SAP Access Control™ 10 / Process Control™ 10 / Risk ...

Operations GuideSAP Access Control™ 10 / Process Control™ 10 / Risk Management™ 10

Target Audience ■ Technical Consultants ■ System Administrators ■ Solution Consultants ■ Business Process Owner ■ Support Specialist

PUBLICDocument version: 1.35 – 2012-06-18

Document History

CAUTION

Before you start the implementation, make sure you have the latest version of this document.

You can find the latest version at the following location: http://help.sap.com/grc.

Version Date Description

1.00 2010-12-13 Initial release

1.10 2011-04-18 Added statement to clarify that Content Lifecycle Management (CLM) is currently only available for SAP BusinessObjects Process Control 10.0 and SAP BusinessObjects Risk Management 10.0.

1.20 2011-05-30 Modified Superuser Privilege Management (SPM) Schedule Periodic Tasks

1.30 2012-03-19 Changed terminology from Superuser Privilege Management (SPM) to Emergency Access Management (EAM).

1.35 2012-06-18 Formerly known as SAP BusinessObjects Access Control, now known as SAP Access Control

2/50 PUBLIC 2012-06-18

http://help.sap.com/grc

Table of Contents

Chapter 1 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.1 Global Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.2 Important SAP Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Chapter 2 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1 Software Component Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 3 Monitoring of the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1 CCMS Monitor Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2 Alert Monitoring with CCMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2.1 Component Specific Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.3 Detailed Monitoring and Tools for Problem and Performance

Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.3.1 Trace and Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.3.2 Operating System Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.3.3 Workload Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.3.4 Other Important Problem Analysis and Monitoring Tools . . . . . . . . . . . . . . . 19

3.3.5 Interface Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.4 Important Application Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 4 Managing the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.1 Starting and Stopping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.2 Backup and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.3 System Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.4 Periodic Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.4.1 Scheduled Periodic Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.5 Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

4.6 User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

4.7 Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2012-06-18 PUBLIC 3/50

Chapter 5 Monitoring and Managing Content Lifecycle Management

(CLM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.2 Monitoring of CLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

5.3 Management of CLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

5.4 Software Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

5.5 Support Desk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

5.6 High Availability of CLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 6 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Chapter 7 Software Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

7.1 Transport and Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

7.2 Development Requests and Development Release Management . . . . . . . . . . . 40

7.3 Quality Management and Test Management . . . . . . . . . . . . . . . . . . . . . . . . . . 40

7.4 Support Packages and Patch Implementation . . . . . . . . . . . . . . . . . . . . . . . . . 40

Chapter 8 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 9 Configuring Remote Connection to SAP Support . . . . . . . . . . . . . . . . . . 43

9.1 Read Only Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Chapter 10 Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

10.1 Categories of System Components for Backup and Restore . . . . . . . . . . . . . . . 45

10.2 Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4/50 PUBLIC 2012-06-18

1 Getting Started

The Operations Guide provides operation and administration information for Process Control, Risk

Management, and Access Control.

SAP Process Control is an enterprise software solution for compliance and policy management. The

compliance management capabilities enable organizations to manage and monitor its internal control

environment. This provides the ability to proactively remediate any identified issues, and then certify

and report on the overall state of the corresponding compliance activities. The policy management

capabilities support the management of the overall policy lifecycle, including the distribution and

attestation of policies by target groups. These combined capabilities help reduce the cost of compliance

and improve management transparency and confidence in overall compliance management processes.

SAP Risk Management enables organizations to balance business opportunities with financial, legal,

and operational risks to minimize the market penalties from high-impact events. The application allows

customers to collaboratively identify these risks and monitor them on a continuous basis. Stakeholders

and owners are provided with such tools as analytic dashboards for greater visibility in mitigating risks

in their areas of responsibility.

SAP Access Control is an enterprise software application that enables organizations to control access

and prevent fraud across the enterprise, while minimizing the time and cost of compliance. The

application streamlines compliance processes, including access risk analysis and remediation, business

role management, access request management, emergency access maintenance, and periodic

compliance certifications. It delivers immediate visibility of the current risk situation with real-time

data.

About this Guide

This guide provides a starting point for managing your SAP applications and maintaining and running

them. It contains information for tasks and lists the tools that you can use to implement them. This

guide also provides references to the documentation required for these tasks, so you may need other

guides such as the Master Guide, User Guide, and SAP Library. This guide covers information for the process

control, risk management, and access control applications.

NOTE

The guide refers to the SAP NetWeaver Operations Guide as most production operation tasks are

done at the server level. The application tasks are in the Monitoring and Management sections.

1 Getting Started

2012-06-18 PUBLIC 5/50

CAUTION

This guide does not replace the daily operations handbook that we recommend customers create

for their production operations.

Target Groups

The guide is written for the following audiences:

■ Technical Consultants

■ System Administrators

■ Solution Consultants

■ Business Process Owner

■ Support Specialist

1.1 Global Definitions

SAP Application:

An SAP software solution that serves a specific business area like ERP, CRM, PLM, SRM, SCM.

Business Scenario:

From a microeconomic perspective, a business scenario is a cycle that consists of several different

interconnected logical processes in time. A business scenario includes several company departments

and business partners. From a technical point of view, a business scenario needs at least one SAP

application (SAP ERP, SAP SCM, or others) for each cycle and possibly other third-party systems. A

business scenario is a unit that can be implemented separately and reflects the customer’s prospective

course of business.

Component:

The smallest individual unit considered within the Solution Development Lifecycle. Components are

separately produced, delivered, installed, and maintained.

1.2 Important SAP Notes

For a complete list of important SAP Notes for the applications, see the following:

■ For the access control application, see the SAP Access Control 10.0 Master Guide athttp://

help.sap.com/grc .

■ For the process control application, see the SAP Process Control 10.0 Master Guide at http://

help.sap.com/grc .

■ For the risk management application, see the SAP Risk Management 10.0 Master Guide at http://

help.sap.com/grc .

1 Getting Started

1.1 Global Definitions

6/50 PUBLIC 2012-06-18







2 Technical System Landscape

For information about the technical system landscape, see the application master guides at http://

help.sap.com/grc .

2.1 Software Component Matrix

For information about the software component matrix, see the application master guides.

■ For the access control application, see the SAP Access Control 10.0 Master Guide at http://

help.sap.com/grc .

■ For the process control application, see the SAP Process Control 10.0 Master Guide at http://

help.sap.com/grc

■ For the risk management application, see the SAP Risk Management 10.0 Master Guide at http://

help.sap.com/grc .

2.2 Related Documentation

For more information about the technical system landscape, see the guides in the following table.

Topic Guide/ToolQuick Link on SAP Service Marketplace (http://service.sap.com)

Application and industry specific components such as SAP Financials and SAP Retail

Master Guide instguides

Technology Components such as SAP NetWeaver Application Server

Master Guide instguides

Sizing Quick Sizer Tool sizing

Technical Configuration Master Guide instguides

Installation Installation Guide instguides

Security Security Guide security

2 Technical System Landscape

2.1 Software Component Matrix

2012-06-18 PUBLIC 7/50









This page is left blank for documents that are printed on both sides.

3 Monitoring of the Application

The information in this section applies to the process control, risk management and access control

applications. Within the management of SAP Technology, monitoring is an essential task. The

Computing Center Management System (CCMS) is a set of integrated tools for monitoring and

administration of SAP system landscapes.

RECOMMENDATION

For more information about the underlying technology, see the SAP NetWeaver Administrator’s

Guide in the SAP Library.

3.1 CCMS Monitor Templates

This section lists the CCMS monitor sets you can use to monitor the application components.

The CCMS Monitor Templates include the following:

■ Background processing

■ Performance overview

■ Syslog

The SAP Web Service Monitor Template is Web Service Monitor.

Figure 1: Web Service Monitor


3.1 CCMS Monitor Templates

2012-06-18 PUBLIC 9/50

3.2 Alert Monitoring with CCMS

Proactive, automated monitoring is the basis for ensuring reliable operations for your SAP system

environment. SAP provides you with the infrastructure needed to set up your alert monitoring to

recognize situations for the process control, risk management and access control applications as quickly

as possible.

RECOMMENDATION

To enable the auto-alert mechanism of CCMS, see SAP Note 617547.

3.2.1 Component Specific Monitoring

You monitor the following in the SAP Standard CCMS tool for the process control, risk management,

and access control applications:

■ Background job

■ Performance Overview

■ DB access time

■ System log

■ System errors

■ Web Services Call

Background Jobs

You monitor the background job status for jobs that are aborted, canceled, or have been running for

a long time.

EXAMPLE

This is an example of background jobs with the status of Long Running Jobs and Aborted Jobs:



10/50 PUBLIC 2012-06-18

http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=617547&_NLANG=en&_NVERS=0

Figure 2: Background Jobs with status of Long Running Jobs and Aborted Jobs

EXAMPLE

The following graphic illustrates that BFC_001 through BFC_005 jobs have the status of Canceled:

Figure 3: Job Overview

You can check the details of canceled jobs by selecting a job and clicking Step. The following graphic is

an example of the details for a selected job.



2012-06-18 PUBLIC 11/50

NOTE

The Program name/command for the applications start with GRAC, GRPC, or GRFN. They should be alerted.

Figure 4: Details of a Job

Performance Overview

In the Performance Overview CCMS Monitor Templates, look for processes with a high Response Time.

NOTE

■ Access Control processes begin with GRAC.

■ Process Control processes begin with GRPC.

■ Risk Management processes begin with GRFN.

EXAMPLE

The following figure illustrates that the GR4 system has a response time of 1448 milliseconds.

Figure 5: System Response Time



12/50 PUBLIC 2012-06-18

EXAMPLE

The following graphic illustrates an example of Process Control process (GRPCRTA_PC):

Figure 6: Workload in System

System Logs

Monitor system logs for any errors.

EXAMPLE

The following graphic illustrates that the R3Syslog displays a runtime error.

Figure 7: Runtime error



2012-06-18 PUBLIC 13/50

You can review the System Log: Local Analysis for errors.

NOTE

■ Access Control transaction codes start with GRAC.

■ Process Control transaction codes start with GRPC.

■ Risk Management transaction codes start with GRFN.

EXAMPLE

The following graphic illustrates local analysis of Process Control transaction codes:

Figure 8: Local Analysis

Transaction codes for Access Control include:

Access Control Transaction Codes

Transaction Code Description

NWBC Access the majority of the Access Control capabilities and reports (role: SAP_GRC_NWBC)

GRAC_ALERT_GENERATE Alert generation

GRAC_BATCH_RA Risk analysis in batch mode

GRAC_SPM and GRAC_EAM Emergency Access Management (EAM)

GRAC_SPM_CLEANUP Cleanup SPM application data

GRACRABATCH_MONITOR Batch risk analysis monitor

System Errors

You review the CCMS Monitor Templates (System Errors) for error messages.



14/50 PUBLIC 2012-06-18

EXAMPLE

The following graphic illustrates system errors such as Aborted Batch Jobs and Update Errors:

Figure 9: System Errors

Web Services

You monitor the SAP Web Service Monitor Templates for errors.

EXAMPLE

The following graphic illustrates the following monitors:

■ Task Watcher

■ Supervisor Destination

■ WSRM Event Handler

■ WS Namespace for Inbound Destinations

■ WS Service Destinations



2012-06-18 PUBLIC 15/50

Figure 10: Monitors

3.3 Detailed Monitoring and Tools for Problem and Performance Analysis

Process Control, Risk Management and Access Control are based on SAP NetWeaver Web Application

Server 7.02.

RECOMMENDATION

For information about technical problem analysis (such as database, operating system, or

workload analysis) see the Technical Operations Manual for SAP NetWeaver in the SAP Library under

SAP NetWeaver.

3.3.1 Trace and Log Files

The information in this section applies to the process control, risk management and access control

applications. Trace files and log files are essential for analyzing problems. You can use the SAP

NetWeaver transactions, such as ST22 and SM2, to monitor trace and log files.

NOTE

The archiving object for the access control application is GRAC_REQ.

RECOMMENDATION

For more information, see the Technical Operations Manual for SAP NetWeaver in the SAP Library at

http://help.sap.com SAP NetWeaver SAP NetWeaver 7.0 (2004s) (select language) SAP



16/50 PUBLIC 2012-06-18

http://help.sap.com

NetWeaver Library Technical Operations Manual for SAP NetWeaver Administration of SAP NetWeaver Systems

AS ABAP (Application Server for ABAP) Monitoring .

Additionally, the applications use the application log (part of SAP NetWeaver) to store application error

warning and success messages issued in critical processes. For example, delivery interface between ERP

and the process control application, or in UI transactions. In UI transactions, the application log must

be explicitly saved by the user.

RECOMMENDATION

For more information about application logs, see the SAP Library under http://help.sap.com

SAP NetWeaver (select language) Solution Life Cycle Management Application Log – (BC—SRV—

BAL).

Application Logs

The application logs can be monitored with transaction SLG1.

■ The Access Control log object is GRAC.

■ The Process Control log object is GRPC.

■ The Risk Management log object is GRRM.

■ The shared components (for Process Control and Risk Management) log object is GRFN.

The following table lists the log subobjects:

Log Subobjects

Log Subobjects Relevant Application Description

GRAC AUTH Access Control Authorization check

GRAC BATCH Access Control Batch risk analysis

GRAC HRTRIGGER Access Control HR trigger

GRAC SOD_RISK_ANALYSIS Access Control Segregation of Duties (SOD) Risk Analysis

GRAC UAR Access Control User Access Review (UAR)

GRFN API Process ControlRisk Management

GRC API logging

GRFN AUTH Process ControlRisk Management

GRC authorization

GRFN CASE_INT Process ControlRisk Management

Continuous monitoring case integration

GRFN FDS Process ControlRisk Management

Continuous monitoring flexible data store

GRFN JOB Process ControlRisk Management

Continuous monitoring job executing

GRFN JOB_DESIGN Process ControlRisk Management

Continuous monitoring job design

GRFN MIGRATION Process ControlRisk Management

GRC migration



2012-06-18 PUBLIC 17/50

http://help.sap.com

Log Subobjects Relevant Application Description

GRFN REPLACEMENT Process ControlRisk Management

GRC replacement

GRFN REP_ENGINE Process ControlRisk Management

Reporting engine

GRFN SURVEY Risk Management Survey planning

GRPC ATTACHMENTS_DOWNLOAD

Process ControlRisk Management

Documents download log

GRPC PLANNER Process ControlRisk Management

Planner

GRPC AS_REORG Process Control GRPC AS REORG log

GRPC ATTACHMENTS_CLONING

Process Control Copy documents during carryforward

GRPC CASE_INT Process Control Case management integration

GRPC EVENT Process Control Event-based control monitoring

GRPC SCHEDULER Process Control Scheduler log

GRPC SIGNOFF Process Control Sign off

GRRM CLEANUP Risk Management Cleanup report to delete transaction data

GRRM KRI Risk Management KRI runtime

Job Logs

You can view job logs using transaction SM37.

Workflow Item Logs

You can view the workflow item logs using transaction SWI1.

RECOMMENDATION

For more information, see SAP Workflow Administration on http://help.sap.com.

Scheduler Logs

Scheduler logs are only relevant for the process control application. To view the scheduler logs, log

on to the portal, select a regulation workset and click Evaluation Setup Monitoring Scheduler .

For a description of the recommended tasks to contain data growth, see the Periodic Task [page 24]

section in this guide.

3.3.2 Operating System Monitors

Process Control, Risk Management and Access Control use the standard tools for this function available

in the SAP NetWeaver Application Server 7.02 and do not require a component-specific tool.

RECOMMENDATION

For more information, see the Technical Operations Manual for SAP NetWeaver in the SAP Library under

SAP NetWeaver.



18/50 PUBLIC 2012-06-18

http://help.sap.com

3.3.3 Workload Monitors



RECOMMENDATION


SAP NetWeaver.

Components to Monitor

Component Monitor Relevant Application Description

Datamart GRFN_DATAMART_UPLOAD_BTC

Process ControlRisk Management

This is the reporting component.

Scheduler GRPC_SCHEDULER Process Control This sends jobs from the Process Control job query to the SAP standard job query (SM36). It retrieves objects from the HR info type, such as control and organization Information.

KRI Runtime GRRM_KRI_RUNTIME Risk Management Periodic runtime of KRIs.

3.3.4 Other Important Problem Analysis and Monitoring Tools

Process Control, Risk Management, and Access Control use the standard tools for this function available


RECOMMENDATION

For more information, see the Technical Operations Manual for SAP NetWeaver in the SAP Library at

http://help.sap.com/nw.

3.3.5 Interface Monitors

Interface monitors are essential for analyzing problems with interfaces such as RFC, IDoc, and HTTP.



RECOMMENDATION


SAP NetWeaver.



2012-06-18 PUBLIC 19/50

http://help.sap.com/nw

3.4 Important Application Objects

We recommend you monitor the following Process Control, Risk Management and Access Control

objects:

Objects to Monitor

Object Tools Description

Process Overview Transaction SM50 The monitor tracks the amount of time critical processes such as dialog (DIA), update (UPD), or background (BGD) have been running. Processes that have been running too long are shown in red in the runtime column.Ensure there are enough background work processes on the GRC system. You can use operation mode to switch work processes.

Background Process Transaction SM37 Select the jobs by job name, user name, status, and time period to display a status overview of scheduled jobs. Look for any canceled jobs.

Process Control and Risk Management Application Logs

Transaction GRFN_LOG_ENABLE

Enable logging for the following objects and subobjects if you need to track errors in API or authorization check areas: ■ GRFN API GRC API Logging ■ GRFN AUTH GRC AuthorizationFor troubleshooting purposes, enable logging for GRFN REP_ENGINE (Reporting Engine).For more information about objects and subobjects, see Trace and Log Files.

Application Logs Transaction SLG1 Enable the GRPC application logs for potential risk areas, such as API access and authorization.CustomizingGRC Process ControlAdministration ProgramsFor more information, see Trace and Log Files.

CCMS Transaction RZ20 Monitor the following: ■ SAP buffer configuration ■ Database workload ■ Operating system workload ■ System logs for errors ■ System errors for application dumps ■ Workload analysis for any performance issuesFor more information, see the Technical Operations Manual for SAP NetWeaver in the SAP Library.

Shared Objects Memory Transaction SHMM Transaction SHMM provides an overview of the area instances in the shared objects memory of the current application server.

Workflow event queue SWEQADM You can use the event queue to delay the starting of receivers reacting to a triggering event. This means that the system load can be spread over a longer time period. This combats the threat of system overload. The system administrator sets the event queue.



20/50 PUBLIC 2012-06-18

Object Tools Description

SICF Transaction SICF You use this transaction to activate Internet services, Web services, and Web Dynpro.

SIGS Transaction SIGS You use this transaction to view the status of IGS services and the required parameters.



2012-06-18 PUBLIC 21/50

4 Managing the Application

The information in this section applies to the process control application, risk management application

and the access control application. SAP provides you with an infrastructure to help your technical

support consultants and system administrators manage all SAP components and complete tasks related

to technical administration and operation. The underlying technology of the process control

application, risk management application and the access control application are based on SAP

NetWeaver.

RECOMMENDATION

For more information about the underlying technology, see the Technical Operations Manual in the

SAP Library under SAP NetWeaver.

4.1 Starting and Stopping

Procedure

Process Control, Risk Management, and Access Control are provided as add-on components for SAP

NetWeaver. You start and stop them with SAP NetWeaver Web Application Server.

RECOMMENDATION

For more information about STARTSAP/STOPSAP and SAPMMC, see the Technical Operations Manual

for SAP NetWeaver in the SAP Library.

4.2 Backup and Restore

You need to back up your system landscape regularly to ensure that you can restore and recover it in

case of failure. All application data for the applications reside in the underlying database. No special

backup and recovery methods apply for this component.

The applications rely on the SAP NetWeaver ABAP standard capabilities for the technical operations.

The configuration data is stored in the Implementation Guide (IMG) database tables These settings are

established during the Customizing activities during implementation.

NOTE

If you use a document management system (DMS) that stores data outside of the underlying

database, see the specific backup and restore recommendations for that DMS.


4.1 Starting and Stopping

2012-06-18 PUBLIC 23/50

4.3 System Copy

For a system copy of Process Control, Risk Management or Access, the standard procedures of SAP

NetWeaver apply.

RECOMMENDATION

For more information, see the Technical Operations Manual for SAP NetWeaver in the SAP Library.

Heterogeneous system copies are performed on request and on a project basis. For more

information, see http://service.sap.com/osdbmigration.

NOTE

A client copy from one system into another system with a different operating system or database

is not an alternative to a complete heterogeneous migration. For example, client copies do not

ensure that all repository changes are taken over into the new system. Therefore, if you want to

change your database or application server platform, a heterogeneous system copy is the only

procedure that ensures full data replication.

4.4 Periodic Tasks


and access control application. In addition to the standard jobs mentioned in the Technical Operations

Manual for SAP NetWeaver, Process Control, Risk Management and Access Control specific jobs must be

scheduled in your system. Run all jobs, unless otherwise specified, at times of minimal system activity

(so as not to affect performance or otherwise disrupt your daily operations). All jobs can be restarted.

There are no dependencies between the jobs.

4.4.1 Scheduled Periodic Tasks


and the access control application. This information describes all tasks required to keep the application

running smoothly over time. You can configure the tasks to automatically run. It is important that

you monitor the successful execution of these tasks on a regular basis. The tasks are scheduled using

transaction SM36, except for the Background Job for Missed Deadlines, which uses transaction SWU3.

Scheduled Periodic Tasks

Program Name/Task Recommended Frequency Description

Schedule Background Job for Missed Deadlines

Every 3 minutes Specify a time interval at which the background job is called regularly. With each execution, the background job checks whether new deadlines have been missed since the last time it ran.


4.3 System Copy

24/50 PUBLIC 2012-06-18

http://service.sap.com/osdbmigration

Program Name/Task Recommended Frequency Description

Schedule Job for Sending E-Mail Every 3 minutes This program checks whether there are new work items for the process control and risk management applications, and determines the e-mail addresses of the work item recipients.

GRFN_AM_JOBSTEP_MONITOR Hourly The monitoring program to update job / job step status.

/GRCPI/GRIA_AM_CHANGELOG (in plug-in system)

Daily This program captures the GRC PC change log

Transfer Work Items to Replacement

Daily The program transfers work items from users that are no longer working in the process control and risk management applications to the replacement users entered in the system for these users.

Maintain DataMart Daily Schedule the report GRFN_DATAMART_MAINTAIN. This can be used for maintaining and uploading the data to data mart.

Execute KRI Queries and Evaluate Business Rules(Risk Management only)

Daily Schedule the report GRRM_KRI_RUNTIME. You schedule this job to query the KRI values from the source systems, such as SAP NetWeaver Business Warehouse or SAP ERP, and the business rules are evaluated to attain risk alerts.

GRAC_ACTION_USAGE_SYNC Weekly Action Usage Job

GRAC_PFCG_AUTHORIZATION_SYNC

Weekly Profile Generator (PFCG) roles authorization synchronization

GRAC_ROLE_USAGE_SYNC Weekly Role usage synchronization

GRAC_ROLEREP_PROFILE_SYNC

Weekly Role repository profile synchronization

GRAC_ROLEREP_ROLE_SYNC Weekly Role repository role synchronization

GRAC_ROLEREP_USER_SYNC Weekly Role repository user synchronization

GRAC_SPM_AUDIT_LOG_SYNC Weekly Emergency Access Management (EAM) audit log synchronization

GRAC_SPM_LOG_SYNC_UPDATE

Weekly Emergency Access Management (EAM) log synchronization

GRAC_SPM_WORKFLOW_SYNC Weekly Emergency Access Management (EAM) workflow synchronization

Carryforward after Sign-Off(Process Control only)

After event Schedule the program close (GRPC_CLOSING_BACKGROUND). Once sign-off has been performed for an organization, the program copies any open cases to the new timeframe, and clears the workflows.

Document Copy after Sign-Off After event Schedule a job so that, after tasks have been carried forward into a new


4.4 Periodic Tasks

2012-06-18 PUBLIC 25/50

Program Name/Task Recommended Frequency Description(Process Control only) timeframe, the relevant documents for

those tasks are also copied into the new timeframe. This applies to documents that were created for issues or remediation plans during assessment and tests.

4.5 Load Balancing

Process Control, Risk Management and Access Control use SAP NetWeaver for load balancing.

RECOMMENDATION

For more information, see the documentation on the SAP Service Marketplace at http://

service.sap.com/ha HA in Detail High Availability for Network Infrastructures 6.1 Network Load

Balancing or the Technical Operations Manual for SAP NetWeaver in the SAP Library.

4.6 User Management

Process Control, Risk Management and Access Control use SAP NetWeaver for user management.

RECOMMENDATION

For more information, see the documentation on the SAP Help Portal at help.sap.com/NW04.

■ For specific user management and authorization functions, see the application security guides

at http://help.sap.com/grc.

4.7 Printing

Process Control, Risk Management, and Access Control use SAP NetWeaver for printing.

RECOMMENDATION

For more information, see the Technical Operations Manual for SAP NetWeaver in the SAP Library.


4.5 Load Balancing

26/50 PUBLIC 2012-06-18

http://service.sap.com/ha

http://service.sap.com/ha


5 Monitoring and Managing Content Lifecycle Management (CLM)

The information in this section is applicable only for Content Lifecycle Management (CLM), and is

relevant only for the applications that integrate with CLM.

CAUTION

This section applies only to SAP Process Control 10.0 and SAP Risk Management 10.0.

5.1 Introduction

The following SAP NetWeaver documentation is relevant for Content Lifecycle Management:

Document Found At

Technical Operations Manual for SAP NetWeaver

SAP Service Marketplace at http://service.sap.com/instguides

Monitoring Setup Guide for SAP NetWeaver


SAP NetWeaver Security Guide

SAP Service Marketplace at http://service.sap.com/securityguide SAP NetWeaver

Solution Life Cycle Management by Key Capability

SAP Help Portal at http://help.sap.com SAP NetWeaver

The ABAP component of Content Lifecycle Management (CLM) is POASBC — POA Shared Business

Components.

For more information about the software units of CLM, see the Master Guide for the application.

The following table lists where you can find more information about the technical system landscape

relevant for Content Lifecycle Management:

Topic Guide/Tool Path

Application and industry-specific components

Master Guide for the application


Technology components such as SAP NetWeaver Application Server

Master Guide for SAP NetWeaver



5.1 Introduction

2012-06-18 PUBLIC 27/50

http://service.sap.com/instguides


http://service.sap.com/securityguide

http://help.sap.com



Topic Guide/Tool Path

Security Security Guide for the application

SAP Service Marketplace at http://service.sap.com/securityguide

Monitoring with CCMS

SAP NetWeaver Library

SAP Help Portal athttp://help.sap.com SAP NetWeaver

Operations of SAP NetWeaver usage types

Technical Operations Manual for SAP NetWeaver

SAP Help Portal at http://help.sap.com SAP NetWeaver

You can use the error report /POA/R_CLM_CG_REP01 to diagnose issues and problems with content

group extracts, where the content group is in error status, in the Content Lifecycle Management

application. It allows you to display the content group metadata and to see the breakdown of content

records.

In the SAP GUI, go to transaction SE38 and run the report for a specific content group.

5.2 Monitoring of CLM

Monitoring of SAP NetWeaver is an essential task within the management of SAP solutions, including

Content Lifecycle Management (CLM). The aim of this section is to provide information and

documentation to monitor CLM, for example by utilizing the Computing Center Management System

(CCMS) and NetWeaver ABAP monitoring tools.

RECOMMENDATION

Since Content Lifecycle Management is powered by SAP NetWeaver 7.02 and higher, we

recommend that you set up the monitoring infrastructure as described in the Monitoring Setup

Guide for SAP NetWeaver on SAP Service Marketplace at http://service.sap.com/

instguides.

By default, CCMS monitoring capabilities are restricted to the local system and as CLM involves

interactions with more than one system in a typical landscape, it could be beneficial to monitor other

systems through CCMS from central CLM system.

In this case, CLM, as the central monitoring system, can be configured to link CCMS monitoring from

application systems. Since currently CLM only communicates with ABAP-based systems, RFC

connection type can be used to enable monitoring across multiple systems. For more information about

configuring the central monitoring system, see SAP Help Portal at http://help.sap.com SAP

NetWeaver .

To enable the auto-alert mechanism of CCMS, see the following SAP Note:



28/50 PUBLIC 2012-06-18



http://help.sap.com

http://help.sap.com



http://help.sap.com

SAP Note Number Title Comment

617547 RZ20: Sending alerts as mail and SMS You want to send alerts from the CCMS monitoring architecture (transaction RZ20) as an e-mail, SMS or other message type to one or several recipients.

Content Lifecycle Management (CLM) is used as a repository containing application content. The

content in the CLM repository can be added either by extraction from various application systems or

by importing a new vendor-delivered package. During these operations CLM always loads the data first

and performs validations on top of such content to report functional inconsistencies. If there are abrupt

blockages, such as connection timeout, it can result in differences between the data maintained in CLM

and data present in other sources.

RECOMMENDATION

In this scenario, we recommend rerunning the operation as there is no impact of this operation

on any business function in CLM.

Existing CCMS monitoring sets can be used to monitor various resources, objects, and performance.

For example, SAP CCMS monitor template, which can be used to monitor system, database, and

background processing for the application server where CLM is running. CLM provides monitoring

set – Content Lifecycle Management Monitor Set and monitors for CLM-relevant background jobs and CLM-

relevant system resources as part of this set. This can be accessed in NetWeaver ABAP system using

CCMS transaction RZ20.

The following existing monitors within RZ20 can be used by CLM to monitor critical conditions:

Background Processing

For extraction and deployment scenarios in CLM, background jobs are created for a content group.

CCMS view for background processing under Content Lifecycle Management Monitor Set can be used to retrieve

statistics such as a list of long-running background jobs, number of free or occupied work processes,

and any CLM job that was stopped abruptly.

NOTE

Transaction SM37 can be used to monitor background jobs initiated by CLM.

Database Monitoring

You can monitor the RDBMS connection using the CCMS database monitor. This is the connection

to the system where the application is installed and in use.

Operating System Monitoring

Operating system monitoring capabilities within CCMS administration workplace are used to analyze

CPU, memory, paging, disks, file system, and their corresponding health statuses.

Dialog Overview

Using dialog monitoring in RZ20, the response time for dialog, network time, and number of currently

logged-in users can be observed.



2012-06-18 PUBLIC 29/50


For CLM, it is important to observe Web Dynpro ABAP-related attributes such as date transferred,

session timeouts, and number of roundtrips against CLM Web Dynpro application - /POA/WD_CLM.

This view is also part of the delivered CLM-specific Content Lifecycle Management Monitor Set.

The basis for CLM-specific alert monitoring is NetWeaver CCMS alert monitoring framework.

To enable the auto-alert mechanism of CCMS, see the following SAP Note:


617547 RZ20: Sending alerts as mail and SMS You want to send alerts from the CCMS monitoring architecture (transaction RZ20) as an e-mail, SMS, or other message type to one or several recipients.

Content Lifecycle Management (CLM) does not provide any special tracing and log files facility as this

can be easily obtained from the NetWeaver ABAP framework.

It is essential to collect trace and log files for RFC calls. CLM carries out critical operations through

RFC protocol to extract and deploy the contents onto application systems.

Important Log and Trace Files for CLM

Component Content File Path

- System Trace Analysis — RFC, HTTP, DB - Transaction ST01

- SQL Performance Trace and Analysis — RFC, HTTP, DB - Transaction ST05

A default workload collector as part of CCMS monitoring and workload monitor through transaction

ST03N can be used to observe the workload records at application server level.

Component Monitor Detailed Description Prerequisites

- Workload Monitor — Transaction ST03N

Detailed analysis of workload of application servers

-

Content Lifecycle Management (CLM) communicates with application system using RFC. For certain

intensive operations, such as content extraction, interface monitors could be used to analyze the time

spent on each RFC call.

InterfaceDetailed Description Technology Used

You configure APIs and RFC functions in Customizing for Content Lifecycle Management under Maintain System Registry API Groups .

ABAP Web Dynpro application uses these calls and interfaces at runtime

RFC

/POA/CLM_WD ABAP Web Dynpro application is accessed using HTTP

HTTP



30/50 PUBLIC 2012-06-18


Component Monitor Detailed Description Prerequisites

CLM DB tables ST05 Observe critical operations and tables that take more time along with their hit and miss ratio

Switch the trace on before performing costly operations, such as extracting content groups

Some of the intensive database tables that can be viewed during critical long-running operations:

■ /POA/D_CLM_CP02 — CLM Content group and Entity relationship

■ /POA/D_CLM_DPLR — Table for storing entity processing messages

■ /POA/D_CLM_ENT01 — CLM Entity Table

■ /POA/D_CLM_ENT02 — CLM Entity Fields value Table

■ /POA/D_CLM_ENT03 — CLM Entity — Entity Relationship

■ /POA/D_CLM_ENT10 — CLM Entity Raw Data Extract Table

The monitoring sets from CCMS monitoring in RZ20 can help analyze most critical bottlenecks;

however, the following table points to some problem-oriented scenarios and a recommended tracking

mechanism for CLM:

CLM Scenario/Activity Problem Possible Causes Recommended Monitoring

Extraction of content from application system

Exception Occurred RFC connection failure, system failure, no authorization for RFC calls

Check system trace file (ST01)/ SM59 / SMT1 for trusted connections. CLM log in SLG1

Extraction in progress for a long time

Large amount of content Check background task in SM37 and CCMS CLM monitor

Validation errors Content in incorrect format

SLG1 – application log for CLM

Importing content from a CLM package (zip)

Exception occurred Malformed content or tempered content format

SLG1 – application log for CLM

Time out Package size is too big Check CCMS memory or buffer sizes to free resources, increase time out limits for profile parameters; usually cannot be resolved

Exporting CLM content to a package (zip)

Exception occurred Content was changed after including in package

SLG1 or check status of content group

- Time out Content size is too big Remove huge attachments, split package into two smaller packages

Deploy Content Exception occurred Incompatible system for application deployment of content, RFC connection failure, system failure, no authorization for RFC calls, no trusted system

SLG1 – application log for CLM, system trace file (ST01), SMT1 for trusted connections



2012-06-18 PUBLIC 31/50

CLM Scenario/Activity Problem Possible Causes Recommended Monitoring

Deployment takes too long

Large amount of content SM37 or CCMS for CLM deployment and polling results background job

Non recognized status in deployment log

Failure on application deployment

Check target application system, ST22, for any exceptions, authorization failures

No deployment possible Existing deployment on target system already on going

Check DB locks in SM12 (table /POA/S_CLM_DEPLKEY)

5.3 Management of CLM

Component Configuration Tools Detailed Description

Content Lifecycle Management (Software Component POASBC)

Customizing — this the standard SAP tool for ABAP-based system used for component Customizing. Access it through transaction SPRO

Technical configuration: Mainly for configuring application systems and the APIs with which CLM interacts

Content Lifecycle Management (Software Component POASBC)

SAP Solution Manager SAP Solution Manager is the standard SAP tool for process and scenario-based configuration.

For more information about SAP Solution Manager, see the following SAP Note:


1230438 Solution Manager Content for SAP SRM 7.0 Additional information for using Solution Manager Content

As a web-based application, the basis for logon and load balancing in Content Lifecycle Management

is a high availability landscape setup together with a load balanced network setup.

For more information about network load balancing, see the Technical Infrastructure Guide for SAP

NetWeaver on SAP Service Marketplace at http://service.sap.com/instguides.

A load-balanced network using SAP Web Dispatcher together with logon groups in the SAP NetWeaver

systems can be used to redirect certain users to specific application servers.

Start and Stop Sequences and Tools

Software Component Start and Stop Sequences and Tools

- Sequence Tool Detailed Description

Content Lifecycle Management — Software Component: POASBC

1 Example: STARTSAP STARTSAP (UNIX)SAP Management Console (Windows)

CLM is completely based on SAP NetWeaver infrastructure: For more information, see the Technical Operations Manual on SAP Help Portal at http://help.sap.com SAP NetWeaver



32/50 PUBLIC 2012-06-18



http://help.sap.com

For the list of components required for each scenario, see the scenario/component matrix information.

All scenarios and components in Content Lifecycle Management use the user management functions

provided by NetWeaver.

For more information about user administration and authentication, see the application security guide

on SAP Service Marketplace at http://service.sap.com/securityguide.

Categories of System Components

Category Properties Suggested Methods for Backup and Restore Examples

VIII Original application data, standalone system based on SAP NetWeaver Application Server

Data: ■ Database and log backup, application log backup (such

as job logs in file system) ■ Backup of software, configuration log files

Standalone SAP ERP

The following table lists the CLM components relevant for backup and recovery:

Component Data to be Backed Up Backup Method/Tool Recommended Backup Frequency

POASBC Application database tables, logs Database and log backup Yearly

Content Lifecycle Management Logs

■ Application Log: Every CLM operation and corresponding steps carried out during that operation

are recorded in the application log:

Transaction SLG1, object: /POA/CLM

The application log includes detailed information about error messages and sequential flow with

respect to CLM technical processing.

This object includes the following subobjects or categories:

● PACKAGE: Use this subobject to monitor and analyze the logs specific to CLM packages (all

steps performed under Manage Packages function on CLM UI)

● CHECKPOINT: All actions performed under Manage Content Groups in CLM are recorded for

analysis under this application log subobject

● DEPLOYMENT: Application logs related to deployment from CLM are recorded under this

subobject

● TECHNICAL: Additional technical log details are recorded under this subobject.

■ Deployment Log: This is available on CLM UI. It displays statuses and messages for deployments

from CLM to the application. The deployment log provides details of application-specific messages

per deployment system and per content group.

■ Change Log or Change History: For all actions that can be carried out in CLM UI, such as editing,

deployment, import, and export. CLM logs the change history using the change documents



2012-06-18 PUBLIC 33/50


function of ABAP. CLM change logging is enabled for packages and content groups and related

tables. This can be seen in CLM UI with View History function.

■ Customizing object or Table Logging: All Customizing, control, and system database tables

defined in CLM are enabled for logging. Analysis of this logging can be done using SCU3 transaction

in NetWeaver ABAP system if logging is switched on.

Content Lifecycle Management Administrator/Developer Utilities

CLM provides utilities for testing purposes, which are intended for administrators and developer user

groups.

Application API Adapter testing: Since CLM calls the RFC function modules while communicating

with application systems, it expects a certain format and interface for these API/RFC function modules.

Moreover, an appropriate system setup is also required via system registry configuration where new

application systems and their APIs are registered. For more information, see Customizing for Content

Lifecycle Management under Maintain System Registry.

In actual scenarios or for productive usage; before you run CLM with system registry settings, it is

advisable to run the test adapter utility using transaction /POA/CLM_API_TESTER. You need to provide

the system registry ID. The transaction checks API interfaces and also performs a test run for extraction

and deployment operations.

Cleaning up the CLM database: If you are running CLM for test purposes or on a test system, and

you find CLM database tables increasing in size over time; you can use transaction /POA/

CLM_CLEANUP to delete the CLM-specific database tables.

NOTE

This program completely deletes all CLM data and does not allow any preferences to be set for

specific entry deletion from CLM database tables. Hence it is intended to be used for cleaning up

garbage or unused data from the test CLM system only.

CLM uses background jobs for the execution of some operations at runtime. The following table gives

an overview of the exact programs that are scheduled in the background and the frequency at which

these are executed.

Scheduled periodic tasks for Content Lifecycle Management:

Program Name/Task

Task-Scheduling Tool

Recommended Frequency Detailed Description

/POA/R_CLM_DEPLOY_RESULTS_POLL

Automatic 10 minutes: This can be changed in Customizing for Content Lifecycle Management under Maintain Technical Settings.

Used to retrieve the deployment results of application content from target application systems. For more information, see Content Group Deployment in SAP Library documentation under Content Lifecycle Management Content Group



34/50 PUBLIC 2012-06-18

Program Name/Task

Task-Scheduling Tool

Recommended Frequency Detailed Description

and Package Management Content Group Deployment .

Other background tasks in Content Lifecycle Management that are scheduled to run immediately:

Program Name/Task Task-Scheduling Tool Recommended Frequency Detailed Description

/POA/R_CLM_EXTRACT Automatic Immediately when the operation is triggered

Background task during content group extraction

/POA/R_CLM_DEPLOY Automatic Immediately when the operation is triggered

Background task for content group upload and deployment

5.4 Software Change Management

Information on the support packages (SPs) available for Content Lifecycle Management can be found

in the Release Information Notes (RIN) for each SP.

Support packages for components based on the SAP NetWeaver Application Server (ABAP) (such as

CLM) are applied using the Support Package Manager.

Detailed instructions about applying a support package stack to SAP NetWeaver are given in the SAP

NetWeaver Support Package Stack guides on SAP Service Marketplace at http://service.sap.com/

instguides.

SAP Notes that require code changes for components based on the SAP NetWeaver Application Server

(ABAP) can be applied using the SAP Note Assistant. For more information, see http://

service.sap.com/note-assistant.

The transport workflow provides a framework for transporting enhancements or new developments

of existing business functions in a system landscape.

It is an efficient method of transporting a selected number of requests into a group of transport targets,

and uses clearly defined approval steps to ensure the quality of your target systems.

For more information, see the Technical Operations Manual on SAP Help Portal at http://

help.sap.com SAP NetWeaver .

SAP NetWeaver includes the Change and Transport System (CTS), which is a tool that helps you to

organize development projects in the ABAP Workbench and in Customizing, and then transport the

changes between the SAP systems in your system landscape.

For more information, see the SAP NetWeaver Technical Operations Manual on SAP Help Portal at

http://help.sap.com SAP NetWeaver .


5.4 Software Change Management

2012-06-18 PUBLIC 35/50



http://service.sap.com/note-assistant

http://service.sap.com/note-assistant

http://help.sap.com

http://help.sap.com

http://help.sap.com

5.5 Support Desk Management

SAP support needs to be able to work remotely for highest efficiency and availability. For this support,

SAP uses the remote connection with SAProuter for a specific problem that you log by creating a

customer message in the SAP Support Portal. For information about SAProuter, see the following SAP

Note:

SAP Note Title Comment

486688 Schedule VPN connection to SAP network See also the SAP Notes that this SAP Notes refers to for specific settings or parameters that are necessary

For further assistance, see the following SAP Note:

SAP Note Title Comment

812386 RFC connection to the SAPNet R/3 front end -

For sending problem messages and tickets to SAP related to Content Lifecycle Management, use

component XAP-SBC-CLM and provide a detailed and reproducible problem description.

5.6 High Availability of CLM

The main framework of Content Lifecycle Management is based in SAP NetWeaver. If the software

component for CLM becomes unavailable, all business scenario concerning CLM stop working.

Unavailability of CLM does not break any other software components or application functions.

ComponentDetailed Description HA Setup Description

POASBC - POA Shared Business Components 1.0

CLM is part of the POASBC Software component

For more information about high availability and switchover, see the Technical Operations Manual on SAP Help Portal at http://

help.sap.com SAP NetWeaver .


5.5 Support Desk Management

36/50 PUBLIC 2012-06-18



http://help.sap.com

http://help.sap.com

6 High Availability

Process Control, Risk Management, and Access Control use SAP NetWeaver for high availability.

Integration

RECOMMENDATION

For more information, see the documentation at http://www.sdn.sap.com/irj/sdn/ha.

6 High Availability

2012-06-18 PUBLIC 37/50

http://www.sdn.sap.com/irj/sdn/ha

7 Software Change Management

Software Change Management standardizes and automates software distribution, maintenance, and

testing procedures for complex software landscapes and multiple software development platforms.

These functions support your project teams, development teams, and application support teams.

The goal of Software Change Management is to establish consistent, solution-wide change management

that allows for specific maintenance procedures, global rollouts (including localizations), and open

integration with third-party products.

This section provides additional information about the most important software components.

The following topics are covered:

■ Transport and Change Management:

Enables and secures the distribution of software changes from the development environment to

the quality assurance and production environment.

■ Development Request and Development Release Management:

Enables customer-specific maintenance procedures and open integration with third-party

products.

■ Template Management:

Enables and secures the rollout of global templates, including localizations.

■ Quality Management and Test Management:

Reduce the time, cost, and risk associated with software changes.

■ Support Packages and SAP Notes Implementation:

Provide standardized software distribution and maintenance procedures.

■ Release and Upgrade Management:

Reduces the time, cost, and risk associated with upgrades.

7.1 Transport and Change Management

For transport and change management issues, the procedures of SAP NetWeaver apply. For more

information, see the Change and Transport information on the SAP Help Portal at http://

help.sap.com Documentation SAP NetWeaver SAP NetWeaver 2004s SAP Library SAP NetWeaver

Library Administrator's Guide Technical Operations Manual for SAP NetWeaver General Administration Tasks

Software Logistics (Overview) .


7.1 Transport and Change Management

2012-06-18 PUBLIC 39/50

http://help.sap.com

http://help.sap.com

7.2 Development Requests and Development Release Management

The standard procedures of SAP NetWeaver apply. For more information, see the Technical Operations

Manual for SAP NetWeaver in the SAP Library.

7.3 Quality Management and Test Management

You can use the SAP NetWeaver Development Infrastructure to learn about the various possibilities to

test your software changes.

7.4 Support Packages and Patch Implementation

We recommend you implement Support Package Stacks (SP-STACKS), which are sets of Support

Packages and patches for the respective product version that must be used in the given combination.

You can find detailed information about the availability of SP-Stacks on the SAP Service Marketplace

at http://service.sap.com/sp-stacks.

Read the corresponding Release and Information Notes (RIN) before you apply any Support Packages

or Patches of the selected SP-Stack.

The RIN and support packages for Process Control, Risk Management, and Access Control are available

in the SAP Service Marketplace at http://service.sap.com/patches.

RECOMMENDATION

For information about the tools required for implementing patches, see the NetWeaver 2004s

Technical Operations Manual on the SAP Help Portal.


7.2 Development Requests and Development Release Management

40/50 PUBLIC 2012-06-18

http://service.sap.com/sp-stacks

http://service.sap.com/patches

8 Troubleshooting

The process control, risk management, and access control applications are provided as add-on

components for SAP NetWeaver and use the same troubleshooting tools for the SAP NetWeaver

Application server.

RECOMMENDATION

For more information about troubleshooting the SAP NetWeaver Application server, see the

Technical Operations Manual for SAP NetWeaver.

Use the following components when reporting issues:

■ GRC-SPC for Process Control

■ GRC-RM for Risk Management

■ GRC-SAC for Access Control

Process

Troubleshooting Process Control Scheduler

The following troubleshooting procedure applies to the process control application scheduler function

only.

Symptom

The Monitor Scheduler does not display Completed.

Procedure

1. Determine if the cause is in the process control application or the ERP server.

1. In the Monitor Scheduler, select the line item and click Show Log. The details screen appears.

2. Select the job and click Job Status. This shows the job log for process control. If the Job Detail

button is disabled, the cause is in the process control application. If the Job Detail button is

enabled, the cause is in the ERP application.

2. Do the following to troubleshoot issues in the process control application:

1. In transaction SM37, enter the job name, user, and date, and click Log to display the Job Status.

2. If there is an ABAP dump, click the line item or go to transaction ST22 to view more information

to address the issue.

3. Do the following to troubleshoot issues in the ERP server:

1. In transaction SM37, enter the job name and date, and click Log to display the Job Detail.

2. If there is an ABAP dump, click the line item or go to transaction ST22 to view more information

to address the issue.

8 Troubleshooting

2012-06-18 PUBLIC 41/50

The information for troubleshooting the process control application is maintained in SAP Notes. For

troubleshooting information, see SAP Note 1302302 Troubleshooting Guides for PC.

8 Troubleshooting

42/50 PUBLIC 2012-06-18


9 Configuring Remote Connection to SAP Support

SAP offers access to remote support and remote services. You have to set up a remote network

connection to SAP.

RECOMMENDATION

For more information, see SAP Service Marketplace at http://service.sap.com/

remoteconnection.

9.1 Read Only Role

For remote support from SAP, a support user must have read-only access to the support tools. Since

these applications are built upon the NetWeaver ABAP stack, a support user can use the SAP standard

CSS remote support tool which is accessible through the SAPGUI or web browser.

Integration

The read-only roles are as follows:

■ SAP_GRAC_DISPLAY_ALL for Access Control

■ SAP_GRC_FN_DISPLAY for Process Control and Risk Management

9 Configuring Remote Connection to SAP Support

9.1 Read Only Role

2012-06-18 PUBLIC 43/50

http://service.sap.com/remoteconnection

http://service.sap.com/remoteconnection

10 Appendix

10.1 Categories of System Components for Backup and Restore

Categories of System Components Category Properties

Suggested Methods for Backup and Restore Examples

I Only software, no configuration, or application data

No backup, new installation in case of a recovery

BDOC modeler

Initial software backup after installation and upgrade

Backup of log files

II Only software and configuration information, no application data

-Backup after changes have been applied or

SAP Gateway

No backup, new installation, and configuration in case of a recovery

Communication Station

Backup of log files SAP Business Connector, SAP IPC (2.0C)

III Only replicated application data, replication time is sufficiently small for a recovery

Data SAP IMS/Search

No data backup needed Engine

Backup of software, configuration, log files

SAP IPC (2.0B)

IV Only replicated application data, backup recommended because replication time is too long, data not managed by a DBMS

Data SAP IMS/Search

Application specific file system backup or

Engine

Multiple instances Web server


SAP IPC (2.0B)

V Only replicated application data, backup recommended because replication time is too long, data managed by a DBMS

Data SAP IPC (2.0B)

Database and log backup or Catalog Server

Multiple instances Web server


SAP IPC (2.0B)

Categories of Systems Components

Category Properties Suggested Methods for Backup and Restore Examples

VI Original application data,

DataApplication specific file system backupBackup of software, configuration and log files

Web Server

10 Appendix


2012-06-18 PUBLIC 45/50


Category Properties Suggested Methods for Backup and Restore Examplesstandalone system, data not managed by a DBMS

VII Original application data, standalone system, data managed by a DBMS, not based on SAP NetWeaver Application Server

DataDatabase and log backupBackup of software, configuration and log files

none available

VIII Original application data, standalone system, based on SAP NetWeaver Application Server

DataDatabase and log backup, application log backup (such as job logs in file system)Backup of software, configuration and log files

Standalone SAPSAP ERPnone available

IX Original application data, data exchange with other systems, data not managed by a DBMS

DataApplication specific file system backup, data consistency with other systems must be consideredBackup of software, configuration, log files

none available

X Original application data, data exchange with other systems, data managed by a DBMS, not based on SAP NetWeaver Application Server

DataDatabase and log backup, data consistency with other systems must be consideredBackup of software, configuration, log files

SAP Live CacheSAP MobileWorkbench

XI Original application data, data exchange with

DataDatabase and log backup, application log backup (such as job logs in the system), data consistency with other systems must be considered

SAP ERPSAP CRMSAP APO

10 Appendix


46/50 PUBLIC 2012-06-18


Category Properties Suggested Methods for Backup and Restore Examplesother systems, based on SAP NetWeaver Application Server

Backup of software, configuration, log files SAP NetWeaver Business Warehouse

10.2 Related Information

The following table contains links to information relating to the Solution Operation Guide.

Content Quick Link to the SAP Service Marketplace (http://service.sap.com)

Master Guide, Installation Guide and Upgrade Guide

/instguides

/ibc

Related SAP Notes /notes

Released Platforms /platforms

Network Security /securityguide

/network

Technical Infrastructure /ti

SAP Solution Manager /solutionmanager

10 Appendix

10.2 Related Information

2012-06-18 PUBLIC 47/50

/instguides

/ibc

/notes

/platforms

/securityguide

/network

/ti

/solutionmanager

SAP AGDietmar-Hopp-Allee 16

69190 WalldorfGermany

T +49/18 05/34 34 34F +49/18 05/34 34 20

www.sap.com

© Copyright 2012 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are registered trademarks of Microsoft Corporation.IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, z10, z/VM, z/OS, OS/390, zEnterprise, PowerVM, Power Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA, pureScale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation.Linux is the registered trademark of Linus Torvalds in the United States and other countries.Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and other countries.Oracle and Java are registered trademarks of Oracle and its affiliates.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems Inc.HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.Apple, App Store, iBooks, iPad, iPhone, iPhoto, iPod, iTunes, Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc.IOS is a registered trademark of Cisco Systems Inc.RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry App World are trademarks or registered trademarks of Research in Motion Limited.Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps, Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync, Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik and Android are trademarks or registered trademarks of Google Inc.INTERMEC is a registered trademark of Intermec Technologies Corporation.Wi-Fi is a registered trademark of Wi-Fi Alliance.Bluetooth is a registered trademark of Bluetooth SIG Inc.Motorola is a registered trademark of Motorola Trademark Holdings LLC.Computop is a registered trademark of Computop Wirtschaftsinformatik GmbH.SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, SAP HANA, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company.Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase Inc. Sybase is an SAP company.

48/50 PUBLIC 2012-06-18

Crossgate, m@gic EDDY, B2B 360°, and B2B 360° Services are registered trademarks of Crossgate AG in Germany and other countries. Crossgate is an SAP company.All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies (“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

DisclaimerSome components of this product are based on Java™. Any code change in these components may cause unpredictable and severe malfunctions and is therefore expressly prohibited, as is any decompilation of these components.Any Java™ Source Code delivered with this product is only to be used by SAP’s Support Services and may not be modified or altered in any way.

Documentation in the SAP Service MarketplaceYou can find this document at the following address: http://service.sap.com/instguides

2012-06-18 PUBLIC 49/50


SAP AGDietmar-Hopp-Allee 1669190 WalldorfGermanyT +49/18 05/34 34 34F +49/18 05/34 34 20www.sap.com

© Copyright 2012 SAP AG. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

SAP Access Control™ 10 / Process Control™ 10 / Risk ...

Documents

Transcript of SAP Access Control™ 10 / Process Control™ 10 / Risk ...