM to move content around within
my landscape?
For configuration and master data content, SAP Netweaver provides transport facilities which are well-
known to partners and customers. Configuration transport is relevant in this discussion because many
GRC master data types (somewhat different from what the term usually means for ERP applications)
are actually implemented as “C” tables in Process Control and Risk Management applications. Such
NW transports can still be used with GRC master data, which sets up an apparent conflict: CLM, or BC
Sets, or something else?
In general, NW transport methods are rather more technical than most CLM content administrators
can directly operate. Especially where HR Infotypes are involved (e.g., most of PC master data such
as controls, regulations, etc.), the transport methods which exist expose the user to much of the
underlying technical complexity in managing multiple date validity ranges and dependencies.
Where users have a choice, we believe CLM will always be found to be far more usable and traceable.
CLM always treats the content holistically, allowing users to do (extract, deploy, export, import) content
in bulk, whereas the NW tools require dropping down a level or two to fine-grained details. Sometimes
this is helpful, but for the most part it represents more pain than gain: CLM is simpler, easier, more
reliable (since CLM extraction requires applications to guarantee data consistency), and more robust
(since applications do extensive validations for consistency for deployment).
Our recommendation is for customers and partners to rely exclusively on CLM for data types managed
by CLM, and whatever Netweaver tools are suitable for the rest. Above all, users must avoid mixing
CLM and NW transport methods for CLM-managed data types—CLM maintains detailed trails of what
it has deployed where, and mixing CLM with NW transports will hopelessly confuse CLM and hence
users. Unintended duplication or overwrites of objects will quickly degrade the entire landscape!
5.7 Is CLM licensed separately? Do partners need to
purchase licenses for CLM? How does SAP
certify partner content? What channel does SAP
provide for getting partner content to
customers?
CLM is included in every GRC product package sold to customers or partners. In other words, it is
included in the license for every GRC 10.0 product. No separate license is required or available for
CLM, neither for partners nor for customers.
Partners also need to purchase licenses for GRC products, and any product license they purchase will
include CLM. They have no other means of obtaining a CLM license.
SAP does not certify partner content. The whole point of CLM, from SAP’s market perspective, is to
enable the ecosystem for content. SAP believes that partners are best suited to create relevant
industry, line-of-business or regional content, and customers are the best judges of what content they
need. SAP’s goal here is to provide the right tools to enable partners and customers to exchange,
customize and maintain content, and SAP does not expect to play gatekeeper on the content that
partners create for GRC.
Furthermore, although SAP provides certification services for partners who integrate with SAP APIs,
CLM content is created in SAP products (including CLM), packaged and exported from SAP products,
and ultimately consumed (imported in) by SAP products. Since there is no API integration with partner
products, there is no certification on the technical capabilities either.
As of this writing, SAP invites partners to declare their offerings on the SAP Ecohub. This is mainly an
information and marketing channel, not a clearinghouse for partner content. To effectively enable the
ecosystem, SAP believes it must respect the business relationships between customers and partners.
SAP’s enablement, through CLM or otherwise, must always stay neutral in this respect. As such SAP
encourages partners to find their own preferred means of leveraging the Ecohub for GRC content.
SAP will neither preclude partners from productizing content, nor requiring them to do so. As such,
channels for delivery of content remain entirely at the discretion of SAP GRC partners.
6. Comments and Feedback
Your feedback is very valuable and will enable us to improve our documents. Please take a few
moments to complete our feedback form. Any information you submit will be kept confidential.
You can access the feedback form at:
http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d
7. Copyright
© 2011 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Oracle Corporation.
JavaScript is a registered trademark of Oracle Corporation, used under license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
These materials are provided “as is” without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials.
SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages.
Any software coding and/or code lines/strings (“Code”) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.
https://www.sdn.sap.com/irj/bpx/grc