Document History
Version | Changes | Effective Date |
1.0 | First approved version 3Keys CRPT Connector Add-On release 3.0 | 01-Jul-2021 |
1. About This Guide
This guide is the central starting point for the implementation of the 3Keys CRPT Connector Add-On. It explains how to install, uninstall and implement the 3Keys CRPT Connector Add-On and provides security and operations information. Use the Administrator guide to get an overview of 3Keys CRPT Connector Add-On, its software units, and its scenarios from a technical perspective.
2. Installing and Upgrading
This section provides information about how to prepare for installation and what to do before and after the installation of 3Keys CRPT Connector Add-On.
2.1 Software Component Matrix
Software Unit | Installation Package |
SAP Advanced Track and Trace for Pharmaceuticals 3.0 (STTP300) | SAPK-300AGINSTTP |
3Keys CRPT Connector Add-On 3.0 | SAPK-300COINK3T |
3Keys MDLP Connector Java part (on-premises or SaaS) |
|
3Keys ISMT Connector Java part (SaaS) |
|
2.2 Overall Implementation Sequence
The following table describes the overall installation sequence for the 3Keys CRPT Connector Add-On. This table contains all available software units. However, to implement a specific scenario, you only need a subset of available software units. Some are only required for special processes
Step | Action | Remarks |
1 | Installation of SAP Advanced Track and Trace for Pharmaceuticals 3.0 | See SAP Note 2203586 |
2 | Installation of 3Keys CRPT Connector Add-On 3.0 |
|
3 | Activate BC sets offered for 3Keys CRPT Connector Add-On:
| Hint: In case you encounter issues with activation of a BC set please try to activate the BC set multiple times. In most cases the issue will be solved with this. |
3 | Installation of 3Keys MDLP Connector Java part (on-premises or SaaS) | connection to Russia MDLP system |
4 | Installation of 3Keys ISMT Connector Java part (SaaS) | connection to Russia ISMT system |
3. Maintenance and release strategy
The 3Keys CRPT Connector is following the release strategy of SAP ATTP. The updates of the Connector will be provided as workbench transports, after a new SAP ATTP release was published. This is the similar approach as with SAP Notes. A cumulated workbench transport with the full 3Keys CRPT Connector Release Note will be provided 4 times per year (1st Feb, 1st May, 1st Aug, 1st Nov) and includes all changes for the last 3 month.
4. Security Information
This section deals with security topics relevant for the 3Keys CRPT Connector Add-On. The solution is built on an SAP NetWeaver 740 (or higher) and the SAP Advanced Track and Trace for Pharmaceuticals 3.0 system. Therefore, the corresponding security settings also apply to 3Keys CRPT Connector Add-On.
4.1 Other Required Documents for Security
Resource | Where to Find It |
SAP NetWeaver Security Guide | Go to the SAP Help Portal at http://help.sap.com/nw and select the appropriate release. The security guide is in the section Security on the product page. |
SAP Advanced Track and Trace for Pharmaceuticals Security Guide | Go to the SAP Help Portal at https://help.sap.com/viewer/product/SAP_ADVANCED_TRACK_AND_TRACE_FOR_PHARMACEUTICALS/3.0 The security guide is in the section Security in the Administrator’s guide |
4.2 Authorization Concept
This section describes the authorizations available in the 3Keys CRPT Connector Add-On.
The 3Keys CRPT Connector Add-On allows you to make specific authorization settings for all business entities of the solution. The following sections provide information about the authorization concept and the authorization objects used.
In general, authorization checks are executed when searching, displaying, or updating data within the repository system.
4.2.1 Authorization objects for MDLP
4.2.1.1 Authorization objects for MDLP monitor action and document type /K3T/RU001
This authorization object is used to control all MDLP transaction relevant data based on field action
Authorization Field | Authorization Object Settings |
/K3T/RU001 Russia MDLP monitor action | Assign * if role should be able to perform all actions Or assign specific actions 00 Display 01 Display request XML 02 Download request XML 03 Display response XML 04 Download response XML 05 Display AIF messages 06 Download AIF messages 07 Check data 08 Approval 09 Cancel 10 Reset status 11 Show log 12 Send 250-recall message 13 Change approver 14 Reset processing status 15 Repeat message sending 16 Send 251-refusal_sender message 17 Send 252-refusal_receiver message 18 Change Operation date 19 Maintain Missing Data 20 Sequence Check 21 Change Incoming message status 22 Navigate to Cockpit object 23 Update MDLP status 24 Process saved 211 XML 25 Remove 26 Change log 27 Logistic Monitor 28 Recalculate header Qty 30 Software Version |
/K3T/RU002 Russia MDLP document type | Assign * if role should be able to display all MDLP document types Or assign specific MDLP document types, for example: 381 381-move_owner 415 415-move_order 431 431-move_place |
4.2.1.2 Authorization objects for MDLP configuration ID /K3T/RU003
This authorization object is used to control access to MDLP reporting data via transaction /K3T/RU_MONITOR or /K3T/RU_MDLP_LM based on MDLP configuration value
Authorization Field | Authorization Object Settings |
/K3T/RU003 MDLP Configuration ID | Assign * if role should be able to perform all configuration Or assign specific MDLP Configuration ID |
4.2.1.3 Authorization objects for OMS token /K3T/RU004
This authorization object is used to control access to dynamic OMS token data via transaction /K3T/RU_OMS_TOKEN
Authorization Field | Authorization Object Settings |
/K3T/RU004 OMS Token action | 01 Display OMS Token |
4.2.1.4 Authorization objects for Russia MDLP Analytics action /K3T/RU005
This authorization object is used to control access to MDLP Analytic reporting data
Authorization Field | Authorization Object Settings |
/K3T/RU005 Russia MDLP Analytics action | 01 Schedule task 02 Process task 03 Change status 04 Display request 05 Download result 06 Add ZIP response 07 Display MDLP queue 08 Execute task 09 Delete MDLP task |
4.2.1.5 Report / Transaction Authorizations
Authorization checks are run for all transactions or reports with configuration character as follows:
Report | Authorization Object | Authorization Field | Authorization Object Settings |
/K3T/REP_RU_MDLP_210 | /K3T/RU001 | /K3T/RU001 | 23 Update MDLP status |
/K3T/RU_MDLP_IN | /K3T/RU001 | /K3T/RU001 | 24 Process saved 211 XML |
/K3T/RU_MDLP_LM | /K3T/RU001 | /K3T/RU001 | 27 Logistic Monitor |
| /K3T/RU001 | /K3T/RU002 | Selected document types |
| /K3T/RU003 | /K3T/RU003 | Selected configuration ID |
/K3T/RU_MDLP_ MONITOR | /K3T/RU001 | /K3T/RU001 | 01 Display request XML 02 Download request XML 03 Display response XML 04 Download response XML 05 Display AIF messages 06 Download AIF messages 08 Approval 09 Cancel 10 Reset status 11 Show log 12 Send 250-recall messag 13 Change approver 14 Reset processing status 15 Repeat message sending 16 Send 251-refusal_sender message 17 Send 252-refusal_receiver message 18 Change Operation date 19 Maintain Missing Data 20 Sequence Check 21 Change Incoming message status 22 Navigate to Cockpit object 26 Change log 28 Recalculate header Qty 30 Software Version |
| /K3T/RU001 | /K3T/RU002 | Selected document types |
| /K3T/RU003 | /K3T/RU003 | Selected configuration |
/K3T/RU_211_XML_ BUFFER | /K3T/RU001 | /K3T/RU001 | 24 Process saved 211 XML |
/K3T/RU_MDLP_ CLEANUP | /K3T/RU001 | /K3T/RU001 | 25 Remove |
/K3T/RU_OMS_TOKEN | /K3T/RU004 | /K3T/RU004 | 01 Display OMS Token |
/K3T/RU_MAR_MONITOR | /K3T/RU005 | /K3T/RU005 | 03 Change status 04 Display request 05 Download result 06 Add ZIP response 07 Display MDLP queue 09 Delete MDLP task |
/K3T/RU_MAR_SCD_MD | /K3T/RU005 | /K3T/RU005 | 01 Schedule task |
/K3T/RU_MAR_SCD_PR | /K3T/RU005 | /K3T/RU005 | 01 Schedule task |
/K3T/RU_MAR_SCD_RM | /K3T/RU005 | /K3T/RU005 | 01 Schedule task |
/K3T/RU_MAR_SCD_SH | /K3T/RU005 | /K3T/RU005 | 01 Schedule task |
/K3T/RU_MAR_TASK_EXEC | /K3T/RU005 | /K3T/RU005 | 08 Execute task |
/K3T/RU_MAR_TASK_PROC | /K3T/RU005 | /K3T/RU005 | 02 Process task |
4.2.2 Authorization objects for ISMT
4.2.2.1 Authorization objects for ISMT Report monitor /K3TMT/001
This authorization object is used to control all ISMT report transaction relevant data based on field action
Authorization Field | Authorization Object Settings |
/K3TMT/RAC Report action | Assign * if role should be able to perform all actions Or assign specific actions 01 Display 02 Cancel button 03 Approval 04 Sequence check 05 Get response 06 Send document 07 Reserved 08 Repeat message sending 09 Reset processing status 10 Maintain missing data 11 Reset no response 12 Get response now 13 Change log 14 Navigate to Cockpit object 15 Change ISMT status 21 Display document summary JSON 22 Download document summary JSON 23 Display document details JSON 24 Download document details JSON 31 Display AIF report JSON 32 Download AIF report JSON 33 Message AIF 34 Display processing log 35 Display AIF response JSON 36 Download AIF response JSON |
/K3TMT/RTP ISMT Document Type | Assign * if role should be able to display all ISMT document types Or assign specific ISMT document types, for example: 0005 LP_INTRODUCE_GOODS 0006 LP_SHIP_GOODS 0007 LP_SHIP_RECEIPT 0008 LP_SHIP_GOODS_CROSSBORDER 0009 LP_ACCEPT_GOODS |
4.2.2.2 Authorization objects for ISMT Universal Documents monitor /K3TMT/002
This authorization object is used to control all ISMT Universal document transaction relevant data based on field action
Authorization Field | Authorization Object Settings |
/K3TMT/UAC Report action | Assign * if role should be able to perform all actions Or assign specific actions 01 Display 02 Display document summary JSON 03 Download document summary JSON 04 Display document details JSON 05 Download document details JSON 06 Message AIF 07 Receive inbound |
/K3TMT/UTP ISMT Universal Document Type | Assign * if role should be able to display all ISMT document types Or assign specific ISMT document types, for example: 01 UNIVERSAL_TRANSFER_DOCUMENT 02 UNIVERSAL_TRANSFER_DOCUMENT_FIX 03 UNIVERSAL_CORRECTION_DOCUMENT 04 UNIVERSAL_CORRECTION_DOCUMENT_FIX 05 UNIVERSAL_CANCEL_DOCUMENT |
4.2.2.3 Authorization objects for ISMT Receipts monitor /K3TMT/003
This authorization object is used to control all ISMT Receipts transaction relevant data based on field action
Authorization Field | Authorization Object Settings |
/K3TMT/RCP Receipt action | Assign * if role should be able to perform all actions Or assign specific actions 01 Display 02 Display document summary JSON 03 Download document summary JSON 04 Display document details JSON 05 Download document details JSON 06 Message AIF 07 Receive inbound |
4.2.2.4 Report / Transaction Authorizations
Authorization checks are run for all transactions or reports with configuration character as follows:
Report | Authorization Object | Authorization Field | Authorization Object Settings |
/K3TMT/DISPATCHER | /K3TMT/001 | /K3TMT/RAC | 06 Send document |
/K3TMT/RESPONSE | /K3TMT/001 | /K3TMT/RAC | 05 Response |
/K3TMT/SN_INFO | /K3TMT/001 | /K3TMT/RAC | 15 Change ISMT status |
/K3TMT/REP_MONITOR | /K3TMT/001 | /K3TMT/RAC | 01 Display 02 Cancel button 03 Approval 04 Sequence check 05 Get response 06 Send document 08 Repeat message sending 09 Reset processing status 10 Maintain missing data 11 Reset no response 12 Get response now 13 Change log 14 Navigate to Cockpit object 21 Display document summary JSON 22 Download document summary JSON 23 Display document details JSON 24 Download document details JSON 31 Display AIF report JSON 32 Download AIF report JSON 33 Message AIF 34 Display processing log 35 Display AIF response JSON 36 Download AIF response JSON |
| /K3TMT/001 | /K3TMT/RAC | Selected document types |
/K3TMT/UD_IN | /K3TMT/002 | /K3TMT/UAC | 07 Inbound processing |
/K3TMT/UD_MONITOR | /K3TMT/002 | /K3TMT/UAC | 01 Display 02 Display document summary JSON 03 Download document summary JSON 04 Display document details JSON 05 Download document details JSON 06 Message AIF |
| /K3TMT/002 | /K3TMT/UTP | Selected document types |
/K3TMT/RCP_MONITOR | /K3TMT/003 | /K3TMT/RCP | 01 Display 02 Display document summary JSON 03 Download document summary JSON 04 Display document details JSON 05 Download document details JSON 06 Message AIF |
/K3TMT/RCP_IN | /K3TMT/003 | /K3TMT/RCP | 07 Inbound processing |
4.2.3 Further authorizations
4.2.3.1 Authorizations for Maintenance Views
In addition to the authorization object, an authorization group has been assigned to each maintenance view / underlying views of view clusters according to the delivery class:
Delivery class = E / C: Authorization Group = ATTC
Delivery class = A: Authorization Group = ATTO
Delivery class = S: No Authorization Group.
5. Uninstalling
You can use the SAP Add-On Installation Tool to uninstall add-ons. However, the uninstallation is possible only if the following prerequisites are met for individual add-on components:
You have imported the latest SAINT update (at least SPAM Version 75).
Procedure:
Call the SAP Add-On Installation Tool with the transaction code SAINT in client 000.
Choose the "Uninstallable Components" tab and select the add-on component version K3T from the list
To start the uninstallation process, choose "Start".
A confirmation prompt alerts you to possible dangers of the uninstallation and refers to this add-on-specific SAP Note with important information. Be sure to read this SAP Note and follow its instructions.
Define the start options.
Once you have read this SAP Note and followed its instructions, choose "Continue" to start the uninstallation with the chosen start options. To cancel the uninstallation, choose "Cancel".
After you start the uninstall process, the Add-On Installation Tool runs a predefined sequence of phases. Should an error occur in any of these phases, the uninstall process is stopped and the error is described to the extent possible. Once you have corrected the problem, you can choose "Continue" to continue the uninstallation.
At first, the Add-On Installation Tool performs preparation steps and check steps. If errors cannot be corrected in these phases, you can choose "Back" to stop and reset the uninstallation. In later phases, if changes and deletions have already been made in the system, a reset is no longer possible, and the system displays a relevant error message. In this case, the errors must be rectified, and the uninstallation must be completed.
Following the successful uninstallation of the add-on, you can choose "Logs" to display the implementation logs.
To complete the uninstallation, choose "Exit".