Upload
rgil252
View
47
Download
5
Embed Size (px)
Citation preview
Master Guide
SAP™ GRCAccess ControlUsing SAP® with Release 5.3Target Audience
System administrators
Technology consultants
Document Version 1.01 - February 15, 2008
© Copyright 2008 SAP AG, All rights reserved.
No part of this publication may be reproduced or transmitted in anyform or for any purpose without the express permission of SAP AG.The information contained herein may be changed without priornotice.
Some software products marketed by SAP AG and its distributorscontain proprietary software components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registeredtrademarks of Microsoft Corporation.IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex,MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries,xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity,Tivoli, Informix, i5/OS, POWER, POWER5, OpenPower andPowerPC are trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are eithertrademarks or registered trademarks of Adobe Systems Incorporated inthe United States and/or other countries.Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of theOpen Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame,VideoFrame, and MultiWin are trademarks or registered trademarks ofCitrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registeredtrademarks of W3C®, World Wide Web Consortium, MassachusettsInstitute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., usedunder license for technology invented and implemented by Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, andother SAP products and services mentioned herein as well as theirrespective logos are trademarks or registered trademarks of SAP AGin Germany and in several other countries all over the world. All otherproduct and service names mentioned are the trademarks of theirrespective companies. Data contained in this document servesinformational purposes only. National product specifications mayvary.
These materials are subject to change without notice. These materialsare provided by SAP AG and its affiliated companies ("SAP Group")for informational purposes only, without representation or warranty ofany kind, and SAP Group shall not be liable for errors or omissionswith respect to the materials. The only warranties for SAP Groupproducts and services are those that are set forth in the expresswarranty statements accompanying such products and services, if any.Nothing herein should be construed as constituting an additionalwarranty.
DisclaimerSome components of this product are based on Java™. Any codechange in these components may cause unpredictable and severemalfunctions and is therefore expressively prohibited, as is anydecompilation of these components.
Any Java™ Source Code delivered with this product is only to be usedby SAP’s Support Services and may not be modified or altered in anyway.
Documentation in the SAP Service MarketplaceYou can find this documentation at the following Internet address:service.sap.com/instguides
SAP AGDietmar-Hopp-Allee 1669190 WalldorfGermanyT +49/18 05/34 34 34F +49/18 05/34 34 20www.sap.com
Typographic ConventionsType Style Represents
Example Text Words or characters thatappear on the screen. Theseinclude field names, screentitles, pushbuttons as well asmenu names, paths andoptions.
Cross-references to otherdocumentation
Example text Emphasized words or phrasesin body text, titles of graphicsand tables
EXAMPLE TEXT Names of elements in thesystem. These include reportnames, program names,transaction codes, tablenames, and individual keywords of a programminglanguage, when surrounded bybody text, for example,SELECT and INCLUDE.
Example text Screen output. This includesfile and directory names andtheir paths, messages, namesof variables and parameters,source code as well as namesof installation, upgrade anddatabase tools.
Example text Exact user entry. These arewords or characters that youenter in the system exactly asthey appear in thedocumentation.
<Exampletext>
Variable user entry. Pointedbrackets indicate that youreplace these words andcharacters with appropriateentries.
EXAMPLE TEXT Keys on the keyboard, forexample, function keys (suchas F2) or the ENTER key.
Icons
Icon Meaning
Caution
Example
Note
Recommendation
Syntax
Master Guide GRC Access Control 5.3
4 Access Control 5.3 Master Guide February 2008
Document HistoryThe Master Guide is regularly updated in SAP Service Marketplace atservice.sap.com/instguides.
Make sure you have the latest version of the Master Guide by checking SAP ServiceMarketplace immediately before starting the installation.
The following table provides an overview of the most important changes that were made inthe latest versions.
Master Guide Version Important Changes
1.00 January 28, 2008 First release of GRC Access Control 5.3 applicationincluding the following functionality: Compliant UserProvisioning, Enterprise Role Management, RiskAnalysis and Remediation, and Superuser PrivilegeManagement.
1.0.1 February 15, 2008 Added support packages for 530_46C, 530_620,530_640, and 530_700 to Important SAP Notessection 1.3.
2 SAP GRC Access Control Overview
Document History
February 2008 5
Table of Contents
Chapter 1 Getting Started .............................................................................. 61.1 About this Document..................................................................................................61.2 Related Information....................................................................................................71.2.1 Planning Information ..................................................................................................71.2.2 SAP Service Marketplace Links..................................................................................81.3 Important SAP Notes..................................................................................................81.4 GRC Access Control Documentation ..........................................................................9
Chapter 2 SAP GRC Access Control Overview ............................................ 102.1 Software Component Matrix.....................................................................................112.1.1 Access Control 5.3 Compatibility..............................................................................112.2 Technical System Landscape ....................................................................................122.3 Overall Implementation Sequence.............................................................................15
Chapter 3 Solution-Wide Topics .................................................................. 16
Appendix A Main SAP Documentation Types..................................................... 17A1 Cross-Phase Documentation .....................................................................................17
SAPterm...................................................................................................................17SAP Library .............................................................................................................18Implementation Guide (IMG) ...................................................................................18Security Guide..........................................................................................................18
A2 Implementation Phase...............................................................................................19Master Guide............................................................................................................19Component Installation Guide...................................................................................19Configuration Documentation in SAP Solution Manager ...........................................19
A3 Production Operation Phase ......................................................................................20Solution Operation Guide .........................................................................................20
A4 Upgrade Phase..........................................................................................................21Upgrade Master Guide..............................................................................................21Component Upgrade Guide.......................................................................................21Release Notes ...........................................................................................................21
1.1 About this Document
6 Access Control 5.3 Master Guide February 2008
1 Getting StartedSAP GRC Access Control is an enterprise application that provides end-to-end automationfor documenting, detecting, remediating, mitigating, and preventing access and authorizationrisk enterprise wide, resulting in proper segregation of duties, lower costs, reduced risk, andbetter business performance.
The Access Control application includes the following capabilities:
Risk Analysis and Remediation, which supports real-time compliance to detect,remove, and prevent access and authorization risk by preventing security andcontrol violations before they occur.
Compliant User Provisioning, which automates provisioning, tests for SoD risks,and streamlines approvals to the appropriate business approvers to unburden ITstaff and provide a complete history of user access.
Enterprise Role Management, which standardizes and centralizes role creationand maintenance.
Superuser Privilege Management, which enables users to perform emergencyactivities outside their roles as a “privileged user” in a controlled and auditableenvironment.
SAP GRC solutions help companies comply with the Sarbanes-Oxley Act and otherregulatory mandates by enabling organizations to rapidly identify and remove authorizationrisks from IT systems. Access Control allows preventive controls be embedded into businessprocesses to identify and prevent future SoD violations from being introduced without properapproval and mitigation.
1.1 About this DocumentThis Master Guide is the central starting point for the technical implementation of SAP GRCAccess Control including Risk Analysis and Remediation, Compliant User Provisioning,Enterprise Role Management, and Superuser Privilege Management.
Use the Master Guide to get an overview of SAP GRC Access Control, software units, and itsscenarios from a technical perspective. The Master Guide is a planning tool that helps you todesign your GRC Access Control system landscape. It refers you to the required detaileddocumentation: Installation guides for single software components, SAP Notes, Configurationdocumentation, SAP Library documentation.
For a general overview of the available SAP documentation, see The Main SAPDocumentation Types.
The Master Guide contains the following main sections:
Getting Started
This section contains information about using this document, reference documentation,and related information (SAP Notes) crucial to the installation and add-on.
Access Control Overview
This section contains information about the technical system landscape, softwarecomponents, and implementation steps.
Solution-Wide Topics
This chapter provides a summary of the required shared services for implementation.
1.2 Related Information
February 2008 7
You can find the most current information about the technical implementation of SAPGRC Access Control, and the latest installation and configuration guides on SAPService Marketplace at service.sap.com/instguides.We strongly recommend that you use the documents available here. The guides areregularly updated.
1.2 Related InformationThis section describes useful topics for planning. Links to useful reference documentationfound on SAP Service Marketplace is also provided.
1.2.1 Planning InformationFor more information about planning topics not covered in this guide, see the followingcontent on SAP Service Marketplace:
Content Location on SAP Service Marketplace
Latest versions of installation and upgradeguides
service.sap.com/instguides
General information aboutapplications/solutions and business scenarios
service.sap.com/businessmaps
SAP Business Maps - information aboutapplications and business scenarios
service.sap.com/businessmaps
Sizing, calculation of hardware requirements -such as CPU, disk and memory resource
service.sap.com/; for sizingwhitepaper visithttps://service.sap.com/~sapidb/011000358700000435122007E
Released platforms and technology-relatedtopics such as maintenance strategies andlanguage support
service.sap.com/platforms
To access the Platform Availability Matrixdirectly, enter service.sap.com/pam.
Network security service.sap.com/securityguide
High Availability service.sap.com/ha
Performance service.sap.com/performance
Information about Support Package Stacks,latest software versions and patch levelrequirements
service.sap.com/sp-stacks
Information about Unicode technology service.sap.com/unicode@sap
1.3 Important SAP Notes
8 Access Control 5.3 Master Guide February 2008
1.2.2 SAP Service Marketplace LinksThe following table lists further useful links on SAP Service Marketplace:
Content Location on SAP Service Marketplace
Information about creating error messages service.sap.com/messages
SAP Notes search service.sap.com/notes
SAP Software Distribution Center (softwaredownload and ordering of software)
service.sap.com/swdc
SAP Online Knowledge Products (OKPs) –role-specific Learning Maps
service.sap.com/rkt
1.3 Important SAP NotesTo obtain the latest technical information available, read the following SAP Notes before youstart installation. These notes also contain the latest updates and corrections to theinstallation documentation. The most up-to-date version of SAP Notes is found on SAPService Marketplace at: service.sap.com/notes
SAP Note Number Title Description
1151813 VIRSANH andVIRSAHR
Release Notes for AC 530_700
1133167 VIRSANH Installation notes for 530_700
1133168 VIRSAHR Installation notes for 530_700
1133173 VIRSANH Upgrades notes for 530_700
1133174 VIRSAHR Upgrades notes for 530_700
1138018 VIRSANH Support packages for 530_700
1138042 VIRSAHR Support packages for 530_700
1133165 VIRSANH Installation notes for 530_640
1133166 VIRSAHR Installation notes for 530_640
1133171 VIRSANH Upgrades notes for 530_640
1133172 VIRSAHR Upgrades notes for 530_640
1138017 VIRSANH Support packages for 530_640
1138041 VIRSAHR Support packages for 530_640
1133163 VIRSANH Installation notes for 530_620
1133164 VIRSAHR Installation notes for 530_620
1133169 VIRSANH Upgrades notes for 530_620
1133170 VIRSAHR Upgrades notes for 530_620
1138016 VIRSANH Support packages for 530_620
1138020 VIRSAHR Support packages for 530_620
1133161 VIRSANH Installation notes for 530_46C
1133162 VIRSAHR Installation notes for 530_46C
1138015 VIRSANH Support packages for 530_46C
1.4 GRC Access Control Documentation
February 2008 9
1138109 VIRSAHR Support packages for 530_46C
1.4 GRC Access Control DocumentationAccess Control provides the following documentation including this guide.
Title Location
SAP GRC Access Control Master Guide http://service.sap/instguides
SAP GRC Access Control Installation Guide http://service.sap
SAP GRC Access Control Upgrade Guide http://service.sap
SAP GRC Access Control Operations Guide http://service.sap/instguides
SAP GRC Access Control User Guide On SAP Help Portal athttp://help.sap.com
SAP GRC Access Control ImplementationGuide
http://service.sap/instguides
SAP GRC Access Control Security Guide http://service.sap/securityguide
2 SAP GRC Access Control Overview
1.4 GRC Access Control Documentation
10 Access Control 5.3 Master Guide February 2008
2 SAP GRC Access Control OverviewSAP GRC Access Control offers a robust solution for monitoring, testing, and enforcingaccess and authorization controls that enable enterprises to quickly fulfill compliance andregulatory requirements.
The following illustration provides an overview of all software components used by SAP GRCAccess Control including Risk Analysis and Remediation, Compliant User Provisioning,Enterprise Role Management, and Superuser Privilege Management.
NW 7.0 AS Java SP10+
Web Browser / Presentation Server
Client
Non-Sap App
RTA
SAP BWUDConnector
RTA
RTA
ReportingAnalyticsUME
RFC
Java/Web Dynpro Java
Risk Analysis&
Remediation
CompliantUser
Provisioning
EnterpriseRole
Management
SuperUserPrivilege
Management
Application Logic
SAPIGS
RTA
Non-Sap App
JDBC
JDBC
JDBC
GRC Access Control Component Matrix
Non-Sap App
2 SAP GRC Access Control Overview
2.1 Software Component Matrix
February 2008 11
2.1 Software Component MatrixFour components make up SAP GRC Access Control:
Risk Analysis and Remediation
Enterprise Role Management
Superuser Privilege Management
Compliant User Provisioning
The following table describes software inter-compatibility by feature and version for AccessControl 5.3. For more details about software upgrade for all downrev versions see the SAPUpgrade Guide, and refer to the compatibility matrix, https://websmp205.sap-ag.de/ , locatedon SAP Service Marketplace.
Access Control 5.3 is independent of the underlying operating system and database. Theseapplications run on the NetWeaver platform and are automatically supported by NetWeaver.Compatibility information is subject to change.
2.1.1 Access Control 5.3 CompatibilitySoftware compatibility between Access Control and Virsa Compliance Calibator is shownbelow.
Access Control 5.3 Virsa Compliance Calibrator
AC 5.3 RiskAnalysis &Remediation
5.2NW04(s)
5.1 NW04 (s) 5.0 640 4.0 700 4.0 640 4.0 620 4.0 46C 4.0 46B
AC 5.3EnterpriseRoleManagement
Y
AC 5.3SuperuserPrivilegeManagement
Y Y Y Y Y Y
Access Control 5.3
AC 5.3CompliantUserProvisioning
Y Y Y Y Y Y Y Y
2 SAP GRC Access Control Overview
2.2 Technical System Landscape
12 Access Control 5.3 Master Guide February 2008
2.2 Technical System LandscapeThis section contains the overall SAP GRC Access Control technical system landscapefollowed by separate individual landscapes for Risk Analysis and Remediation, CompliantUser Provisioning, Enterprise Role Management, and Superuser Privilege Management.
An overview of the SAP GRC Access Control technical landscape is shown below.
GRC Access Control Technical System Landscape
Web BrowserPresentation Server
User Interface Layer
Business Logic Layer
Non-Sap App
Technology Layer
SAP Netweaver 2004S
IGSSLDUME
RTA
RFC
Non-Sap App
RTA
RTA
SAP BWUDConnector
ReportingAnalyticsRTA
Risk Analysis& Remediation
•Performs Risk Analysis•Will Mitigate Risks
Compliant UserProvisioning
•Automated Work Flow
Enterprise RoleManagement•Central Role
Repository
SuperUser PrivilegeManagement
•SuperUser Access
Non-Sap App
2 SAP GRC Access Control Overview
2.2 Technical System Landscape
February 2008 13
Risk Analysis and Remediation supports real-time compliance to detect, remove, and preventaccess and authorization risk by preventing security and control violations before they occur.
The technical system landscape for Risk Analysis and Remediation is shown below.
Risk Analysis and Remediation Landscape
ExecutiveAnalytics
SAP Oracle Legacy
ControlsManager
DataUnification
AlertMonitor
WorkflowEngine (AE)
LocalPersistence
RuleCache
RuleEngine
RuleLoader
Web Dynpro
AnalysisEngine
BI
BIVirsaAdapter
Externalsystems
AdapterFramework
VirsaCommonServices
Dashboards
Rules
Controls
Configuration
Audit Log
Violation Data
RemediationWorkflow ContextTransaction Log (File)Alert DataText Data (Transaction name,etc.)
Bex,BI Web App Designer
Superuser Privileged Management enables users to perform emergency activities outsidetheir roles as a “privileged user” in a controlled and auditable environment.
The technical system landscape for Superuser Privilege Management is shown below.
Superuser Privilege Management Landscape
SAP GUI Logon Firefighter Dash Board
SD FFId MM FFId FI FFId
Risk Analysis
WebDynpro Reports ABAP Reports
CC AnalysisEngine
AnalysisAdapter
XXX
SD FF Role MM FF Role
2 SAP GRC Access Control Overview
2.2 Technical System Landscape
14 Access Control 5.3 Master Guide February 2008
Compliant User Provisioning automates provisioning, tests for SoD issues, and streamlinesapprovals to the appropriate business approvers to unburden IT staff and provide a completehistory of user access. The technical landscape for Compliant User Provisioning is shownbelow.
Compliant User Provisioning Landscape
SAP R/3
BAPIFramework
SAP JCOAdapters
• RTA AE DB
Data Access Object Layer
Presentation Layer (JSP)
Navigation Framework (UI)Http requests
Business Object Classes
Action Classes
Integration
RE
Framework Components
CC
Enterprise Role Management standardizes and centralizes role creation. The technicallandscape for Enterprise Role Management is shown below.
Enterprise Role Management
SAP R/3
BAPIFramework
SAP JCOAdapters
• RTA RE DB(Master data & Role info.)
Data Access Object Layer
Presentation Layer (JSP)
Navigation Framework (UI)Http requests
Business Object Classes
Action Classes
Integration
CC
AE
Framework Components
2 SAP GRC Access Control Overview
2.3. Overall Implementation Sequence
February 2008 15
2.3. Overall Implementation SequenceThis section describes the implementation steps required in sequential order to install theGRC Access Control software application. A reference to the corresponding installationdocumentation and SAP Notes is also included.
2.3.1 PurposeTo install SAP GRC Access Control software use the steps described below. This tablecontains all available software components. However, to implement a specific scenario, youonly need a subset of available software components. For information about softwarecompatibility requirements, see section 2.1 Software Component Matrix.
For the latest component version and patch level requirements, see the Important SAP Notessection.
2.3.2 ProcessSAP GRC Access Control supports all operating and database software systems supportedby SAP NetWeaver. For more details, refer to the product availability matrix on SAP ServiceMarketplace at service.sap.com.
Implementation Sequence
Step Required Action Reference
1 Required Install NetWeaver 7.0Application Server (AS)SP12, (ECC 6.0, NW04S or2004S)
Seeservice.sap.com/instructions
2 Required Install Risk Analysis andRemediation
VIRCC00_0.SCA
3 Required Install Compliant UserProvisioning
VIRAE00_.0SCA
4 Required Install Enterprise RoleManager
VIRRE00_0.SCA
5 Required Install Superuser PrivilegeManagement
VIRFF00_0.SCA
6 Required Install Access Control RealTime Agent 5.3
One RTA connection isrequired. VIRSANH
Installation Guide – SAPGRC Access Control
7 Optional Install 2nd Access ControlReal Time Agent
VIRSAHR; VIRSANH andSAP_HR are required todeploy 2nd AC RTA.
8 Optional Install Enterprise PortalIntegration
VIREPRTA00_0.SCA
9 Optional Install Launch Pad VIRACLP00_0.SCA;NetWeaver Business Clientis required to deploy LaunchPad
3 Solution-Wide Topics
2.3. Overall Implementation Sequence
16 Access Control 5.3 Master Guide February 2008
3 Solution-Wide TopicsShared services provided by SAP NetWeaver are required to run Solution Manager andSystem Landscape Directory. Refer to the current SAP NetWeaver Master Guide for moreinformation about these topics.
Appendix A - Main SAP Documentation Types
A.1 Cross-Phase Documentation
February 2008 17
Appendix A - Main SAP DocumentationTypesThis chapter provides an overview of the most important documentation types that you needfor each phase of the SAP solution software life cycle, and a description of each book type.
Documentation types in the software life cycle
ImplementationImplementation
Master Guide
ConfigurationDocumentation Release Notes
ComponentInstallation Guide
ComponentUpgrade Guide
Upgrade Master Guide
OperationOperation UpgradeUpgrade
Solution ManagementGuide
Implementation Guide (IMG) Delta and Upgrade IMG
Security Guide
SAP Library
SAPterm
A.1 Cross-Phase DocumentationThe SAPterm database, SAP Library, and Implementation Guide cover topics spanning allphases of the SAP software life cycle. The Security Guide spans the implementation andoperation phases of the software life cycle.
SAPtermSAPterm is SAP’s terminology database. It contains SAP-specific vocabulary in over 30languages, as well as many definitions and glossary entries in English and German.
Target group:
Relevant for all target groups
Current version:
Located in the SAP Help Portal at help.sap.com Additional Information Glossary(direct Access) or Terminology (available as terminology CD), and in the SAP-System intransaction STERM
Appendix A - Main SAP Documentation Types
A.1 Cross-Phase Documentation
18 Access Control 5.3 Master Guide February 2008
SAP LibraryThe SAP Library is a collection of function- and process-oriented documentation for SAPcomponents. The SAP Library also contains the Business Scenario Descriptions.
Target group:
Consultants, System Administrators, Project teams for implementations or upgrades
Current version:
Located in the SAP Help Portal at help.sap.com; also located in the SAP ServiceMarketplace at service.sap.com/ibc (only the Business Scenario Descriptions)
Implementation Guide (IMG)The Implementation Guide is a tool for configuring the SAP system to meet customerrequirements. Its structure and documentation are component-oriented.
Target group:
Consultants and Project teams for implementations or upgrades
Current version:
Located in the SAP menu of the SAP system under Tools Customizing IMG
Security GuideThe Security Guide describes the settings for a medium security level and offers suggestionsfor raising security levels. A collective security guide is available for the SAP NetWeavertechnologies like SAP Web Application Server (SAP Web AS). This document containsgeneral guidelines and suggestions about system security. Other technologies and individualapplications have a Security Guide of their own.
Target group:
Technology consultants, Solution consultants, and Project teams for implementations orupgrades
Current version:
Located in the SAP Service Marketplace at service.sap.com/securityguide
Appendix A - Main SAP Documentation Types
A.2 Implementation Phase
February 2008 19
A.2 Implementation PhaseThe Master Guide, Component Installation Guide, and Configuration documentation withinSAP Solution Manager cover topics related to the implementation phase of the software lifecycle.
Master GuideThe Master Guide is the starting point for implementing an SAP solution. It lists the requiredSAP components and third party applications that are required for each Business Scenario. Itprovides scenario-specific descriptions of preparation, execution, and follow-up of animplementation. It also offers references to other documents, such as Component InstallationGuides and SAP Notes.
Target group:
Technology consultants, System Administrators, and Project teams for implementationsor upgrades
Current version:
Located in the SAP Service Marketplace at service.sap.com/securityguide
Component Installation GuideThe Component Installation Guide describes the technical implementation of an SAPcomponent, taking into account the combinations of operating systems and databases. Itdoes not describe any business-related configuration.
Target group:
Technology consultants, and Project teams for implementations or upgrades
Current version:
Located in the SAP Service Marketplace at service.sap.com/ instguides
Configuration Documentation in SAP Solution ManagerSAP Solution Manager is a tool with various functions, one of its main functions being theconfiguration of SAP solutions and Business Scenarios. It contains IMG activities,transactions, and so on, as well as documentation. Instead of the configurationdocumentation in SAP Solution Manager, there may be separate Business ScenarioConfiguration Guides in the SAP Service Marketplace for earlier shipments of the BusinessScenarios.
Target group:
Solution consultants, and Project teams for implementations
Current version:
Located in SAP Solution Manager, and in the SAP Service Marketplace atservice.sap.com/ibc
Appendix A - Main SAP Documentation Types
A.3 Production Operation Phase
20 Access Control 5.3 Master Guide February 2008
A.3 Production Operation PhaseThe Solution Operation Guide documents requirements for the operation phase of the SAPsoftware life cycle.
Solution Operation GuideThe Solution Operation Guide is the starting point for operating an SAP solution. The guiderefers users to the tools and documentation that are needed to carry out various tasks, suchas monitoring, backup/restore, master data maintenance, transports, and tests. It also refersusers to other documents, for example the SAP Library, the Master Guide, and theComponent Management Guides.
Target group:
System Administrators, Technology consultants, and project teams for implementationsor upgrades.
Current version:
Located in SAP Service Marketplace at service.sap.com/instguides
Appendix A - Main SAP Documentation Types
A.4 Upgrade Phase
February 2008 21
A.4 Upgrade PhaseThe documentation types needed for the upgrade phase of the SAP software life cycleconsist of the Upgrade Master Guide, Component Upgrade Guide, and Release Notes.
Upgrade Master GuideThe Upgrade Master Guide is the starting point for upgrading the Business Scenarios of anSAP solution. It provides scenario-specific descriptions of preparation, execution, and follow-up of an upgrade. It also refers to other documents, such as the Component Upgrade Guidesand SAP Notes. Instead of an Upgrade Master Guide, there may be several BusinessScenario Upgrade Guides or a Solution Upgrade Guide for earlier shipments of the BusinessScenarios of an SAP solution.
Target group:
Technology consultants and project teams for upgrades.
Current version:
Located in SAP Service Marketplace at service.sap.com/instguides
Component Upgrade GuideThe Component Upgrade Guide describes the technical upgrade of an SAP component,taking into account the combinations of operating systems and databases. It does notdescribe any business-related configuration.
Target group:
Technology consultants, and project teams for upgrades.
Current version:
Located in SAP Service Marketplace at service.sap.com/instguides
Release NotesRelease notes are documents that contain short descriptions of new features or changes inan SAP component since the previous release. Release notes about ABAP developmentsenable the SAP system to generate delta and upgrade IMGs.
Target group:
Consultants and project teams for upgrades.
Current version:
Located in SAP Service Marketplace at service.sap.com/ releasenotes and in theSAP menu of the SAP system under Help Release information.