Upgrade Guide

SAP Process Control 10.0 to 10.1

Target Audience
wAS System Administrators
wAS Technology Consultants

PUBLIC
w7M\<$R!a31
&8r`h=8fGk(*hM``G0

Document History

CAUTION

Before you start the implementation, make sure that you have the latest version of this document.
You can find the latest version at http://help.sap.com/pc.
The following table provides an overview of the most important document changes.
Version

Date

Description

1.00
1.01
1.02

2013-06-04
2013-11-15
2014-02-03

Initial Version
Required NetWeaver version updated to 7.40 SP4
Added a note to back up data in some tables before upgrade

2/24

PUBLIC

2014-02-03

Table of Contents

Chapter 1
1.1
1.2

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
About this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
SAP Notes for Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Chapter 2

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 3

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 4

System Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Chapter 5
5.1
5.2

Post Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Adjust Portal System Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Adjust the Customer Menu Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 6

New Roles in PC 10.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 7

Changes to Functional Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 8
8.1

Verifying Data Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Verifying Data after Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2014-02-03

PUBLIC

3/24

This page is left blank for documents

that are printed on both sides.

Getting Started

1.1

About this Document

1 Getting Started

This guide is intended for customers who currently use Process Control (PC) 10.0 and wish to upgrade
to PC 10.1.

1.1 About this Document

Purpose

This guide describes how to upgrade PC 10.0 to PC 10.1. The document provides the following
information.
@ An overview of the type of data required for the upgrade
@ Prerequisite information for configuring upgrade requirements for the PC 10.1 environment
@ Steps to verify data and perform post-upgrade tasks
Constraints

This Upgrade Guide is a stand-alone document; it has the following constraints.

@ This guide provides business use cases as examples of how you can use SAP software for your
company. These examples are intended to serve only as models and might not run the way they
are described in your customer-specific landscape.
@ This guide discusses the upgrade process of the PC 10.0 application to PC 10.1. Any attempt to use
this guide for other product versions is not supported.
This guide does not provide information for the following uses:
@ Installing PC 10.1
For more information, see the SAP Access Control 10.1/Process Control 10.1/Risk Management 10.1 Installation
Guide at http://help.sap.com/pc.
@ Upgrading of PC 3.0 to PC 10.1
For more information, see the SAP Process Control 3.0 to 10.1 Upgrade Guide at http://help.sap.com/
pc.

1.2 SAP Notes for Upgrade

Before you upgrade, review the following SAP Notes:
SAP Note Number

Title

1855403
1855404

GRCFND_A V1100 Installation and Upgrade

GRCPINW V1100 Installation and Upgrade

2014-02-03

PUBLIC

5/24

Getting Started

1.2

SAP Notes for Upgrade

SAP Note Number

Title

1855405
1844875
1510002
1597627

GRCPIERP V1100 Installation and Upgrade

Release Restrictions for GRC Process Control 10.1
Installing SAP GRC Portal 10.0
SAP HANA connection

6/24

PUBLIC

2014-02-03

Introduction

2 Introduction

This guide discusses how to convert the existing PC 10.0 application to PC 10.1. The upgrade process
involves the conversion of the data types listed below.
N.v Configuration Data Configuration data includes the configuration parameters specified within
Customizing.
For example, configuration data includes UI configuration for customer-defined fields and
organization unit hierarchy types.
N.v Master Data Master data mainly includes the following list of entities.
N.v Local processes
N.v Subprocesses and controls
N.v Entity-level controls
N.v Organization unit/regulation assignments
N.v Transactional Data Transactional data are transaction-based records related to the audit trail,
workflow items, and similar items.

2014-02-03

PUBLIC

7/24

This page is left blank for documents

that are printed on both sides.

Prerequisites

3 Prerequisites

Before you start the upgrade process, you must perform the prerequisite tasks described in this section.
Preparation

\
$Z/ Back up the PC 10.0 system
\
$Z/ If Datamart is used, delete all Datamart data.

2014-02-03

PUBLIC

9/24

This page is left blank for documents

that are printed on both sides.

System Upgrade

4 System Upgrade

Procedure

Upgrading from SAP Process Control 10.0 to 10.1 is a same-box upgrade process. To perform a system
upgrade, complete the following steps:
1. Back up the PC 10.0 system before you perform the upgrade.
NOTE

2.
3.
4.

During upgrade, the following tables will be overwritten with SAP delivered contents:
R'S GRPCCUSTOMIZING1
R'S GRFNAUTHCUST
R'S GRFNVC_PLUSG
We recommend that you back up the data in these tables before the upgrade.
Upgrade PC system from SAP NetWeaver 7.02 to SAP NetWeaver 7.40 SP4.
Upgrade SAP Enterprise Portal 7.0 EHP1 to SAP Enterprise Portal 7.02 or higher.
Install the GRC 10.1 component GRCFND_A_V1100 and the latest PC support packages.
NOTE

For more information, see the SAP Access Control 10.1, Process Control 10.1, and Risk Management 10.1
5.
6.

Installation Guide at http://help.sap.com/pc Installation and Upgrade Information.

Back up the system again.
Upload the BC sets for new features and new roles.
NOTE

For more information about PC 10.1 BC sets, see the SAP Access Control 10.1, Process Control 10.1,
and Risk Management 10.1 Installation Guide at http://help.sap.com/pc Installation and
Upgrade Information.
7. Perform configuration for new and optional SAP GRC 10.1 features.
8. If Datamart is used, refill the Datamart.
9. Deploy the GRC 10.1 Enterprise Portal package GRC_POR (if applicable).
10. If you use portal, assign portal roles GRC_Suite and ERP_Common to GRC users.
NOTE

Alternatively, you can use the NetWeaver Business Client (NWBC) 4.0 instead of the SAP
Enterprise Portal package. For more information, see the SAP Access Control 10.1, Process Control
10.1, and Risk Management 10.1 Installation Guide at http://help.sap.com/pc Installation and
Upgrade Information.

2014-02-03

PUBLIC

11/24

System Upgrade

11. If applicable, deploy the GRC10.1 Plug-in (RTA) package for PC 10.1 in the ERP system. See the
following table for GRC Plug-in packages for the different ERP/NW releases.
ERP

NetWeaver Release

GRC NW Plug-in

GRC ERP Plug-in

ERP 2005
ERP 2005
ERP 2005

NW 731
NW 710
NW 700

GRCPINW V1100_731
GRCPINW V1100_710
GRCPINW V1100_700

GRCPIERP V1100_700
GRCPIERP V1100_700
GRCPIERP V1100_700

For more information about backwards compatible plug-ins, see SAP Note 1821368 Backward
compatibility of GRC Plug-ins GRCPINW & GRCPIERP.
12. Activate NWBC and Web Dynpro services beginning with grpc and grfn, and services /default host/
sap/bc/nwbc, /sap/public/, /sap/bc, using the transaction SICF.
13. If you want to use Risk Management (RM) and Access Control (AC), you may need to activate the
RM and AC services.
For more information, see the SAP Access Control 10.1, Process Control 10.1, and Risk Management 10.1
Installation Guide at http://help.sap.com/pc Installation and Upgrade Information.

12/24

PUBLIC

2014-02-03

Post Upgrade Tasks

5.1

Adjust Portal System Aliases

5 Post Upgrade Tasks

After completing the upgrade, you must perform the following post-upgrade tasks:
D} Adjust the SAP Enterprise Portal system aliases (optional, if used)
D} Activate new Business Configuration (BC) sets
D} Adjust the customer menu link (if you use the customer menu item link)

5.1 Adjust Portal System Aliases

For PC System Aliases, use SAP-GRC (foundation application) and SAP-GRC-PC.

5.2 Adjust the Customer Menu Links

If you have any customer menus, make the necessary adjustments.

2014-02-03

PUBLIC

13/24

This page is left blank for documents

that are printed on both sides.

New Roles in PC 10.1

6 New Roles in PC 10.1

In PC 10.1, a new role SAP_GRC_SPC_CHIP_VIEWER is added. This role grants the authorization to
view entry pages and side panels that are implemented with CHIPs.
For more information about the role, see the SAP Access Control 10.1/Process Control 10.1/Risk Management
10.1 Security Guide at http://help.sap.com/pc Security Information.

2014-02-03

PUBLIC

15/24

This page is left blank for documents

that are printed on both sides.

Changes to Functional Roles

7 Changes to Functional Roles

The following roles have been modified for PC 10.1:

Role Name

Role Title

SAP_GRC_IAM_TRANSFER

Changes

GRC Internal Audit

Management role to
transfer Audit Planning
entities
SAP_GRC_SPC_CRS_ICMAN Cross Regulation
Internal Control
Manager
SAP_GRC_IAM_AUD_MGR GRC Internal Audit
Management Audit
Manager

This role is now allowed to display corrective/

preventive actions.

The role is now allowed to plan a disclosure survey in

Planner.
Entry page is now available for this role.
Entry page is now available for this role.

For more information about the roles delivered for Process Control 10.1, see the SAP Access Control 10.1/
Process Control 10.1/Risk Management 10.1 Security Guide at http://help.sap.com/pc Security Information.
Role: SAP_GRC_IAM_TRANSFER

If you use the delivered role directly, generate the profile for the role and use it directly after you have
upgraded to PC10.1.
If you copy the delivered role to your name space, add the following authorization to your role to use
the new features in PC10.1.
Activities for Authorization

Audit Type

Authorization Group

(GRFN_AUTH)
Displaying a Corrective/Preventive Action

To add the authorization to your role, complete the following steps:

1. Log on to the ABAP server for PC.
Enter the transaction PFCG.
2. The Role Maintenance screen appears.
In the Role field, enter the role ID, and click Change.
3. On the Change Role screen, go to the Authorizations tab, and click Change Authorization Data.
4. On the Change Role: Authorization screen, choose Manual Entry of Authorization Objects.
Input AUDIT_AUTH, and choose the activity for the role according to the table.
5. Save the change, and choose Generate to update the authority profile of the role.
To remove the authorization, complete the following steps:

2014-02-03

PUBLIC

17/24

1.
2.
3.
4.

5.

Changes to Functional Roles

Log on to the ABAP server for PC.

Enter the transaction PFCG.
The Role Maintenance screen appears.
In the Role field, enter the role ID, and click Change.
On the Change Role screen, go to the Authorizations tab, and click Change Authorization Data.
On the Change Role: Authorization screen, navigate to the activity you want to change, and choose
Edit.
In the Define Values window, deselect the box for the activity you want to remove from the role.
Save the change, and choose Generate to update the authority profile of the role.

Role: SAP_GRC_SPC_CRS_ICMAN

If you use the delivered role directly, generate the profile for the role and use it directly after you have
upgraded to PC10.1.
If you copy the delivered role to your name space, add the following authorization to your role to use
the new features in PC10.1.
Entity

Subentity

Datapart Activity

PLANNER PERF-DISCS *

Behavior

(GRFN_API)
Plan a disclosure survey in the Planner
Create or generate, Change, Delete

To add the authorization to your role for planning Disclosure Survey, complete the following steps:
1. Log on to the ABAP server for PC.
Enter the transaction PFCG.
2. The Role Maintenance screen appears.
In the Role field, enter the role ID, and click Change.
3. On the Change Role screen, go to the Authorizations tab, and click Change Authorization Data.
4. On the Change Role: Authorization screen, choose Manual Entry of Authorization Objects.
Input GRFN_API, choose OK.
Maintain the entity and subentity for the role according to the table.
5. Save the change, and choose Generate to update the authority profile of the role.
To remove the authorization, complete the following steps:
1. Log on to the ABAP server for PC.
Enter the transaction PFCG.
2. The Role Maintenance screen appears.
In the Role field, enter the role ID, and click Change.
3. On the Change Role screen, go to the Authorizations tab, and click Change Authorization Data.
4. On the Change Role: Authorization screen, navigate to the activity you want to change, and choose
Change to change the subentity list.
In the Field Value window, delete the PERF-DISCS entry.

18/24

PUBLIC

2014-02-03

Changes to Functional Roles

5. Save the change, and choose Generate to update the authority profile of the role.
To configure the entry page for your role, complete the following steps:
1. Log on to the ABAP server for PC.
Enter the transaction PFCG.
2. The Role Maintenance screen appears.
In the Role field, enter the role ID, and choose Change.
3. On the Change Role screen, go to the Menu tab, select the Work Center folder under Role Menu, and
choose Insert Node Web Dynpro Application.
NOTE

If you do not have a Work Center folder for the role, create one using the Create Folder button.
On the Web Dynpro Application creation screen, enter the following information, and choose
Continue.
Web Dynpro Application Name
Description

4.

GRPC_ENTRY_PAGE_4_ICMAN
Entry Page for Internal Control Manager

If you want the entry page to be the default page for this role, go to the Change Role screen, choose
Other Node Details, and check the Default Page option.
Save the changes.

Role: SAP_GRC_IAM_AUD_MGR

If you use the delivered role directly, generate the profile for the role and use it directly after you have
upgraded to PC10.1.
If you copy the delivered role to your name space, add the following entry page configuration to your
role:
1. Log on to the ABAP server for PC.
Enter the transaction PFCG.
2. The Role Maintenance screen appears.
In the Role field, enter the role ID, and choose Change.
3. On the Change Role screen, go to the Menu tab, select the Work Center folder under Role Menu, and
choose Insert Node Web Dynpro Application.
NOTE

If you do not have a Work Center folder for the role, create one using the Create Folder button.
On the Web Dynpro Application creation screen, enter the following information, and choose
Continue.
Web Dynpro Application Name
Description

GRFN_AUDIT_MANAGE_ENTRY_PAGE
Entry Page for Internal Audit Manager

If you want the entry page to be the default page for this role, go to the Change Role screen, choose
Other Node Details, and check the Default Page option.

2014-02-03

PUBLIC

19/24

4.

Changes to Functional Roles

Save the changes.

20/24

PUBLIC

2014-02-03

Verifying Data Integrity

8.1

Verifying Data after Upgrade

8 Verifying Data Integrity

To verify data integrity after the upgrade, perform the following tasks.
K Check the upgrade data using the PC user interface

8.1 Verifying Data after Upgrade

You can verify your data after upgrade using the PC user interface. As the PC Business user, compare
the data in PC 10.1 for a specific timeframe after the upgrade to the data in PC 10.0 for the same timeframe.
The data should be consistent.
Verify your data in the following listed areas.
K Corporate node
K Organization hierarchy
K Entity-level control/group
K Process data in process hierarchy
K My Process, the relationship between local process, subprocess and control
K My IELC, the relationship between local IELC and IELC group.
K Relationship between referenced control and local subprocess
K User authorization
K Audit trail data
K Workflow items
K Assessment, manual testing and issue data
K User role assignment/user authorization
K Scheduler
K Planner data
K Sign-off
K Reports

2014-02-03

PUBLIC

21/24

Typographic Conventions

Example

Description

<Example>

Angle brackets indicate that you replace these words or characters with appropriate
entries to make entries in the system, for example, Enter your <User Name>.
Arrows separating the parts of a navigation path, for example, menu options

Example
Example
Example
Example

http://www.sap.com
/example

123456
Example

Example

EXAMPLE

EXAMPLE

22/24

Emphasized words or expressions

Words or characters that you enter in the system exactly as they appear in the
documentation
Textual cross-references to an internet address
Quicklinks added to the internet address of a homepage to enable quick access to specific
content on the Web
Hyperlink to an SAP Note, for example, SAP Note 123456
] Words or characters quoted from the screen. These include field labels, screen titles,
pushbutton labels, menu names, and menu options.
] Cross-references to other documentation or published works
] Output on the screen following a user action, for example, messages
] Source code or syntax quoted directly from a program
] File and directory names and their paths, names of variables and parameters, and
names of installation, upgrade, and database tools
Technical names of system objects. These include report names, program names,
transaction codes, database table names, and key concepts of a programming language
when they are surrounded by body text, for example, SELECT and INCLUDE
Keys on the keyboard

PUBLIC

2014-02-03

SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf
Germany
T +49/18 05/34 34 34
F +49/18 05/34 34 20
www.sap.com

Copyright 2013 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission
of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software
vendors.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission
of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software
vendors. National product specifications may vary.
These materials are provided by SAP AG and its affiliated companies (SAP Group) for informational purposes only, without
representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials.
The only warranties for SAP Group products and services are those that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP AG in Germany and other countries.
Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark
information and notices.
Disclaimer

Please see http://www.sap.com/corporate-en/legal/copyright/index.epx for disclaimer information and notices.

Documentation in the SAP Service Marketplace

You can find this document at the following address: http://service.sap.com/instguides

2014-02-03

PUBLIC

23/24

SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf
Germany
T +49/18 05/34 34 34
F +49/18 05/34 34 20
www.sap.com

Copyright 2013 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained
herein may be changed without prior notice.