Beruflich Dokumente
Kultur Dokumente
1 Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1 About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
2 Installation Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1 Important SAP Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Implementation Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Post Installation Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SAP Fiori Launchpad Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Transport. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.3 Integration with Bank Analyzer/Insurance Analyzer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3 Upgrade Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5 Operations Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.1 Delete Temporary Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.2 Generate Functions/ Mass Generation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.3 Execute Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
6 Security Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6.1 User Administration and Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6.2 User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6.3 User Data Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6.4 Integration into Single Sign-On Environments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6.5 Authorizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
6.6 Session Security Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
6.7 Network and Communication Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
6.8 Communication Channel Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
6.9 Network Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
6.10 Communications Destinations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
6.11 Data Protection and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
This guide is the central source of information for the technical implementation of SAP Profitability and
Performance Management.
● Installation information
● Overview of the installation components and the sequence in which they are installed, as described in
detail in the Release Strategy Note 2174298 .
● Operation information
● Security information
2.2.1 Planning
SAP Profitability and Performance Management is based on the SAP HANA appliance software, in particular
the SAP HANA database, and SAP NetWeaver.
The SAP HANA database must be available and configured with the latest revision of the current support
package – at least the revision specified in the release note – before starting the installation of the application.
For more information about the latest revisions to the SAP HANA database, see the SAP HANA Master Guide
(Installation of SAP HANA) or SAP HANA Master Update Guide (update of SAP HANA) in the Related
Information section below.
When you install SAP Profitability and Performance Management 3.0, you have the following options:
● Option 1 – Install SAP Profitability and Performance Management on a plain NetWeaver 750 instance.
Minimum requirements:
○ SAP NetWeaver 750 (minimum SP10)
○ SAP S/4HANA 1.0 (minimum SPS12) or SAP S/4HANA 2.0 minimum SPS03)
● Option 2 - Install SAP Profitability and Performance Management 3.0 in the same instance as SAP S/
4HANA. Minimum requirements:
○ SAP S/4HANA (minimum SAP S/4HANA 1709 FPS01 or SAP S/4HANA 1809)
○ SAP HANA 1.0 (minimum SPS12) or SAP S/4HANA 2.0 (minimum SPS03)
● Option 3 - Install SAP Profitability and Performance Management 3.0 in the same instance as BW/4HANA.
Minimum requirements:
○ SAP BW/4HANA (minimum version BW/4HANA 1.0 SP07)
○ SAP S/4HANA 1.0 (minimum SPS12) or SAP S/4HANA 2.0 (minimum SPS03)
● The user interface is built using Web Dynpro ABAP. The underlying database for SAP Profitability and
Performance Management is SAP S/4HANA. The database is accessed by the SAP NetWeaver application
server using Open SQL or the ABAP Database Connectivity (ADBC) interface. Therefore, only SAP
NetWeaver user management is required.
The minimum system requirements for SAP Profitability and Performance Management are SAP HANA 1.0 SPS
12 and SAP NetWeaver 7.5 SP 10.
You can choose one of the following options to deploy SAP Profitability and Performance Management:
● In a plain NetWeaver 750 instance. For this option, the minimum system requirements are SAP HANA 1.0
SPS 12 or SAP HANA 2.0 SPS 03 and Netweaver 750 SP 10.
● In the same instance as S/4HANA. For this option, the minimum system requirements are SAP HANA 1.0
SPS 12 or SAP HANA 2.0 SPS 03 and S/4HANA 1709 FPS 01 or S/4HANA 1809.
● In the same instance as BW/4HANA. For this option, the minimum system requirements are SAP HANA 1.0
SPS 12 or SAP HANA 2.0 SPS 03 and BW/4HANA 1.0 SP 07.
Related Information
For more information about individual component details, see Preparation [page 7].
2.2.2 Preparation
Prerequisites
You have to request the installation DVD for SAP Profitability and Performance Management 3.0 from your
responsible SAP subsidiary (material number: 51052873).
Based on the deployment option you choose, your system contains the respective components and support
packages as described below:
1. Components
Your system contains the following components and support packages if you are deploying it in a plain
NetWeaver 750 instance:
○ SAP_ABA 750
○ SAP_BASIS 750
1. Components
Your system contains the following components if you are deploying it in the same instance as SAP S/
4HANA (SAP S/4HANA 1709FPS01 or SAP S/4HANA 1809):
○ SAP_ABA75C or SAP_ABA75D
○ SAP_BASIS752 or SAP_BASIS753
○ SAP_UI752 or SAP_UI753
○ SAP_BW752 or SAP_BW753
○ S4FND102 or S4FND103
○ S4CORE102 or S4CORE103
2. Support packages
Your system contains the following components if you are deploying it in the same instance as SAP S/
4HANA:
○ SAP_ABA 75C minimum SP01, SAPK-75C01INSAPABA
○ SAP_BASIS 752 minimum SP01, SAPK-75201INSAPBASIS
○ SAP_UI 752 minimum SP02, SAPK-75202INSAPUI
○ SAP_BW 752 minimum SP01, SAPK-75201INSAPBW
○ S4FND 102 minimum SP01, SAPK-10201INS4FND
○ S4CORE 102 minimum SP01, SAPK-10201INS4CORE
3. You have imported the latest SPAM/SAINT update (if required).
4. Import the latest R3trans and tp.
1. Components
Your system contains the following components if you are deploying it in the same instance as BW/4HANA
(BW/4HANA 1.0 SP07):
○ SAP_ABA75A
○ SAP_BASIS 750
○ SAP_UI752
○ DW4CORE100
2. Support packages
Your system contains the following components if you are deploying it in the same instance as BW/4HANA:
○ SAP_ABA 75A minimum SP10, SAPK-75A10INSAPABA
Procedure
Related Information
2.2.3 Installation
Context
Procedure
1. Log on to your SAP system in client 000 as a user with SAP_ALL rights.
2. Start the installation.
After the successful installation of SAP Profitability and Performance Management, perform the following steps
before making any Customizing settings or installing sample Business Content:
Procedure
1. Set namespace /NXI/ and its corresponding BW generation namespace /B108/ to Changeable:
1. Call up transaction SE03 Administration folder and choose Set System Change Option.
2. Within the Namespace/Name Range box, locate the namespace with prefix “/B108/” and set it to
Modifiable.
3. Within the Namespace/Name Range box, locate the namespace with prefix “/BIC/” and set it to
Modifiable.
4. Within the Namespace/Name Range box, locate the namespace with prefix “/NXI/” and set it to
Modifiable.
5. Within the Namespace/Name Range box, locate the namespace/name range “Customer name range”
and set it to Modifiable.
6. Within the Software Component box, locate the software component with the technical name “HOME”
and set it to Modifiable.
7. Within the Software Component box, locate the software component with the technical name “LOCAL”
and set it to Modifiable.
8. Save your entries.
2. Set /B108/ as the BW generation namespace for /NXI/ namespace:
1. Call up transaction SE16.
2. 2. Input table RSPSPACE.
3. Choose Create and an empty line appears in the BW Partner Namespaces box.
4. Enter “/NXI/” in the NAMESPACE field, “/B108/” in the NSPACEGEN (Namespace for generated objects)
field, “BW” in the BWAPPL (BW Application) field and enter “X” under ACTIVE (Flag: Object is active/
useable) .
5. Save your entry.
Note
These namespaces need to be set to modifiable in all systems of the landscape for the generation of
SAP Profitability and Performance Management functions to work properly.
In general, the activation of functions in the modeling environment triggers the generation of certain
ABAP, BW and HANA artifacts. In the upstream systems (like quality and production systems) this
happens automatically during the after-import execution of a transport.
Please note that even though these namespaces are set to modifiable, no changes by users in the
upstream systems are possible, as long as the client is locked for changes in the SCC4 client settings. In
other words, no user would able to log in and make changes to these namespaces.
Procedure
The database connection name has to be specified within the environment settings in SAP Profitability and
Performance Management. The database connection name used within the delivered sample content is
DBCON. To ensure that the activation of the sample content is successful, we recommend that you create a
database connection with the same name. We also recommend that you use a generic name for the database
connection (rather than a system-ID-specific database connection name) and that you use the same name for
all systems in your landscape (development, test and production). You can then move transport requests from
the SAP Profitability and Performance Management environment or its functions between the levels of your
system landscape without running into issues.
When you create the DBCON database connection, use the database connection user that was used to create
the primary database connection (usually the default SAP<System_ID> and links to the default SAP schema on
SAP HANA DB).
For more information about creating database connections, see Add a Database Connection in the Related
Information section below.
Related Information
Use transaction SM59 to create an RFC destination “<System_ID>CLNT<Client>” (for example, PER CLNT100,
where PER is the system ID and 100 is the client on which you want to configure SAP Profitability and
Performance Management functions). The user specified in this RFC destination should be assigned to the
modeling user role since the system uses this user to trigger the transport after import generation in SAP
Profitability and Performance Management. All authorizations as specified in the SAP Profitability and
Performance Management delivered modeling role /NXI/P1_MODELING_USER_ALL should be assigned to the
RFC connection user.
You need to do this for every client in the system that uses SAP Profitability and Performance Management.
If the RFC destination has already been created, execute the following steps to check whether the RFC
connection user has the correct authorization:
Related Information
Before operating SAP Profitability and Performance Management, set the number range intervals for the
following number range objects using transaction SNRO. Ensure that you enter “01” in the No. column (not just
1).
● /NXI/1FID: Function ID
● /NXI/1BID: Generated BW Objects
● /NXI/1OID: ODS View ID
● /NXI/1CID: Generated CDS Views
To ensure that you understand the implications of maintaining number range intervals correctly, see the
Transport [page 32] section.
Note
The number range intervals listed below are reserved for the SAP sample content. To avoid duplicate ID
errors, make sure that the number range intervals listed below are not used. These number range intervals
Number range Intervals reserved for SAP sample content (Do not use these intervals)
You can enter function IDs when you create or copy a function or environment. Modeling users can enter the
identifier of the functions in the same way as they do in Customizing rather than a generated number from the
configured number range interval. The system makes a suggestion based on a new reduced length number
range interval (new reduced length number range object /NXI/NFID). The modeling user can replace this
with another value as required.
In SAP Profitability and Performance Management, the environment ID is three characters long and has to be
entered manually (for example ZCA, ZFT and so on). The version ID is also mandatory and has to be entered
manually (for example 1, 2, 3, and so on). The function ID is now five characters long. A function is now uniquely
identified as a combination of environment ID, version and function ID.
This has to be done for every client in the system where SAP Profitability and Performance Management will be
used.
For more information about number range intervals, see Intervals in the Related Information section below.
Related Information
Intervals
Context
If you intend to import the sample content or use SAP Profitability and Performance Management with a record
length greater than 4030, execute the following steps:
Procedure
Context
Procedure
1. Create a new client (note that a BW client cannot be set up in client 000) or use the existing client as the
Tool BW client and assign a logical system to it using transaction SCC4.
2. Create a background user in the BW client using transaction SU01.
3. Assign the following roles and profiles to the background user:
○ S_BI-WHM_RFC (profile)
○ S_BI-WX_RFC (profile)
When you start RSA1 for the first time, you need to make some initial settings. When you do this, the
system displays some message dialog boxes. Confirm all of these.
Note that in SAP BW/4HANA systems, Deep HANA Integration is switched on by default. You can go to SE11
and put table name RSPLS_HDB_ACT to see entries.
Procedure
Procedure
Procedure
Context
Semantic objects are delivered in the underlying SAP_UI component SPs and the semantic object of SAP
Profitability and Performance Management will be delivered in SAP_UI 750 SP12. If your system is already
patched to SAP_UI 750 SP12, the semantic object of SAP Profitability and Performance Management is
automatically available.
Note
If your system is on SAP_UI 750 SP10 or SAP_UI 750 SP11, you need to create the semantic object of SAP
Profitability and Performance Management in every system where you want to use the SAP Fiori apps for
SAP Profitability and Performance Management.
Procedure
Create an SAP system alias as per the steps described under SAP System Alias (see Related Links below) for
the SAP Gateway in your system landscape. The minimum requirement is that you create a system alias named
“LOCAL” (flagged as a Local SAP GW).
Related Information
Context
The SAP system alias created in the previous step has to be assigned to all NXI services.
Procedure
1. Launch transaction code SPRO and open the SAP Reference IMG.
2. Navigate to SAP Netweaver SAP Gateway OData Channel Administration General Settings
Assign SAP System Aliases to OData Service .
3. Make entries for the service doc. identifiers listed below and ensure that you assign the SAP system alias to
each of the services. If you do not have a separate gateway system, enter at least LOCAL.
○ /NXI/CP1_FW_ACT_CDS_0001
○ /NXI/CP1_FW_ACT_SEL_CDS_0001
○ /NXI/CP1_FW_EVENT_CDS_0001
○ /NXI/CP1_FW_MOD_CDS_0001
○ /NXI/CP1_FW_PRCS_CDS_0001
○ /NXI/CP1_FW_REP_CDS_0001
○ /NXI/CP1_FW_RUN_CDS_0001
○ /NXI/CP1_FW_STAT_F_KPI_SEL_CDS_0001
○ /NXI/CP1_FW_TEAMS_CDS_0001
○ /NXI/CP1_STAT_EXEC_KPI_SEL_CDS_0001
○ /NXI/P1_AUDITTRAIL_SRV_0001
Related Information
Context
Valid when patching to SAP Profitability and Performance Management 3.0 SP04 onwards:
An enhanced UI for models with sync and mapping functionalities is available. Run the migration report /NXI/
P1_MIGRATE_MODELS to activate functions configured with the old UI.
Procedure
1. Go to transaction SE38.
2. Provide program name as /NXI/P1_MIGRATE_MODELS.
3. Press F8 to execute the programm.
4. In the selection screen, leave the environment, version and function type blank.
5. Press F8 to execute the report.
Context
To enable individual users to use Processes Manage & Deploy, you need to assign them to a user group. To
create a user group, proceed as follows:
Procedure
Related Information
If you intend to use the Dual Control functionality (with performers and reviewers) when you run processes or
activities, you need to set up the basic workflow or check that this has already been done.
For more information about the basic workflow setup, see Automatic Workflow Customizing (section Activities)
in the Related Information section below.
Related Information
Context
2608699 Selection screen issue in FPM/ABAP You can skip this if you have SAP_UI
Webdynpro (SAP_UI) 750 SP 12 on your system.
2548134 Context menu icon issue in ABAP Web You can skip this if you have SAP_UI
dynpro (SAP_UI) 750 SP 11 on your system.
2603503 Open ODS view issue in NetWeaver BW You can skip this if you have SAP_BW
(SAP_BW) 750 SP 12 on your system.
2541603 Incorrectly scaled values in analytical You can skip this if you have SAP_BW
chart UIBB in NetWeaver BW 750 SP 10 or BW/4HANA SP07 on your
(SAP_BW) or BW/4HANA system.
2667234 “Dump in Analytical Chart UIBB” issue You can skip this if you have SAP_BW
in NetWeaver BW (SAP_BW) or BW/ 750 SP 13 or BW/4HANA SP10 on your
4HANA system.
2678636 “BICS Grid: Hidden Key Figures Cannot You can skip this if you have SAP_BW
be Added to Chart” issue in NetWeaver 750 SP 13 or BW/ 4HANA SP10 on your
BW (SAP_BW) or BW/4HANA system.
2680631 “Dialog Component: Text for Cancel You can skip this if you have SAP_UI
Button is not applied” issue in FPM/ 750 SP 14 on your system.
ABAP Webdynpro (SAP_UI)
2679929 “APC for FPM Events: Void Space at the You can skip this if you have SAP_UI
Page Bottom” issue in FPM/ABAP Web 750 SP 14 on your system.
dynpro (SAP_UI)
2625337 “APC for FPM Events causes Messages You can skip this if you have SAP_UI
to disappear” issue in FPM/ABAP Web 750 SP 12 on your system.
dynpro (SAP_UI)
2667520 “BICS Grid: Query Initialization” issue in You can skip this if you have SAP_BW
NetWeaver BW (SAP_BW) or BW/ 750 SP 13 or BW/4HANA SP10 on your
4HANA system.
2680398 “Chart UIBB: Personalized Chart Type is You can skip this if you have SAP_UI
not persisted for Dynamic Feeder” is 750 SP 14 on your system.
sue in FPM/ABAP Webdynpro (SAP_UI)
2597993 “UIBB Analytical Chart: Incorrect Chart You can skip this if you have SAP_UI
Type” issue in FPM/ ABAP Webdynpro 750 SP 12 on your system.
(SAP_UI)
2625337 “APC for FPM Events causes Messages You can skip this if you have SAP_UI
to disappear” issue in FPM/ABAP Web 750 SP 12 on your system.
dynpro (SAP_UI)
2662219 “FPM Analytics UIBB: Enabling of Hier You can skip this if you have SAP_BW
archy (Context Menu)” issue in Net 750 SP14 or BW/4HANA SP12 on your
Weaver BW (SAP_BW) system.
2727684 “BICS Grid : Value help for new line in You can skip this if you have SAP_BW
empty grid” issue in NetWeaver BW 750 SP14 or BW/4HANA SP12 on your
(SAP_BW) or BW/4HANA system.
Procedure
1. Log on to the SAP HANA database of your system within the SAP HANA Studio.
2. Open the SQL console.
3. Execute the statement “CREATE SCHEMA NXI;” to create the NXI schema.
For more information about executing statements in the SQL console of SAP HANA Studio, see Execute
SQL Statements in SAP HANA Studio in the Related Information section below.
Related Information
Procedure
1. Log on to the SAP HANA database of your system within SAP HANA Studio.
2. In the security folder, open the database connection user (database connection user maintained while
creating the database connection DBCON).
3. Go to the Object privileges tab.
For more information about object privileges, see Object Privileges in the Related Information section
below.
4. Choose Add.
5. Enter the schema NXI.
6. Select all the checkboxes in the Privileges for 'NXI' box.
7. Deploy (F8).
Related Information
Object Privileges
Procedure
1. Log on to the SAP HANA database of your system within SAP HANA Studio.
2. In the security folder, open the _SYS_REPO user.
3. Go to the Object privileges tab.
4. Choose Add.
5. Enter the schema NXI.
6. Select at least the “SELECT”, “SELECT CDS METADATA”,“ SELECT METADATA” and“EXECUTE”
checkboxes in the Privileges for '_SYS_REPO' box.
Procedure
1. Log on to the SAP HANA database of your system within SAP HANA Studio.
2. In the security folder, open the database connection user (the database connection user defined when the
database connection DBCON was created).
3. Go to the Object Privileges tab.
Note
For more information about object privileges, see Object Privileges in the Related Information section
below.
4. Choose Add.
5. Enter the schema _SYS_BIC.
6. Select all the checkboxes in the Privileges of '_SYS_BIC' box.
7. Deploy (F8).
Related Information
Object Privileges
Procedure
1. Log on to the SAP HANA database of your system within SAP HANA Studio.
2. In the security folder, open the _SYS_REPO user.
3. Go to the Object privileges tab.
For more information about object privileges, see Object Privileges in the Related Information section
below.
4. Choose Add.
5. Enter the default SAP system schema (usually the database connection user maintained while creating the
database connection DBCON).
6. Select at least the “SELECT”, “SELECT CDS METADATA”, “SELECT METADATA” and “EXECUTE”
checkboxes in the Privileges for '_SYS_REPO' box.
7. Deploy (F8).
Related Information
Object Privileges
Context
If you intend to use the upload/download function of the Model Table function, you need to adjust the following
parameters in the SAP HANA database:
Procedure
1. Log on to the SAP HANA database of your system within the SAP HANA studio.
Context
If you intend to use the Virtual Table/View via HANA SDA function in the Model View, you need to grant the
following system privileges for the SAP DB connection user in the SAP HANA database:
Procedure
1. Log on to the SAP HANA database of your system within SAP HANA Studio.
2. In the Security folder, open the database connection user (database connection user maintained while
creating the database connection DBCON).
3. Go to the System Privileges tab.
4. Choose Add.
5. Enter system privileges:
○ CATALOG READ
○ CREATE REMOTE SOURCE
○ DATA ADMIN
6. Deploy (F8).
Procedure
1. Log on to the SAP HANA database of your system within the SAP HANA studio.
2. In the modeler perspective, go to Help in the menu bar and select Quick View.
3. Choose Schema Mapping.
4. Add a new schema mapping entry in this table with authoring schema name NXIAUTH and physical
schema name NXI.
5. Add a new schema mapping entry in this table with authoring schema name SYSBIC and physical schema
name _SYS_BIC.
Procedure
1. Create an SAP HANA source system as per the steps described under SAP HANA Source System (see the
Related Links section below) for the schemas <your SAP SID schema> (for example, SAPIAD) and
_SYS_BIC.
Results
Note
If you configure the Model Table functions and Model View functions in the environments of SAP
Profitability and Performance Management to point to sources from other schemas, you also have to carry
out the steps listed above for every schema.
Context
If you intend to use the File Adapter function, you need to grant the following system privileges to the SAP DB
connection user in the SAP HANA database:
Procedure
1. Log on to the SAP HANA database of your system within SAP HANA Studio.
2. In the Security folder, open the database connection user (database connection user maintained while
creating the database connection DBCON).
3. Go to the System Privileges tab.
4. Choose Add.
5. Enter system privileges:
○ IMPORT
○ EXPORT
6. Deploy (F8).
Context
If you intend to use the SAP HANA R Script function type in the Remote Function Adapter, you need to grant the
system privilege “CREATE R SCRIPT” to the SAP DB connection user in the SAP HANA database.
1. Log on to the SAP HANA database of your system within SAP HANA Studio.
2. In the Security folder, open the database connection user (database connection user maintained while
creating the database connection DBCON).
3. Go to the System Privileges tab.
4. Choose Add.
5. Enter system privilege CREATE R SCRIPT.
6. Deploy (F8).
If you intend to use the function Machine Learning, you need to install SAP HANA Automated Predictive Library
(APL) 1904 in the SAP HANA database.
Related Information
Context
The steps in this section have to be executed in SAP NetWeaver. This has to be done for every client in the
system where SAP Profitability and Performance Management will be used.
Procedure
You can enable SAP Fiori launchpad applications for SAP Profitability and Performance Management by
assigning the corresponding standard navigation roles:
1. The /NXI/P1_FIORI_USER – FIORI user is mandatory (it covers all FS-PER SAP Fiori catalogs)
2. All or any of the following roles (which contain the SAP Fiori catalog group and the relevant authorization):
Even after assigning these SAP Fiori roles to users, if the SAP Fiori catalog/tiles in a system client are missing,
please follow the following steps:
1. In the affected client (for example 010), copy client-specific environments of the NXI300 delivery piece
list/delivery transport (SAPK-300AGINNXI and SAPK-30001INNXI) from source client “000” using
transaction SCC1. This will copy over the catalogs/groups from client “000”.
2. Execute the following reports in transaction SE38 to refresh SAP Fiori caches:
1. /UI2/CHIP_SYNCHRONIZE_CACHE
2. CHIP_RESET_CATALOG_CACHE
3. /UI2/INVALIDATE_GLOBAL_CACHES
Note
Note that there is a known limitation with SAP Profitability and Performance Management that the Fiori
apps cannot be used via a gateway server and have to be used locally (in the system where SAP Profitability
and Performance Management is installed).
Related Information
2.2.6 Transport
If you choose to use the finance and risk data model (Source Data Layer, Result Data Layer and so on from SAP
Insurance Analyzer or SAP Bank Analyzer), you can integrate SAP Bank Analyzer or SAP Insurance Analyzer
into SAP Profitability and Performance Management. Access to the SDL/RDL data will be provided by the SAP
HANA views generated by SAP Bank Analyzer or SAP Insurance Analyzer. In addition, if you choose to write
data to the RDL, both SAP Profitability and Performance Management and SAP Insurance Analyzer or SAP
Bank Analyzer must be installed on the same system.
If you are already using SAP Performance Management for Financial Services 2.0 (any of the SPs), you can
upgrade to SAP Profitability and Performance Management 3.0 and continue to use your existing
configurations, since these releases are cross-compatible.
Note
SAP Profitability and Performance Management 3.0 can be installed and used in parallel with an existing
SAP Performance Management for Financial Services 2.0. In this case, you will find the SAP Performance
Management for Financial Services 2.0 transactions on the SAP Easy Access menu in the folder Earlier
Version. Please be aware that these are two separate solutions.
Existing environments that have been configured in SAP Performance Management for Financial Services
2.0 can therefore still stay in 2.0 and be used in production. New models can be configured in parallel and
used in production in SAP Profitability and Performance Management 3.0. Automatic migration of SAP
Performance Management for Financial Services 2.0 environments to SAP Profitability and Performance
Management 3.0 environments is not possible and not supported. If you intend to move your existing SAP
Performance Management for Financial Services 2.0 environment to SAP Profitability and Performance
Management 3.0 environment, you will have to re-configure your environment in SAP Profitability and
Performance Management 3.0.
Read the following sections in this Administrator's Guide before you start your upgrade to the latest release:
If you want to carry out a pure add-on delta upgrade (if you are upgrading from SAP Cost and Revenue
Allocation for Financial Products 1.0 based on NetWeaver 750 or SAP Performance Management for Financial
Services 2.0 SP02) to SAP Profitability and Performance Management 3.0, you can use transaction SAINT
(SAP Add-On Installation Tool).
If you are upgrading from SAP Cost and Revenue Allocation for Financial Products 1.0 based on NetWeaver 740
to SAP Profitability and Performance Management 3.0, we recommend that you use Software Update Manager
(SUM).
SAP Profitability and Performance Management sample content is example configuration made available to
customers to demonstrate best practices and ideas about how to model a use case using SAP Profitability and
Performance Management.
The following standalone sample content is delivered as part of SAP Profitability and Performance
Management 3.0 SP06:
To install any of the standalone sample content, see Install the Standalone Content in Other SAP Profitability
and Performance Management Clients in Your System [page 36].
The following Finance and Risk Data Platform integrated sample content was delivered as part of SAP
Profitability and Performance Management 3.0 SP05:
To install the Finance and Risk Data Platform integrated Estimated Cash Flow Preparation sample content, see
Install the Finance and Risk Data Platform Integrated Estimated Cash Flow Preparation Sample Content in
Other SAP Profitability and Performance Management Clients in Your System [page 40].
After the installation of or upgrade to SAP Profitability and Performance Management 3.0 SP05, sample
content is available in client “000” only. The environment ID with prefix “S” is reserved for the SAP sample
content. Make sure that you do not configure or create environments with an environment ID with “S” as the
first character.
Context
Execute the following steps to install the standalone content in other SAP Profitability and Performance
Management clients in your system.
To install the contents in other clients, the installation or upgrade delivery request has to be copied to the
respective clients.
Procedure
2650979 Sample Content for High Tech Profitability and Cost Man
agement
2685576 Sample Content for Oil and Gas Profitability and Cost
Management
Related Information
Context
Execute the following steps to install the Finance and Risk Data Platform integrated Estimated Cash Flow
Preparation sample content in other SAP Profitability and Performance Management clients in your system.
To install the contents in other clients, the installation or upgrade delivery request has to be copied to the
respective clients.
Procedure
In addition to the business functions available using the Web Dynpro UI, SAP Profitability and Performance
Management also provides some SAP GUI transactions. These can be found under Tools in the SAP Easy
Access menu. These transactions are utility reports that help you with operational tasks in SAP Profitability and
Performance Management. These transactions are described in the following sections.
Related Information
The results of executing functions are stored temporarily (for buffering reasons) in the respective Y tables of
the functions. You can run transaction /NXI/P1_FW_DEL_TDATA to delete this data from the Y tables. You can
enter environment, version and function in this temporary data deletion transaction.
Note
If you select the Delete Transport Data checkbox to delete transport data, related transport data records
(DB table /NXI/TP0FTRDATA) are deleted as well.
Usually, you configure and generate functions using the SAP Profitability and Performance Management Web
Dynpro UI.
However, if you want to generate a function with a cascading effect to include functions that are used by the
selected function for generation as well, use transaction /NXI/P1_FW_ACTIVATE - Activate Function.
Usually you configure and execute functions using the SAP Profitability and Performance Management Web
Dynpro UI.
However, if you want to schedule a function in batch mode, run transaction /NXI/P1_FW_RUN - Run Function.
This section contains security-relevant information for SAP Profitability and Performance Management. We
recommend that you read the fundamental security guides listed below.
Pay particular attention to the most relevant sections or specific restrictions as indicated in the table below.
SAP Profitability and Performance Management uses the user management and authentication mechanisms
provided with the SAP NetWeaver platform, in particular the SAP NetWeaver Application Server ABAP.
Therefore, the security recommendations and guidelines for user administration and authentication as
described in the SAP NetWeaver Application Server ABAP Security Guide [SAP Library] also apply to SAP
Profitability and Performance Management.
In addition to these guidelines, we include information about user administration and authentication that
specifically applies to the SAP Profitability and Performance Management application in the following topics:
User management for SAP Profitability and Performance Management uses the mechanisms provided with the
SAP NetWeaver Application Server (ABAP). For example, tools, user types, and password policies. For an
overview of how these mechanisms apply to SAP Profitability and Performance Management, see the following
sections in this Administrator's Guide. In addition, we provide a list of the standard users required for operating
SAP Profitability and Performance Management.
Tools Description
User maintenance for ABAP-based systems (transaction For more information about the authorization objects pro
SU01) vided by SAP Profitability and Performance Management,
see the relevant component in the section Authorizations
[page 46].
Role maintenance with the profile generator for ABAP-based For more information about the roles provided by SAP
systems (PFCG) Profitability and Performance Management, see the relevant
component in the section Authorizations [page 46].
Central User Administration (CUA) for the maintenance of Use CUA to centrally maintain users for multiple ABAP-
multiple ABAP-based systems based systems. Synchronization with a directory server is
also supported.
Organization of user groups (transaction SUGR) Use transacton SUGR to organize user groups (for example,
Performer and Reviewer) when you want to work with proc
esses and activities (including applications such as My
Activities, Processes, My Events ) in line with the principle of
dual control.
By synchronizing user data, you can reduce effort and expense in the user management of your system
landscape. Since SAP Profitability and Performance Management is based on SAP NetWeaver, you can use all
of the mechanisms for user synchronization in SAP NetWeaver here.
Related Information
SAP Profitability and Performance Management supports the single sign-on (SSO) mechanisms provided by
SAP NetWeaver. Therefore, the security recommendations and guidelines for user administration and
authentication as described in the SAP NetWeaver Security Guide also apply.
For more information about the available authentication mechanisms, see User Authentication and Single Sign-
On [SAP Library] in the SAP NetWeaver Library.
6.5 Authorizations
SAP roles and authorizations are used to control access to the various SAP Profitability and Performance
Management functions.
The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For
role maintenance, you use the profile generator (transaction PFCG) on the AS ABAP.
In addition, granular authorizations are maintained via authorization object /NXI/P1F using the following
authorization fields:
1. /NXI/P1ENV
This attribute defines the environment, for which the authorization is maintained.
2. /NXI/P1VER
This attribute defines the environment version, for which the authorization is maintained.
3. /NXI/P1PCU
This attribute defines the calculation unit, for which the authorization is maintained.
4. /NXI/P1FTY
This attribute defines the function type, for which the authorization is maintained.
5. /NXI/P1FID
This attribute defines the function id, for which the authorization is maintained.
6. /NXI/P1ACT
This attribute defines, for which action the authorization is maintained. The following values are allowed:
1. “Create (01)”
2. “Display (03)”
3. “Delete (06)”
4. “Activate (07)”
5. “Execute (16)”
6. “Transport (21)”
7. “Edit (23)”
8. “Merge (46)”
9. “Analyse (71)”
10. “Remove (75)”
11. “Copy (90)”
12. “Overwrite (94)”
To enable users to use the Processes Manage & Deploy application, you need to assign a PaPM user group to
individual users.
Note
1. You can check all the available user groups or teams and assign them to individual users in
transaction /NXI/P1_TEAM – Teams: Manage Team Users app
2. As a minimum requirement, users must be assigned to the generic PaPM user group “PAPM”
3. To use the workflow (dual control) functions, in addition to the generic PaPM user group, individual
users must also be assigned to specific groups or teams (for example, PERFORMER and/or
REVIEWER).
To increase security and prevent access to the SAP logon ticket and security session cookies, we recommend
that you activate secure session management. We also highly recommend using SSL to protect the network
communications where these security-relevant cookies are transferred.
The following section is relevant for Project Workspace and Project Cost and Revenue Planning in SAP
NetWeaver Business Client:
To prevent access in JavaScript or plug-ins to the SAP logon ticket and security session cookies
(SAP_SESSIONID_<sid>_<client>), activate secure session management. With an existing security
session, users can then start applications that require a user logon without logging on again. When a security
session is ended, the system also ends all applications that are linked to this security session.
Use the transaction SICF_SESSIONS to specify the following parameter values shown in the table below in
your AS ABAP system:
icf/set_HTTPonly_flag_on_cookies 0 Client-dependent
Your network infrastructure is extremely important in protecting your system. Your network needs to support
the communication necessary for your business needs without allowing unauthorized access.
A well-defined network topology can eliminate many security threats based on software flaws (both on the
operating system and application level) or network attacks such as eavesdropping. If users cannot log on to
your application or database servers at the operating system or database layer, then there is no way for
intruders to compromise the machines and gain access to the backend system’s database or files. In addition,
if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and
security holes in network services on the server machines.
The network topology for SAP Profitability and Performance Management is based on the topology used by the
SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP
For more information, see the following sections in the SAP NetWeaver Security Guide in the Related
Information section:
Related Information
The table below shows the communication channels used by Project Workspace and Project Cost and Revenue
Planning, the protocol used for the connection, and the type of data transferred.
Application server to third- HTTPS System ID, client, and host System information (that is,
party application name host name)
DIAG and RFC connections can be protected using Secure Network Communications (SNC). HTTP
connections are protected using the Secure Sockets Layer (SSL) protocol.
For more information, see Transport Layer Security in the SAP NetWeaver Security Guide.
For information about network security for SAP NetWeaver, see the SAP NetWeaver Security Guide. The
minimum security demand for your network infrastructure is the use of a firewall for all your services that are
provided over the internet. A more secure variant is to protect your systems (or groups of systems) by locating
the system groups in different network segments. Each system group has a firewall that protects it from
unauthorized access. External security attacks can also come from the inside, if the intruder has already taken
control of one of your systems.
Related Information
For information about access control using firewalls, see Using Firewall Systems for Access Control.
The use of users and authorizations in an irresponsible manner can pose security risks. Follow the security
rules below when communicating with other systems:
Data protection is associated with numerous legal requirements and privacy concerns. In addition to
compliance with general data protection and privacy acts, it is necessary to consider compliance with industry-
specific legislation in different countries. SAP provides specific features and functions to support compliance
with regard to relevant legal requirements, including data protection. SAP does not give any advice on whether
these features and functions are the best method to support company, industry, regional, or country-specific
requirements. Furthermore, this information should not be taken as advice or a recommendation regarding
additional features that would be required in specific IT environments. Decisions related to data protection
must be made on a case-by-case basis, taking into consideration the given system landscape and the
applicable legal requirements.
Note
SAP does not provide legal advice in any form. SAP software supports data protection compliance by
providing security features and specific data protection-relevant functions, such as read access logging
and deletion of personal data. In many cases, compliance with applicable data protection and privacy laws
will not be covered by a product feature. Definitions and other terms used in this document are not taken
from a particular legal source. The extent to which data protection is supported by technical means
depends on secure system operation. Network security, security note implementation, adequate logging of
system changes and appropriate usage of the system are the basic technical requirements for compliance
with data privacy legislation and other legislation.
Some basic requirements that support data protection are often referred to as technical and organizational
measures (TOM). The following topics are related to data protection and require appropriate TOMs:
● Access control: Authentication features as described in User Administration and Authentication [page 44].
● Authorizations: Authorization concept as described in Authorizations [page 46] to ensure secure access to
data.
The possibility of sensitive data being processed in SAP Profitability and Performance Management depends
on your specific implementation. You decide what kind of data can be processed by SAP Profitability and
Performance Management. It is strongly recommended that you do not feed person related data into SAP
Profitability and Performance Management. If you still choose to process person related data in SAP
Profitability and Performance Management then it is recommended to de-personalize (pseudonymize/
anonymize) such data on your own before feeding it into SAP Profitability and Performance Management. You
should enforce secure access to data using the authorization concept described in the earlier sections. It is
also strongly recommended to run the temporary table data deletion report which clears data from the SAP
Profitability and Performance Management temporary tables from time to time (see section Delete Temporary
Data [page 42]).
If you process person related data in anyway, you need to make sure that you operate SAP Profitability and
Performance Management in compliance to the relevant data privacy regulations. Particularly, requirements
like personal data consent management, personal data read access logging, information about existing person
related data, logging changes on person related data and erasure of personal data.
6.11.1 Glossary
Term Definition
Consent The action of the data subject confirming that the usage of
his or her personal data shall be allowed for a given purpose.
A consent functionality allows the storage of a consent re
cord in relation to a specific purpose and shows if a data
subject has granted, withdrawn, or denied consent.
End of business Date where the business with a data subject ends, for exam
ple, the order is completed, the subscription is canceled, or
the last bill is settled.
End of purpose (EoP) End of purpose and start of blocking period. The point in
time when the primary processing purpose ends, for exam
ple, a contract is fulfilled.
End of purpose (EoP) check A method of identifying the point in time for a data set when
the processing of personal data is no longer required for the
primary business purpose. After the EoP has been reached,
the data is blocked and can only be accessed by users with
special authorization, for example, tax auditors.
Purpose The information that specifies the reason and the goal for
the processing of a specific set of personal data. As a rule,
the purpose references the relevant legal basis for the proc
essing of personal data.
Residence period The period of time between the end of business and the end
of purpose (EoP) for a data set during which the data re
mains in the database and can be used in case of subse
quent processes related to the original purpose. At the end
of the longest configured residence period, the data is
blocked or deleted. The residence period is part of the over
all retention period.
Retention period The period of time between the end of the last business ac
tivity involving a specific object (for example, a business
partner) and the deletion of the corresponding data, subject
to applicable laws. The retention period is a combination of
the residence period and the blocking period.
Sensitive personal data A category of personal data that usually includes the follow
ing type of information:
Where-used check (WUC) A process designed to ensure data integrity in the case of
potential blocking of business partner data. An application's
where-used check (WUC) determines if there is any depend
ent data for a certain business partner in the database. If de
pendent data exists, this means the data is still required for
business activities. Therefore, the blocking of business part
ners referenced in the data is prevented.
SAP Profitability and Performance Management uses data from operational source systems or systems with
permanent data stores which have actual data lifecycle management objects and is not collecting any data
directly.
Read access logging (RAL) is used to monitor and log read access to sensitive data. Data may be categorized
as sensitive by law, by external company policy, or by internal company policy. Read access logging enables you
to answer questions about who accessed particular data within a specified time frame. Here are some
examples of such questions:
The data processed in SAP Profitability and Performance Management is read from operational source
systems or systems with permanent data stores which have actual data lifecycle management. SAP
Profitability and Performance Management assumes that read access logging is implemented in these source
systems. If you need to track read access directly in the SAP HANA database of SAP Profitability and
Performance Management you can use SAP HANA Audit Trail. If you need to track read access in the
Netweaver Application Server for ABAP of SAP Profitability and Performance Management, you have to
configure Read Access Logging in Netweaver Application Server for ABAP on your own.
Related Information
Data subjects have the right to get information regarding their personal data undergoing processing.
Since the data processed in SAP Profitability and Performance Management is read from operational source
systems or systems with permanent data stores which have actual data lifecycle management, SAP
Profitability and Performance Management assumes that information reporting is implemented in these source
systems. Since SAP Profitability and Performance Management has no permanent data storage, the local
temporary data is deleted regularly and the calculated final results data are written back to the source systems,
the assumption is that the information report has to be implemented in these source systems. If you need
information reporting directly from the SAP HANA database of SAP Profitability and Performance
Management, you can use SQL to retrieve the required information. You can use SAP WebIDE / SAP HANA
runtime tools to create views for the required temporary database tables to fetch the information. If you need
information reporting from the Netweaver ABAP Application Server of SAP Profitability and Performance
Management, you could make use of Information Retrieval Framework solution provided by Netweaver
Application Server for ABAP by implementing/configuring it on your own.
Related Information
Personal data is subject to frequent changes. Therefore, for review purposes or as a result of legal regulations,
it may be necessary to track the changes made to this data. When these changes are logged, you should be
able to check which employee made which change, the date and time, the previous value, and the current
value, depending on the configuration. It is also possible to analyze errors in this way.
Logging changes on person related data is not relevant in SAP Profitability and Performance Management as
data is only read from operational source systems or systems with permanent data stores which have actual
data lifecycle management into SAP Profitability and Performance Management for calculations/processing.
Since SAP Profitability and Performance Management has no permanent data storage, the local temporary
data is deleted regularly and the calculated final results data are written back to the source systems, the
assumption is that change logging has to be implemented in these source systems.
The processing of personal data is subject to applicable laws related to the deletion of this data when the
specified, explicit, and legitimate purpose for processing this personal data has expired. If there is no longer a
legitimate purpose that requires the retention and use of personal data, it must be deleted. When deleting data
in a dataset, all referenced objects related to that data set must be deleted as well. Industry-specific legislation
in different countries also needs to be taken into consideration in addition to general data protection laws. After
the expiration of the longest retention period, the data must be deleted.
Data is read from source systems (which have data lifecycle management objects) into SAP Profitability and
Performance Management for calculations/processing and the results are written back to such systems. So
deletion of personal data has to be performed in such source systems. For the data residing in the temporary
buffer tables of SAP Profitability and Performance Management you have to run the temporary table data
deletion report which clears data from the SAP Profitability and Performance Management temporary tables
(see Delete Temporary Data).
Related Information
SAP Profitability and Performance Management uses the logging and tracing mechanisms of SAP NetWeaver.
SAP NetWeaver security features, such as the Audit Info System and the Security Audit Log help you secure
your system, detect security-relevant events, and reconstruct actions that have taken place in the system.
Related Information
For information about auditing and logging, see Auditing and Logging.
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:
● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such
links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Gender-Related Language
We try not to use gender-specific word forms and formulations. As appropriate for context and readability, SAP may use masculine word forms to refer to all genders.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.