cancel
Showing results for 
Search instead for 
Did you mean: 

DMS & Workflow - Handling Digital Signatures

Former Member
0 Kudos

Hello,

I have set up a DMS status network, and I'm controlling this network using workflow.

My workflow listens to "DRAW" for changes, and when a particular status is seen,

workflow starts.

This workflow sends out work items to several users, prompting them to review.

At this point, users can go into the DIR from their Inbox, and either select Approve or Reject Status.

Both Approve and Reject status are set up to require a Digital Signature. Workflow controls moving the status back to a "ready" state for the next reviewer. It also keeps track of the number of reviewers, in order to know when all reviews are done.

When everyone behaves in timely manner, this works great. Workflow has no issue with setting DMS statuses - in most cases.

However, I also have deadline monitoring set up on my workflow. After 3 days pass with no action, I want to "auto-reject". System id WF-BATCH is what I use to set statuses through workflow, and this works fine in most cases. However since the status "Approve" and "Reject" are set to require digital signatures, this system initiated status change FAILS. The system does not provide a digital signature for itself.

My question is - is this possible through configuration - to set it up in some way that a system ID can promote to a status and either pass a password or simply not require a digital signature?

My network is kind of stuck at this point because one of the 2 statuses MUST be selected for it to proceed.

Edited by: Bill Bessette on Jul 24, 2008 9:40 PM

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Bill

I honestly would not use a digital signature on reject, its not a status that would require a digital signature.

If you think about it logically, you wouldn't need a signature, to not sign a document, only to sign it and by rejecting it, you are effectively saying you are not prepared to sign it.

Also remember that a digital signature forces a content version so if you are going to send a document back and forth for approvals a couple of times, the system will store a copy every time it gets rejected which may increase the storage requirements.

Regards,

Athol

Former Member
0 Kudos

We require digital signatures on Reject so that we may capture the status with comments. These comments are important for the author so that they may rework the document for a later, successful submission. They also become part of the history of the document, and are printed out on a report which we have created.

Approval/Rejection history is also printed as part of a coversheet that we generate dynamically when the document is promoted successfully to "Active" status. We have a conversion system set up to render PDFs with this cover sheet.

We also use deadline monitoring for "Auto Approval". Some approvers are optional, and we don't want to hold up the workflow waiting for them to approve.

The entire process works well for the most part... See my response earlier in this thread for more info.

Bill

Edited by: Bill Bessette on Jul 25, 2008 5:58 PM

Former Member
0 Kudos

The digital signature is not the only method to capture comments and other ways around this would solve the problem without creating false system digital signatures. A simpler method to capture comments would be the use of the GOS comments section. In this way, all the comments are grouped together with no reporting requirement as they exist in the DIR itself in the same area comments are captured for all SAP objects.

You can make this a little easier for users to work with by inserting buttons (Create Comments & View Comments) in the DIR which enable the user to immediately see if comments exist on the DIR. The standard method we usually use with customers is to only make the view comments button appear if comments are there so the user doesn't click on the button and find nothing.

Here are some samples:

http://img.skitch.com/20080725-pef13yi8n9tkfb7iq7rjwpg8ak.jpg

http://img.skitch.com/20080725-fimt2q9sigpbptqxwqasu82x5t.jpg

Former Member
0 Kudos

Hello Athol,

Unfortunately, our documents fall under US - FDA audit regulations, and require that we verify digitally that approvals and rejections are validated via digital signature.

Our hands are somewhat tied in this regard. There is a business requirement beyond the benefit of comment capture.

Regards,

Bill

Former Member
0 Kudos

Weird. First time I have heard of legal requirement to capture rejections with a digital signature. Guess that makes your life more difficult.

Have you thought about another system status which is hidden via ABAP and allows the system to move back to draft. Setting of this status could be locked via authorisations to ensure that users cannot set it and you could call it something like Approval Timeout or something appropriate that indicates it was not user set. It would also allow you to differentiate those statuses set by the system and those set by the users simple by the status network used.

Former Member
0 Kudos

>

>

> Have you thought about another system status which is hidden via ABAP and allows the system to move back to draft. Setting of this status could be locked via authorizations to ensure that users cannot set it and you could call it something like Approval Timeout or something appropriate that indicates it was not user set. It would also allow you to differentiate those statuses set by the system and those set by the users simple by the status network used.

Athol,

This is how we ended up solving the issue. I created 2 non-esignature statuses (ZZ- System Approved, ZX - System Reject) and we modified a BADI (DOCUMENT_STATUS01, or something close to that) to hide those two statuses. Additionally we altered our security roles to disallow the users from manually setting those statuses via typing directly into the field.

Thanks,

Bill

Former Member
0 Kudos

Hi Bill,

I gone through ur thread and various comments from all, i too have similar requirement for statuses and digital signature.

could you pls help me in this,

my requirement is,

initiator/J.E - who initiates document

Asst. Manager - reviewer/reject

Sr. Manager - reviewer/reject

Deputy Manager - reviewer/reject (thru digital signature)

Deputy Chairman - Approver (digital signature)

Chairman - Approver (digital signature)

in this status flow except Chairman, whoever rejects, the document should go back to the initiator along with the notification.

the document approval by Deputy Chairman and Deputy Manager needs digital signature and if either rejects the document must flow to initator along with the notification.

Also, if either of person from the status network wont respond for 2-3 days the system should automatically pass to the next status or the previous status so dat the preceding person can approve.

Digital signature is needed for tracking the comments by approver and also to finalize the approval.

Can this be posible in Standard DMS without using any workflow/BADI?

please let me know the steps if its in standard DMS and even if its using workflow/BADI.

Thank You,

Manoj

Edited by: Manojkumar Bhagwat on Jul 31, 2008 7:31 AM

Former Member
0 Kudos

Hi Manoj,

You can set up a status network to model the states you describe. However to move the document along that network, you'll need manual intervention or workflow.

Deadline monitoring (taking action based on some time trigger) would require workflow.

The design gets somewhat more complicated if you intend to send the document out to multiple users concurrently, but not too bad.

I'm not sure of your experience level, but this is a good place to look if you are just

starting out:

http://help.sap.com/saphelp_47x200/helpdata/en/c1/1c31a243c711d1893e0000e8323c4f/frameset.htm

Bill

Former Member
0 Kudos

Hi Bill,

Thanks for your response.

Former Member
0 Kudos

Hello Athol,

I am working on SAP DMS implementation for Real estate company. Could you guide me how to activate GOS comments section in DIR? Its a business requirement in my project to add comments on each assigned document status. I tried to activate the same but did not get any option to acivate the same.

I look forward to your response.

Thanks&Regards,

Sudhir Rahase

Edited by: Sudhir_Cosmos on Sep 22, 2010 8:01 AM

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi,

Im not sure if i have understood the requirement, but if you want to set system status based on delay of 3 days, you can hard set the password in your workflow code.

Table: RC70D

Fields: SIGNER and PASSWORD

Niranjan

Let me know if it helps !!!

Former Member
0 Kudos

Hello Niranjan,

That's an interesting suggestion... I'll investigate. Any additional detail you can provide on how to implement this User/Pwd hard coding in WF would be appreciated.

In the meantime, here is some additional info.

Imagine a status network as follows:

Draft

Initiate Workflow

In Review - Reject/Approve

Active

Document starts in draft. The author selects a status of (Initiate Workflow) at which point the workflow starts.

Workflow moves the status from (Initiate Workflow) to (In Review)

and puts a work item in the reviewers mailbox. Reviewers can change the status to (Reject) or (Approve) and each requires a digital signature. After each reject/approve, Workflow moves the status back to (In Review) so that the next person may act. When everyone has reviewed and approved, workflow moves the status to (Active). If anyone has rejected, workflow moves the status back to (Draft.)

This is a simplification, but that's the scenario. WF-BATCH is our workflow ID that has SAP-ALL authorization. Problem occurs when deadline monitoring is in effect. If a reviewer doesn't act within the designated deadline, the monitor fires and the work item is flagged as obsolete. Due to the status network, the only valid path is to either move to (Approve) or (Reject). But since both of those statuses have been set up to require digital signature, they fail. We end up stuck in (In Review) with no way out.

If hard coding the userid WF-BATCH and the password in some table will solve this problem, then we'd be thrilled.

Bill

Edited by: Bill Bessette on Jul 25, 2008 6:00 PM

Former Member
0 Kudos

Hi Bill,

That is very interesting scenario.

@ your statement: If hard coding the userid WF-BATCH and the password in some table will solve this problem, then we'd be thrilled

You dont need to hardcode the userid and password in Table but may be you can pass the value to these tables.

Like your id is Reject_WF and there would be a password which can be reset by Basis to say password_WF

then you can have a report or hard code these values in the WF to pass them to the Tables.

Another way is you have another status "Reject_WF" which doesnt need Digital Sign and here you can hard code comments as "Rejected because of Approval / Rejection Deadline has passed"

This status will again forward the document to your required status via Report which can be run every day at 5PM may be or may be hourly.

Niranjan

Let me know if it helps !!!!

Award points if post helps you