Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Digital signatures

Can any one help me out in understanding digital signatures in pharma industries. What functionalities in pharma are related to digital signatures. What exactly the use of it in pharma and what is the output of it.

Thanks in advance,

Quantum.

Former Member
Former Member replied

Hi,

Pls find the details about Digital Signature as below :

Digital signature (PP-PI)

Production Planning for Process Industries (PP-PI)

The equivalent to a handwritten signature for the processing of digital data.

The digital signature ensures:

The signed transaction can only be performed by users who are authorized.

The signatory identification is unique and forgery-proof

The signatory name is documented with the signed transaction and the date and time, and cannot be falsified

Depending on the application in use, you can enter a comment for the digital signature. If a transaction must be signed by several people, you can combine the signatures of different authorization groups into application-specific signature strategies.

Definition of Signatures in PI Sheets

Use

If you want to sign data in the PI sheet, you define a process data request with a signature. You have the following options:

Signature to accept invalid input values

In this case, you define the signature as part of an input validation. You only enter a signature in the PI sheet, if you want to transfer an input value although it is outside the defined value range.

Signature to complete a process step

In this case, you add the signature as an input value into the usual sequence of steps in the PI sheet. The entries and formula results of the relevant process step are reported when the signature is entered, that is, the corresponding messages are transferred to process management for sending. After this, you cannot change the values anymore.

In the browser-based PI sheet, you can also define an asynchronous signature to complete a process step. Using an asynchronous signature process, you can specify that actual data cannot be reported unless another or several other users have executed their signatures to confirm the entries. If the asynchronous signature is the last input field in the PI sheet, it automatically completes the PI sheet (see below).

In the course of production, the process operator enters values and executes his or her signature to sign these entries. However, the system does not yet create process messages since the entries must first be checked and signed by the shift manager. In the meantime, the process operator can maintain another part of the PI sheet. Only the input field that the shift manager needs to sign remains locked against further entries until he or she has executed the signature.

If the values that the process operator entered are not allowed, the shift manager can cancel the asynchronous signature process. The values entered are discarded and the input fields in the PI sheet become ready for input again. New values can be entered. Only when all required signatures have been executed, are the process messages belonging to the process step created.

Signature to sign/complete the PI sheet

Technically speaking, the signature is identical to the signature that is used to sign a process step. However, it is executed at the end of the PI sheet after all process steps have been completed.

In ABAP list-based PI sheets, you can use any type of signature for this. By executing the signature, you only confirm that the data is complete and correct.

In browser-based PI sheets, you must use the digital signature with a signature strategy and an asynchronous signature process (see below). The PI sheet is completed automatically when the signature process is completed.

For statements concerning quality in the manufacturing process, you can enter a comment. If the corresponding Customizing settings are made, the comment is transferred to the batch record and can be used as a basis for the usage decision.

Prerequisites

The type of signature to be used in the PI sheet has been defined in Customizing for Control Recipe Destinations.

You have the following options:

Signature without a password check

Signature with a simple password check

You can use this type of signature for ABAP list-based PI sheets only. You define the passwords for the relevant users in Customizing for Control Recipe Destinations.

Digital signature

If several individual signatures are to be executed, you can also specify the following in the control recipe destination:

Which signature strategy is to be used to sign process steps and PI sheets

Which signature strategy is used to accept invalid input values

For more information about digital signatures and the required settings, see Approval Using Digital Signatures.

If you want to use signatures to complete browser-based PI sheets, you must use digital signatures.

Features

Signatures for Invalid Input Values

You define these signatures when you define input validations. For more information, see:

Type 0: Definition of Input Validations

Type 2: Definition of Input Validations

Signature for Process Step / PI Sheet

You define these signatures as input values in a process data request. The structure rules for this process instruction are identical to that of all other data requests.

See also:

Type 0: Definition of Data Requests

Type 2: Process Data Requests for PI Sheets

Note the following:

Type of data request

You can define one signature for each data request. Depending on the data request, the signature is processed differently.

In a simple data request, you use signatures to complete the preceding entries and calculations since the last signature. If a signature is preceded by a table, you cannot enter more table entries once the signature has been executed.

In repeated data requests, signatures must be positioned in the last table column, that is, you must define the signature as the last input value of the process instruction.

You use signatures to complete the preceding table entries. However, you can still enter more table entries as long as the maximum number of table lines has not been reached.

Message category

You must assign a message category that contains characteristic PPPI_SIGNATURE to the process instruction.

Note that in repeated data requests you must enter a signature for every table line if the signature is marked as required in the message category.

Input value for the signature

You must define characteristic PPPI_SIGNATURE as an input value in the process instruction.

The characteristic is transferred to the message that the system creates for the process instruction. The following value is assigned to the characteristic:

If only one signature or one digital signature is executed:

the signature or name of the signatory

If signatures consisting of several individual digital signatures are executed:

the key of the corresponding signature strategy

You can display the signatures in the PI sheet.

Authorization to execute a signature

For the following types of signatures, you can specify that a user requires a special maintenance authorization for the PI sheet to execute the signature.

In browser-based PI sheets:

For signatures without a password

For digital signatures

In ABAP list-based PI sheets:

For signatures with a simple password check

For digital signatures

The system then checks if the activity specified in the process instruction has been included in authorization object C_CRPI_BER in the user master record.

Irrespective of the settings you make here, the system checks the following authorizations for digital signatures:

Activity 73 (Archive) in authorization object C_CRPI_BER (PI sheet)

For individual signatures in a signature strategy, the authorization group for the individual signature in authorization object C_SIGN_BGR (authorization groups for digital signatures)

Signature strategy for digital signatures

If several users must sign a process step or invalid input value, you use a signature strategy to define which individual signatures are required. You can assign a signature strategy in the control recipe destination. This strategy is then used for all process steps or for all input validations. If you want to use a different strategy for a particular process instruction, you assign the strategy to this process instruction.

If you want to use signatures to complete browser-based PI sheets, you must use a signature strategy.

Synchronous or asynchronous signature process

In the PI sheet, signature strategies are carried out synchronously by default. This means that all signatures must be executed immediately one after another without exiting the function.

However in process instructions that are used to sign the entire PI sheet, you can determine that the signature strategy is carried out asynchronously. The system stores the signatures individually. The PI sheet can be exited after each individual signature and can be called again by the next signatory.

If you want to use signatures to complete browser-based PI sheets, you must use the asynchronous signature process.

To define the data for the signature, you assign the following characteristics in the process instruction:

Characteristic

Meaning

Value

PPPI_INPUT_REQUEST

Input request

Any short text

PPPI_REQUESTED_VALUE

Input value

PPPI_SIGNATURE

PPPI_SIGNATURE_

AUTHORIZATION

Required authorization

(only for signatures with a password check and digital signatures)

Any value for the Activity field in the authorization object C_CRPI_BER

PPPI_SIGNATURE_STRATEGY

Signature strategy

(for digital signatures only)

Strategy defined in Customizing

PPPI_SIGNATURE_MODE

Synchronous or asynchronous signature process

(only for signing / completing PI sheets with a signature strategy)

S (synchronous)

A (asynchronous)

Hope this helps.

Regards,

Tejas

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question