Administration Guide For SAP S/4HANA Cloud For Enterprise Contract Assembly

PUBLIC
Document Version: SHIP – 2020-10-10
Administration Guide for SAP S/4HANA Cloud for

Enterprise Contract Assembly
© 2020 SAP SE or an SAP affiliate company. All rights reserved.
THE BEST RUN

Content
1 Document History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Technical Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
3.1 Internet Connection and Network Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2 Browsers and Browser Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4 Onboarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1 Creating a Subaccount. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2 Creating Users and User Groups in the SAP Cloud Platform Identity Authentication Service. . . . . . . . 8
4.3 Assigning User Groups to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4 Subscribing to Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5 Connecting to SAP S/4HANA for enterprise contract management. . . . . . . . . . . . . . . . . . . . . 12
6 User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.1 Defining and Bundling Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.2 Assigning Role Collections to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
7 Business Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7.1 Configuring Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7.2 Configuring Clause Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
7.3 Configuring Input Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
7.4 Configuring Authorizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Create Authorization for a Text Block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Create Authorization for a Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Create Authorization for a Virtual Document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
8 Security and Data Protection and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

8.1 Data Protection and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Read Access Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Information Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Manage My Personal Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Deletion of Personal Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
9 Error Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Administration Guide for SAP S/4HANA Cloud for Enterprise Contract Assembly
2 PUBLIC Content
1 Document History
Provides details about the changes made in each version of this document.
Document Version Date Comment
1.0 2019-09-20 First release of SAP S/4HANA Cloud for

enterprise contract assembly.
1.1 2020-10-09 New topics in the Admin Guide:
● Create Authorization for a Text

Block [page 20]
● Create Authorization for a Tem
plate [page 22]
● Create Authorization for a Virtual
Document [page 25]
Updated topics in the Admin Guide:
● Configuring Authorizations [page

18]
● Defining and Bundling Roles [page
13]
Document History PUBLIC 3
2 Overview
About This Guide
This administration guide describes the steps you need to perform as an administrator to set up and run SAP
S/4HANA Cloud for enterprise contract assembly. It covers application-specific information only. For general
information about SAP Cloud Platform, see the documentation on SAP Help Portal at https://
help.sap.com/CP.
This guide addresses system administrators.
About This Solution
SAP S/4HANA Cloud for enterprise contract assembly is a cloud solution that enables you to create and
manage the complete lifecycle of templates and text blocks that can be used for producing virtual documents
used in various transactions.
For information about using the features provided by Enterprise Contract Assembly, see User Guide for SAP S/
4HANA Cloud for Enterprise Contract Assembly .
* Free text search on text blocks is provisioned using Elastic Search at the AWS (Europe - Frankfurt) data
center. This functionality is provisioned and managed by SAP in addition to the SAP Cloud Platform data center
in the same location.
4 PUBLIC Overview
3 Technical Prerequisites
Before you start to use SAP S/4HANA Cloud for enterprise contract assembly, check the requirements and
recommendations in this section.
3.1 Internet Connection and Network Requirements
For using Enterprise Contract Assembly, choose the following Cloud Foundry environment:
Europe (Frankfurt) (running on AWS)
For detailed information about the regions and hosts, see Regions.
3.2 Browsers and Browser Settings
Enterprise Contract Assembly supports the following browsers:
Browser Versions
Google Chrome Latest version
Microsoft Edge Latest version
Mozilla Firefox Latest version
Safari Latest version
 Note
Internet Explorer is not supported.
Technical Prerequisites PUBLIC 5
4 Onboarding
This section describes the tasks that an administrator must perform in order to start using Enterprise Contract
Assembly.
The actual process of onboarding onto SAP Cloud Platform has been completed. For information about the
onboarding process, see the SAP Cloud Platform documentation under Getting Started with a Customer
Account: Workflow in the Cloud Foundry Environment.
When you purchase Enterprise Contract Assembly, it includes services provided by SAP Cloud Platform (SCP).
SCP does not have its own user base but a separate identity provider (IdP) is required. Use SAP Cloud Platform
Identity Authentication service (IAS) as the identity provider. For more information about those services, refer
to their documentation.
Prerequisites
● You have a global account on SAP Cloud Platform for the Cloud Foundry environment in the Europe
(Frankfurt) region running on AWS.
● You are assigned the Administrator role for the global account.
● You have administration rights in the SAP Cloud Platform Identity Authentication Service (IAS)
administration console.
Next Steps
1. Create subaccounts under your global account.

See Creating a Subaccount [page 7].
2. Create a tenant in the SAP Cloud Platform Identity Authentication Service.
If you already have a tenant in the SAP Cloud Platform Identity Authentication Service, for example, from
S/4HANA Cloud Edition, you can reuse it.
See Establish Trust Between Identity Authentication Service and SAP Cloud Platform.
3. Create users and user groups in the SAP Cloud Platform Identity Authentication Service. Assign the users
to relevant user groups.
See Creating Users and User Groups in the SAP Cloud Platform Identity Authentication Service [page 8]
and Assigning User Groups to Users [page 9].
4. An entitlement is only visible in the SAP Cloud Platform cockpit if you have a license for Enterprise
Contract Assembly.
Purchase the relevant product from the SAP Store .
5. Subscribe to the application.
See Subscribing to Applications [page 10].
6. (Required if you are integrating with SAP S/4HANA for enterprise contract management) Configure areas.
See Configuring Areas [page 15].
6 PUBLIC Onboarding
7. Configure input fields for inserting in text blocks.
See Configuring Input Fields [page 17].
8. Configure clause types required for creating text blocks.
See Configuring Clause Types [page 16].
9. Configure authorizations for user groups, in order to work with virtual documents.
See Configuring Authorizations [page 18].
4.1 Creating a Subaccount
To be able to subscribe to the application and reach the SCP services, create a subaccount in the SCP Cockpit.
Prerequisites
● You have a global account on SCP.

● You are assigned the Administrator role for the global account.
Procedure
1. Sign in to the SAP Cloud Platform cockpit and go to your global account.
2. Click the New Subaccount button, and enter Display Name and Subdomain.
Use only lower-case letters and digits for the subdomain name. The subdomain becomes part of the URL
for accessing subscribed applications.
When you create a subaccount, SAP Cloud Platform automatically grants your user the role for the
administration of business users and their authorizations in the subaccount. Having this role, you can also
add or remove other users who will then also be user and role administrators of this subaccount.
 Note
Only the administrator who created the current subaccount can add other administrators with access
to Security tab in SCP Cockpit. Make sure you add users with sufficient rights that enable managing
accounts in all occasions.
For more information, see the documentation in SAP Cloud Platform, under Security Security in
the Cloud Foudry Environment Authorization and Trust Management in the Cloud Foundry
Environment Security Administrators in Your Subaccount .
Onboarding PUBLIC 7
4.2 Creating Users and User Groups in the SAP Cloud
Platform Identity Authentication Service
As an administrator, you can create new users and user groups in the administration console for SAP Cloud
Platform Identity Authentication service.
Context
The administrator creates the new user with a minimum set of attributes and can set an initial password.
Procedure
1. Access the administration console for SAP Cloud Platform Identity Authentication service by using the
console's URL.
The URL has the https://<tenant ID>.accounts.ondemand.com/admin pattern.
Tenant ID is an automatically generated ID by the system. The first administrator created for the tenant
receives an activation e-mail with a URL in it. This URL contains the tenant ID.
2. Create new users.
a. Go to Users & Authorizations User Management .

b. Choose + Add User.
c. Enter the required values in the Add New User dialog box.
 Note
Ensure that you create atleast one user with the email id as lca-system-user@sap.com. This is
required for authorizing the user as part of the integration between Enterprise Contract Assembly
and SAP S/4HANA for enterprise contract management.
d. Choose one of the following options:
Option Description
Send activation e-mail The user receives an e-mail with instructions how to ac
tivate the user account.
8 PUBLIC Onboarding
Option Description
Set password The administrator sets the password for the user.
 Note
The user is prompted to reset the password after
signing in for the first time.
e. Save your entry.
3. Create new user groups.
 Note
You must create atleast three user groups as follows:

○ A group for configuration experts (The user whose email id is lca-system-user@sap.com, must
be assigned to this group).
○ A group for virtual document users.
○ A group for template users.
a. Go to Users & Authorizations User Groups .

b. Choose +Add.
c. Enter the required values for the various fields.
The user group name must always start with "eca-". The name can contain lower-case characters (a-
z), upper-case characters (A-Z), base 10 digits (0-9), hyphens, and underscores.
d. Save your entry.
4.3 Assigning User Groups to Users
As an administrator, you can assign one or more groups to a user in the administration console for SAP Cloud
Platform Identity Authentication service.
Prerequisites
You have created users and user groups.
See Creating Users and User Groups in the SAP Cloud Platform Identity Authentication Service [page 8].
Onboarding PUBLIC 9
Procedure
1. Access the administration console for SAP Cloud Platform Identity Authentication service by using the
console's URL.
The URL has the https://<tenant ID>.accounts.ondemand.com/admin pattern.
Tenant ID is an automatically generated ID by the system. The first administrator created for the tenant
receives an activation e-mail with a URL in it. This URL contains the tenant ID.
2. Go to Users & Authorizations User Management .

3. Choose the user for whom you want to assign user groups.
4. Go to the User Groups tab and choose Assign Groups.
5. Select the groups that you want to assign to the user.
6. Save the changes.
4.4 Subscribing to Applications
Prerequisites
1. You have purchased SaaS licenses for the applications you want to consume.
2. You have created a subaccount in your global account.
3. You have created trust both from the SAP Cloud Platform Cockpit and SAP Cloud Platform Identity
Authentication Service administration console.
Procedure
1. Navigate to your subaccount in the SAP Cloud Platform Cockpit.

2. Go to Subscriptions. Under SAAS Applications, choose the SAP S/4HANA Cloud for enterprise contract
assembly tile.
The SAP S/4HANA Cloud for enterprise contract assembly overview page is displayed.
3. Choose Subscribe.
After a few seconds, the status will change from Not Subscribed to Subscribed.
4. Choose Go to Application.
The application launchpad is displayed. Note down this URL for future reference.
10 PUBLIC Onboarding
 Note
Applications do not open before you have created trust both from the SAP Cloud Platform Cockpit and
SAP Cloud Platform Identity Authentication Service administration console.
Onboarding PUBLIC 11
5 Connecting to SAP S/4HANA for
enterprise contract management
In order to generate virtual documents based on the templates and text blocks available in Enterprise Contract
Assembly, and edit specific fields in the virtual documents, Enterprise Contract Assembly must be integrated
with SAP S/4HANA for enterprise contract management. Also, text elements such as variables that are used in
text blocks will be available in Enterprise Contract Assembly, only if the connectivity is set up. This is because
the variables are retrieved from the SAP S/4HANA for enterprise contract management system.
For information about setting up the integration between Enterprise Contract Assembly and SAP S/4HANA for
enterprise contract management, see the configuration guides for SAP S/4HANA for enterprise contract
management available in the SAP Best Practices Explorer . In the SAP Best Practices Explorer, search for
SAP S/4HANA for Enterprise Contract Management (1XV) and Integration to SAP S/4HANA Cloud for Enterprise
Contract Assembly (2OQ).
To complete the setup, you must also configure a destination to the SCIM API endpoint of the identity provider.
Following are the steps to configure the destination in the subaccount:
1. Navigate to your subaccount in the SAP Cloud Platform Cockpit.

2. Go to Destinations.
3. Choose New Destination.
4. In the Name field, enter scim.
5. In the URL field, enter the SCIM API link of the identity provider.
6. Choose Basic Authentication. Enter the user name and password of the administrator for the identity
provider.
7. Choose Save.
The destination is now configured.
8. Check if the destination is reachable.
For more information, see Check the Availability of a Destination.
12 PUBLIC Connecting to SAP S/4HANA for enterprise contract management
6 User Management
This section describes how to configure user management for your application. As a prerequisite, you have
created business users and user groups in your identity provider (IdP). SAP ID Service is configured as the
default IdP, but you can also add your instance of the SAP Cloud Platform Identity Authentication service or a
different IdP.
If you use the SAP Cloud Platform Identity Authentication service, you can find more information in the SAP
Cloud Platform documentation under Establish Trust and Federation with UAA Using SAP Cloud Platform
Identity Authentication Service.
6.1 Defining and Bundling Roles
Enterprise Contract Assembly provides the following role templates:
Role Template Description Additional Details
VD_EDIT Write permission on virtual documents Also includes read permission on virtual
documents.
VD_DISPLAY Read permission on virtual documents
TM_EDIT Write permission on legal templates Also includes read permission on legal
templates.
TM_DISPLAY Read permission on legal templates
TB_EDIT Write permission on text blocks Also includes read permission on text
blocks.
TB_DISPLAY Read permission on text blocks
CAR View the tile Configuring Authorizations Should be bundled with role templates
Config_Admin and RC_viewer to view
the app tile.
CCL View the tile Configuring Clause Types Should be bundled with role templates
the app tile.
CAU View the tile Configuring Authorizations Should be bundled with role templates
the app tile.
User Management PUBLIC 13
Role Template Description Additional Details
CIF View the tile Configuring Input Fields Should be bundled with role templates
the app tile.
Config_Admin Write permission on the configuration Relevant role templates for the configu-
apps ration apps also need to be bundled
along with this role template to view
tiles for the configuration apps.
RC_viewer Read permission on the configuration Relevant role templates for the configu-
apps ration apps also need to be bundled
along with this role template to view
tiles for the configuration apps.
PDM_Administrator User can export the personal data using

the app Data Export in Personal Data
Manager.
PDM_ CustomerServiceRepresentative User can process and manage personal

data requests using the apps Manage
Personal Data and Manage Personal
Data Requests in Personal Data
Manager.
As a prerequisite for assigning roles to IdP users or user groups, you also need to configure role collections. A
role collection consists of one or more roles from one or more applications and can be used to bundle
authorizations within and across applications.
For more information about how to create roles and how to bundle them in role collections using the SAP Cloud
Platform cockpit, see Building Roles and Role Collections for Applications.
6.2 Assigning Role Collections to Users
In the SAP Cloud Platform cockpit, you must assign role collections to IdP users or user groups. As a
prerequisite, users and user groups must have been created in the SAP Cloud Platform Identity Authentication
service or another IdP.
 Note
If you use the SAP ID service, you assign role collections to individual users. If you use the SAP Cloud
Platform Identity Authentication service or another IdP, you assign them to user groups.
For more information about how to assign role collections to users or user groups using the SAP Cloud
Platform cockpit, see Assign Role Collections.
14 PUBLIC User Management
7 Business Configuration
Enterprise Contract Assembly provides various configuration applications.
Following are the configuration applications that are available:
● Configure Areas
● Configure Input Fields
● Configure Clause Types
● Configure Authorizations
7.1 Configuring Areas
In order to generate virtual documents based on the templates and text blocks available in Enterprise Contract
Assembly and edit specific fields in the virtual documents, Enterprise Contract Assembly must be integrated
with SAP S/4HANA for enterprise contract management.
Context
Areas are used for authorization between Enterprise Contract Assembly and SAP S/4HANA for enterprise
contract management.
Procedure
1. Sign in to the SAP Fiori Launchpad and launch the Configure Areas app.
The area list view is displayed.

2. wee
3. Choose  (Create Area).
4. In the new screen, enter the Name and Description.
The default language is English.

5. Choose Save.
The new area is created.
Business Configuration PUBLIC 15
7.2 Configuring Clause Types
Context
Enterprise Contract Assembly enables you to create custom clause types by using the Configure Clause Types
app. These clause types are made available in the Manage Templates app. When you create a new text block,
you can choose the type from this list of clause types.
Procedure
1. Sign in to the SAP Fiori Launchpad and launch the Configure Clause Types app.
The clause types list view is displayed.

2. Choose  (Create Clause Type).
3. Enter the required values for the following properties:
Field Name Description
Code Indicates the identifier for the clause type.
This code is visible only within the Configure Clause Types

app. Enter a meaningful code to identify the clause type. It
can be used for searching and filtering the clause types
within the app.
Name Name of clause type.
This is the name that is used in the Manage Templates

app.
Language Default language is English.
4. Choose Save.
A new clause type is created.
16 PUBLIC Business Configuration
7.3 Configuring Input Fields
Context
Enterprise Contract Assembly enables you create input fields by using the Configure Input Fields app. The
created input fields are then available in the Text Elements library of the Manage Templates app for inserting
into text blocks. After the virtual document is generated based on the selected template, users can enter data
in the input fields.
Procedure
1. Sign in to the SAP Fiori Launchpad and launch the Configure Input Fields app.
The input fields list view is displayed.

2. Choose  (Create Input Field).
Type Indicates the type of the input field.
Name Name of input field.
This name is visible within the Configure Input Fields app.

Enter a meaningful name to identify the input field. It can
be used for searching and filtering the input fields within
the app.
When an input field is created in multiple languages, the

same name must be used in all languages. This ensures
that when an input field used in the virtual document is
not available in the user's logon language, the name is dis
played instead of the label.
Label in Template Indicates the name of the input field that will be displayed
in the template and virtual document.
Help Text Provide information that will help the document user to in
put the correct value.
Input Format Name Indicates the type of input format you want to assign for
the input field you are creating. This depends on the input
field type.
For example, if the input field type is Drop-down, the drop-

down options must be defined here. If the type is Free Text,
the maximum character length must be defined here.
You can create a new input format or choose an existing

one.
4. Choose Save.
A new input field is created.
7.4 Configuring Authorizations
Prerequisites
Users and user groups have been created in SAP Cloud Platform Identity Authentication service. Users are
assigned to relevant user groups.
For more information, see Creating Users and User Groups in the SAP Cloud Platform Identity Authentication
Service [page 8] and Assigning User Groups to Users [page 9].
Context
Enterprise Contract Assembly enables you to define the authorizations for various user groups. Depending on
the authorizations that are provided, users can perform various operations.
The authorization administrators have all the authorizations required to perform all the operations. They can
also create authorizations based on different business requirements and assign these authorizations to the
user groups. This ensures that the end users have access to the relevant objects.
The authorization administrators should create at least one authorization for the end users who work with
either of the objects: virtual documents, templates, or text blocks.
The authorizations can be edited too after their creation.
 Note
The created authorization is applicable to the combination of values selected for all the fields.
Procedure
1. Sign in to the SAP Fiori Launchpad and launch the Configure Authorizations app.
The available user groups are displayed.

2. Choose the user group for which you want to define the authorization.
3. In the Authorizations section, choose Create.
Field Name Description Applicable to the Object Types
Object Type of object, select one of the fol Not applicable

lowing:
○ Virtual Document
○ Template
○ Text Block
Text block is selected by default.
Name Name of the authorization All
This is visible only within the

Configure Authorizations app. Enter a
meaningful name to identify the au
thorization. It can be used for search
ing and filtering the authorizations
within the Configure Authorizations.
Operation Indicates the operation that the user All

in the users in the selected user group
with this authorization can perform.
Business Actions Indicates the business actions that Templates and virtual documents
the users in the selected user group
with this authorization can perform.
Area Indicates the areas for which the au Virtual document
thorization is applicable.
Content Type Indicates the various content types Templates and virtual documents
for which the authorization is applica
ble.
Status Indicates the object statuses, for Templates and virtual documents
which the authorization is applicable
Access Level of Legal Transaction (Op Indicates the access level of the legal Virtual document
tional) transaction for which the authoriza
tion is applicable.
Access Level of Legal Document (Op Indicates the access level of the legal Virtual document
tional) document for which the authorization
is applicable.
Governing Law Indicates the governing law for which Template

the authorization is applicable.
Field Name Description Applicable to the Object Types
Text Block Class Indicates the text block class for Text block
which the authorization is applicable.
Text Block Type Indicates the text block type for which Text block
the authorization is applicable.
5. Choose Create.
A new authorization is created for the selected user group.
Related Information
Create Authorization for a Template [page 22]

Create Authorization for a Virtual Document [page 25]
Create Authorization for a Text Block [page 20]
7.4.1 Create Authorization for a Text Block
An authorization for a user group that includes end users who work with text blocks.
Context
An authorization for a user group that includes end users who work with text blocks.
Procedure

Object Select Text Block from the drop-down list.
Name Enter a meaningful name to identify the authorization. It

can be used for searching and filtering the authorizations
within the app Configure Authorizations.
Operation Choose the operations that the users in the user group
with this authorization can perform. Read and Write are
the available options here.
 Note
For the authorization where Write operation is se
lected, the user automatically also gets permission to
the read, update, create, and delete operations.
Following table shows available permissions for different

operations:
Also Includes User

Actions for the Fol
Operation User Actions lowing Operations
Read User can:

○ Search for the
text blocks
○ View the list
on the Man
age Text
Blocks app
○ View the text
blocks
Write User can edit and Read

create the text
blocks
Text Block Class Choose the text block class for which the authorization is
applicable. Signature and Clause are the available options
here.
Text Block Type Choose the text block type for which the authorization is
applicable.
 Note
Text block type cannot be selected when Signature is
selected in the Text Block Class.
Results
The created authorization is applicable to the combination of values selected for all the fields. This means a
user gets permission to access a text block only when the combination of values for all the fields matches
between the authorization and the text block.
For example, an authorization is created with the following values:
● Operation: Write
● Text Block Class: Clause
● Text Block Type: Preamable
In this case, the user has Write permission on text blocks that fulfils all the following conditions:
● Has Text Block Class as Clause

● Has Text Block Type as Preamable
Even if one condition is not satisfied, the user will not get write permission on the text block.
 Note
● All the fields are mandatory to be filled, except for the ones that are marked as optional.
● Follow the below steps to edit the created authorization later:
1. Launch the Configure Authorizations app.
2. Choose the user group where you have created the authorization.
3. Select the authorization.
4. Click on Edit to edit the authorization.
 Note
The fields Object and Operation cannot be edited in an existing text block authorization.
7.4.2 Create Authorization for a Template
An authorization for a user group that includes end users who work with templates.
Context
An authorization for a user group that includes end users who work with templates.
Procedure

Object Select Template from the drop-down list.

within the Configure Authorizations app.
 Note
Business Actions Choose the business actions that the users in the user
group with this authorization can perform. The available
options are:
○ Full Read and Restricted Read are the available op
tions when Read is selected as the operation.
○ All the business actions are available with the write
operation.
Following table shows available user actions for different
business actions:
Also Includes User

Actions for the fol
lowing Business Ac
Business Action User Actions tions
Restricted Read User can:

○ Search for the
templates
○ View the tem
plates that are
in the status
Released
○ Download the
template
○ Preview the
template
○ Use the fea
ture Export to
Word
○ Use the fea
ture Version
History
Full Read User can: Restricted Read

○ View notes
○ View tem
plates in all
the statuses
Create, Edit, Full User has full access Full Read

Display, and Delete to the templates.
The following list
contains some of
the actions that the
user can do:
○ Approve the
template
Also Includes User

Actions for the fol
lowing Business Ac
○ Use the Show

Library fea
ture
○ Archive the
template
○ Export the
template
○ Edit the tem
plate
○ Create new
template
Status Displays status that is applicable to the authorization.
 Note
The statuses are selected by default and are not edit
able based on the selected operation and business
actions. See the below table for more details:
Operation Status
Full Read All
Restricted Read Released
Write All
Content Type Select the various content types as required.
Governing Law Select the various governing laws as required.
Results
user gets permission to access a template only when the combination of values for all the fields matches
between the authorization and the template.
● Operation: Read
● Business Actions: Full Read
● Content Types: NDA and Amendment
● Governing Law: Germany (DE)
● Status: All
In this case, the user has read permission on the templates with the following values:
Template 1 Template 2 Template 3
● Content Type: NDA ● Content Type: Amendment ● Content Types: NDA and
● Governing Law: Germany (DE) ● Governing Law: Germany (DE) Amendment both
● Governing Law: Germany (DE)
 Note
● All the fields are mandatory to be filled except for the ones that are marked as optional.
 Note
The fields Object, Operation, and Business Actions cannot be edited in an existing template
authorization.
7.4.3 Create Authorization for a Virtual Document
An authorization for a user group that includes end users who work with virtual documents.
Context
An authorization for a user group that includes end users who work with virtual documents.
Procedure

Object Select Virtual Document from the drop-down list.

within the Configure Authorizations app.
 Note
Business Actions Choose the business actions that the users in the user
group with this authorization can perform. The available
options are:
○ View and Download as PDF are the available options
and are selected by default when Read is selected as
the Operation.
○ Following business actions are available when Write is
selected as the Operation:
○ Edit
○ Edit Input Field
○ Set To Final
○ Edit Final
○ Expert Edit
Following table shows available permissions for different
business actions:
Also includes User

Actiions for the fol
lowing Business Ac
Edit User can:

○ Edit the virtual
document us
ing the Edit
button
○ Edit proper
ties of the vir
tual docu
ment
○ Refresh the
variables
○ Use the show
library feature
○ Create new
virtual docu
ments
Edit Input Field Edit input fields in

the virtual docu
ment.
Set to Final User can use the

option Set to Final
Also includes User

Actiions for the fol
lowing Business Ac
to move the virtual

document to the
status Final.
Edit Final View the virtual Edit, Edit Input

documents that are Field, and Set to Fi
in the status Final. nal
Expert Edit Edit all the aspects Edit Final, and Edit
in the virtual docu Variable
ment and edit vari
ables.
Areas Choose the areas as required.
Content Type Select the various content types as required.
Status Choose the statuses for which the authorization is appli

cable. Available options are:
○ Pending, Error, or Complete
○ Final
○ Archived
 Note
You can choose the statuses only for the Read opera
tion. For the Write operation, the statuses are selected
by default and are not editable. See the below table
for more details:
Business Action Status
Edit Pending, Error, or Complete
Edit Final All
Expert Edit All
Edit Input Field Pending, Error, or Complete
Set To Final Complete
Edit Input Field + Set To Final Pending, Error, or Complete
Edit + Edit Input Field Pending, Error, or Complete
Edit + Set To Final Pending, Error, or Complete
Access Level of Legal Transaction (Optional) Choose access level of the legal transaction to which the
authorization is applied. If access level is not selected, the
user gets full access.
Access Level of Legal Document (Optional) Choose access level of the legal document to which the
authorization is applied. If access level is not selected, the
user gets full access.
Results
user gets permission to access a virtual document only when the combination of values for all the fields
matches between the authorization and the virtual document.
● Operation: Write
● Business Actions: Edit
● Areas: Area01, Area02
● Content Types: NDA
● Status: Pending, Error, or Complete
● Access Level of Legal Transaction: Private
● Access Level of Legal Document: Public
In this case, the user has write permission on the virtual documents with the following values:
Virtual Document 1 Virtual Document 2 Virtual Document 3
● Area: Area01 ● Area: Area02 ● Areas: Area01, Area02

● Content Type: NDA ● Content Type: NDA ● Content Types: NDA
● Access Level of Legal Transaction: ● Access Level of Legal Document: ● Access Level of Legal Transaction:
Private Public Private
● Access Level of Legal Document:
Public
 Note
● All the fields are mandatory to be filled except for the ones that are marked as optional.
 Note
The fields Object, and Operation cannot be edited in an existing virtual document authorization.
8 Security and Data Protection and Privacy
In this section, you can find information about the security features of SAP S/4HANA Cloud for enterprise
contract assembly.
Since the apps are on SAP Cloud Platform, many of the security measures are taken care of by SAP Cloud
Platform. For more information about security on the SAP Cloud Platform, see Security and Data Protection
and Privacy.
8.1 Data Protection and Privacy
Data protection is associated with numerous legal requirements and privacy concerns. In addition to
compliance with general data protection and privacy acts, it is necessary to consider compliance with industry-
specific legislation in different countries. SAP provides specific features and functions to support compliance
with regard to relevant legal requirements, including data protection. SAP does not give any advice on whether
these features and functions are the best method to support company, industry, regional, or country-specific
requirements. Furthermore, this information should not be taken as advice or a recommendation regarding
additional features that would be required in specific IT environments. Decisions related to data protection
must be made on a case-by-case basis, taking into consideration the given system landscape and the
applicable legal requirements.
 Note
SAP does not provide legal advice in any form. SAP software supports data protection compliance by
providing security features and specific data protection-relevant functions, such as simplified blocking and
deletion of personal data. In many cases, compliance with applicable data protection and privacy laws will
not be covered by a product feature. Definitions and other terms used in this document are not taken from
a particular legal source.
 Caution
The extent to which data protection is supported by technical means depends on secure system operation.
Network security, security note implementation, adequate logging of system changes, and appropriate
usage of the system are the basic technical requirements for compliance with data privacy legislation and
other legislation.
For virtual documents that contain input fields, consider the following:
Input fields can be used for entering any kind of data. In order to ensure data protection and privacy, please do
not enter any personal data, such as, personal email id, phone numbers, and so on.
Security and Data Protection and Privacy PUBLIC 29
8.1.1 Glossary
The following terms are general to SAP products. Not all terms may be relevant for this SAP product.
Term Definition
Blocking A method of restricting access to data for which the primary

business purpose has ended.
Business Purpose The legal, contractual, or in other form justified reason for
the processing of personal data to complete an end-to-end
business process. The personal data used to complete the
process is predefined in a purpose, which is defined by the
data controller. The process must be defined before the per
sonal data required to fulfill the purpose can be determined.
Consent The action of the data subject confirming that the usage of
his or her personal data shall be allowed for a given purpose.
A consent functionality allows the storage of a consent re
cord in relation to a specific purpose and shows if a data
subject has granted, withdrawn, or denied consent.
Data Subject Any information relating to an identified or identifiable natu

ral person ("data subject"). An identifiable natural person is
one who can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification
number, location data, an online identifier, or to one or more
factors specific to the physical, physiological, genetic, men
tal, economic, cultural, or social identity of that natural per
son.
Deletion Deletion of personal data so that the data is no longer avail

able.
End of business Defines the end of active business and the start of residence
time and retention period.
End of Purpose (EoP) The point in time when the processing of a set of personal
data is no longer required for the primary business purpose,
for example, when a contract is fulfilled. After the EoP has
been reached, the data is blocked and can only be accessed
by users with special authorizations (for example, tax audi
tors).
End of Purpose (EoP) check A method of identifying the point in time for a data set when
the processing of personal data is no longer required for the
primary business purpose. After the EoP has been reached,
the data is blocked and can only be accessed by users with
special authorization, for example, tax auditors.
30 PUBLIC Security and Data Protection and Privacy
Term Definition
Personal Data Any information relating to an identified or identifiable natu

ral person ("data subject"). An identifiable natural person is
one who can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification
number, location data, an online identifier, or to one or more
factors specific to the physical, physiological, genetic, men
tal, economic, cultural, or social identity of that natural per
son.
Purpose The information that specifies the reason and the goal for
the processing of a specific set of personal data. As a rule,
the purpose references the relevant legal basis for the proc
essing of personal data.
Residence Period The period of time between the end of business and the end
of purpose (EoP) for a data set during which the data re
mains in the database and can be used in case of subse
quent processes related to the original purpose. At the end
of the longest configured residence period, the data is
blocked or deleted. The residence period is part of the over
all retention period.
Retention Period The period of time between the end of the last business ac
tivity involving a specific object (for example, a business
partner) and the deletion of the corresponding data, subject
to applicable laws. The retention period is a combination of
the residence period and the blocking period.
Sensitive Personal Data A category of personal data that usually includes the follow
ing type of information:
● Special categories of personal data, such as data reveal

ing racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade union membership, genetic
data, biometric data, data concerning health or sex life
or sexual orientation.
● Personal data subject to professional secrecy
● Personal data relating to criminal or administrative of
fenses
● Personal data concerning insurances and bank or credit
card accounts
Term Definition
Technical and Organizational Measures (TOM) Some basic requirements that support data protection and
privacy are often referred to as technical and organizational
measures (TOM). The following topics are related to data
protection and privacy and require appropriate TOMs, for ex
ample:
● Access control Authentication features

● Authorizations Authorization concept
● Read access logging
● Transmission control/communication security
● Input control/change logging
● Availability control
● Separation by purpose Subject to the organizational
model implemented and must be applied as part of the
authorization concept.
8.1.2 Read Access Logging
Read access to personal data is partially based on legislation, and it is subject to logging functionality. Read
access logging (RAL) is used to monitor and log read access to sensitive data. Data may be categorized as
sensitive by law, by external company policy, or by internal company policy. Read access logging enables you to
answer questions about who accessed particular data within a specified time frame. Here are some examples
of such questions:
● Who accessed the data of a given business entity, for example a bank account?
● Who accessed personal data, for example of a business partner?
● Which employee accessed personal information, for example religion?
● Which accounts or business partners were accessed by which users?
From a technical point of view, this means that all remote APIs and UI infrastructures (that access the data)
must be enabled for logging.
Requesting Audit Logs
Data accesses that have been logged are written to the central audit logging infrastructure provided by SAP
Cloud Platform. You can access the logs using Audit Log Viewer. You must subscribe to Audit Log Viewer to
access the logs.
Subscribe to Audit Log Viewer

1. To use Audit Log Viewer, go to the Subscriptions tab of your subaccount in the SAP Cloud Platform cockpit
and subscribe for it.
2. After you have subscribed, select Go to Application to open Audit Log Viewer and log in to the application.
Access the Logs Using Audit Log Viewer
To retrieve the audit logs for your subaccount using Audit Log Viewer, you need to have proper authorizations.
1. Create a RoleCollection.
2. Include the auditlog-viewer!t*/Auditlog Auditor role and the auditlog-management!b*/Auditlog Auditor role.
3. Assign it to a user or create a rule to assign it to users based on the SAML Assertion coming from the IDP.
See Manage Custom Platform Roles.
 Note
Only account members with the Security Administrator role are authorized to edit application
authorizations.
8.1.2.1 Available Audit Logs
Audit logs for various actions can be accessed in the Audit Log Viewer.
Logging Read Access for Logging Modifications for Logging Configuration Changes for
● Templates ● Templates ● Areas

● Text blocks ● Text blocks ● Clause types
● Areas ● Template versions ● Access levels
● Clause types ● Text block versions ● Languages
● Variable catalogs ● Text block draft versions ● User groups
● Input fields ● Virtual documents ● Variable catalogs
● Governing laws ● Virtual document versions ● Input fields
● Content types ● Content types
● Access levels
● Languages
● User groups
● Template versions
● Text block versions
● Text block draft versions
● Virtual documents
● Virtual document versions
8.1.3 Information Report
Data subjects have the right to receive information regarding their personal data undergoing processing. The
personal data record feature helps you to comply with the relevant legal requirements for data protection by
allowing you to search for and retrieve all personal data for a specified data subject. The search results are
displayed in a comprehensive and structured list containing all personal data of the data subject specified,
organized according to the purpose for which the data was collected and processed.
Manage Personal Data Using Personal Data Manager
Personal Data Manager is used to view user specific data for Enterprise Contract Assembly.
Prerequisites
You have configured Personal Data Manager and assigned the required roles to the user before you use the
Personal Data Manager app.
Accessing Personal Data in Personal Data Manager
After you have assigned the roles, follow these steps to display personal data:
1. Launch the Personal Data Manager app.

2. Select the Manage Personal Data tile.
3. Enter the user ID in Data Subject ID field and click Go.
The applications that contain the personal data of the user are displayed.
You can view the following information:
Entity Properties
DocumentDppObject UUID, ExternalID, DocumentID, VersionID, Name,

DppType, DppId
DocumentObject ExternalID, DocumentID, VersionID, Name, Status
TemplateObject ID, Name, Version, Status
TextblockObject ID, Name, Version, Status
For information about Personal Data Manager, see below links:
● Business User Guide for Personal Data Manager

● User Guide for Personal Data Manager
8.1.4 Manage My Personal Data
The Manage My Personal Data application in Enterprise Contract Assembly provides a self-service cockpit that
enables you to view which of your personal data is being processed and stored by the different services you
use. With this app, you can see personal details used in the following business objects:
● Legal templates
● Text blocks
● Document DPP
Information
In the self-service cockpit, you can see the following types of information:
● A list of applications that you have allowed to use your personal data
● The personal data used by each of the applications listed
● Any requests you have made for the correction, deletion, or export of your personal data
On the overview page for your user profile, there is a list of all the applications that use personal data and the
data subject roles associated with each application. You can also find a list of requests for correction, deletion,
or export of personal data.
For more detailed information about the personal data used by an application, choose the line with the data
subject role for which you want to display more information. Only the information associated with the data
subject role you selected is displayed in the application detail view.
Additionally, any requests you make related to the personal data used in an application only apply to the data
subject role you selected.
When you open the application, the first data subject role for the first application in the list is already displayed.
Export Your Personal Data
You can export your personal data, including information for your business transactions, business purposes,
and consent records, in a human-readable or machine-readable fromat.
You can download the information for the application and data subject role separately:
1. On the overview page, choose the application to go to the details view.

2. On the application details page, choose Export Personal Data to download or export the information.
3. In the dialog box, choose Email or Download.
1. For Email, select an email address from the dropdown menu and choose a file format for the exported
data. You can choose from PDF, JSON, or XML. PDF files are human readable, and JSON and XML files
are machine readable.
2. For Download, choose a file format for the download: PDF, JSON, or XML.
In both cases, if you select PDF, you can choose to export all transaction data. If you do not choose this
option, only five transaction data records are exported.
4. Choose Export in the dialog box.
1. If you chose Email, an email containing a link to the document and a second email containing a one-
time password that will allow you to access the document will be sent to the email address you
selected in step 3.
2. If you chose, Download, a download request will be created. You can download the files from the Export
Requests section under Requests once the request has been processed.
3. Once a download is created for certain criteria, such as the following, another request for the same
criteria can only be created after the existing request is completed (downloaded or canceled):
○ Application name
○ Data subject role (for example, customer or vendor)
○ Download type (PDF, XML, JSON)
○ Browser download or export via email)
○ Data Subject ID
 Note
For a complete list of all business transactions and business purposes, you must export the data in a
machine-readable format. By selecting Export all transaction data you can download the data in a human-
readable format.
Requests
After you have created a request, it appears in the list of existing requests, either under Inbox Requests or
Export Requests.
You can find the following types of requests under Inbox Requests:
● Correction
● Deletion
● Withdraw consent
You can also get more information about an individual request by navigating to the details view for that request.
8.1.5 Deletion of Personal Data
Simplified Blocking and Deletion
When considering compliance with data protection regulations, it is also necessary to consider compliance
with industry-specific legislation in different countries. A typical potential scenario in certain countries is that
personal data shall be deleted after the specified, explicit, and legitimate purpose for the processing of
personal data has ended, but only as long as no other retention periods are defined in legislation, for example,
retention periods for financial documents. Legal requirements in certain scenarios or countries also often
require blocking of data in cases where the specified, explicit, and legitimate purposes for the processing of
this data have ended, however, the data still has to be retained in the database due to other legally mandated
retention periods. In some scenarios, personal data also includes referenced data. Therefore, the challenge for
deletion and blocking is first to handle referenced data and finally other data, such as business partner data.
Deletion of Personal Data
The processing of personal data is subject to applicable laws related to the deletion of this data when the
specified, explicit, and legitimate purpose for processing this personal data has expired. If there is no longer a
legitimate purpose that requires the retention and use of personal data, it must be deleted. When deleting data
in a data set, all referenced objects related to that data set must be deleted as well. Industry-specific legislation
in different countries also needs to be taken into consideration in addition to general data protection laws. After
the expiration of the longest retention period, the data must be deleted.
Deletion of Personal Data in Enterprise Contract Assembly
In Enterprise Contract Assembly, data related to the following objects is stored:
● Templates
● Text blocks
This data is handled as follows:
Virtual Documents Templates and Text Blocks
Purpose of legal document is still valid Active. The deletion of personal data related to
Can be accessed based on the authori templates and text blocks must be han
zations that are configured. dled manually on a case by case basis,
and cannot be automated, due to the
End of Purpose is reached If the corresponding legal document following reasons:
has reached End of Purpose, the virtual
● Templates and text blocks are not
document is also set to the same state.
linked to a specific legal transac
Can be accessed based on the authori tion. So they can continue to be
zations that are configured. valid for as long as it is required by
the organization. The end of pur
Legal document is in To be Archived sta If the corresponding legal document is
pose is decided by the organization
tus
in To be Archived status, the virtual based on the various business sce
document is also set to the same sta narios.
tus. ● In the event of the need for a owner
change due to business reasons, or
Can be accessed based on the authori
if the employee working as owner
zations that are configured for the To be
leaves the company or position,
Archived status. this will be managed manually by
the organization.
Retention period is over Virtual document is deleted.
9 Error Handling
This topic provides you the information required to contact SAP in case of any issues.
If you require support or encounter any technical issues, contact SAP by reporting an incident on the Support
Portal. Following are the components available for reporting:
Component Description
CM-ECA-TPL For issues related to template management.
CM-ECA-TBL For issues related to the text block library.
CM-ECA-DOC For issues related to virtual document management
CM-ECA For general issues related to Enterprise Contract Assembly, that do not fit into the
other components.
Specify the following information in the incident:
● Tenant ID
● Complete error message along with ID
38 PUBLIC Error Handling
Important Disclaimers and Legal Information
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:
● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such
links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.
Videos Hosted on External Platforms

Some videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any
advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within
the control or responsibility of SAP.
Beta and Other Experimental Features

Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by
SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use
the experimental features in a live operating environment or with data that has not been sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your
feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Gender-Related Language
We try not to use gender-specific word forms and formulations. As appropriate for context and readability, SAP may use masculine word forms to refer to all genders.
Important Disclaimers and Legal Information PUBLIC 39
www.sap.com/contactsap
© 2020 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form

or for any purpose without the express permission of SAP SE or an SAP
affiliate company. The information contained herein may be changed
without prior notice.
Some software products marketed by SAP SE and its distributors

contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for

informational purposes only, without representation or warranty of any
kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or
SAP affiliate company products and services are those that are set forth
in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an
additional warranty.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.
Please see https://www.sap.com/about/legal/trademark.html for

additional trademark information and notices.
THE BEST RUN

Administration Guide For SAP S/4HANA Cloud For Enterprise Contract Assembly

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Administration Guide For SAP S/4HANA Cloud For Enterprise Contract Assembly

Uploaded by

Copyright:

Available Formats

PUBLIC

Document Version: SHIP – 2020-10-10

Administration Guide for SAP S/4HANA Cloud for

THE BEST RUN

5 Connecting to SAP S/4HANA for enterprise contract management. . . . . . . . . . . . . . . . . . . . . 12

8 Security and Data Protection and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Document Version Date Comment

1.0 2019-09-20 First release of SAP S/4HANA Cloud for

1.1 2020-10-09 New topics in the Admin Guide:

● Create Authorization for a Text

Updated topics in the Admin Guide:

● Configuring Authorizations [page

About This Guide

This guide addresses system administrators.

About This Solution

3.1 Internet Connection and Network Requirements

Europe (Frankfurt) (running on AWS)

3.2 Browsers and Browser Settings

Enterprise Contract Assembly supports the following browsers:

Google Chrome Latest version

Microsoft Edge Latest version

Mozilla Firefox Latest version

Safari Latest version

Internet Explorer is not supported.

1. Create subaccounts under your global account.

4.1 Creating a Subaccount

● You have a global account on SCP.

The URL has the https://<tenant ID>.accounts.ondemand.com/admin pattern.

a. Go to Users & Authorizations User Management .

d. Choose one of the following options:

e. Save your entry.

3. Create new user groups.

You must create atleast three user groups as follows:

a. Go to Users & Authorizations User Groups .

4.3 Assigning User Groups to Users

You have created users and user groups.

The URL has the https://<tenant ID>.accounts.ondemand.com/admin pattern.

2. Go to Users & Authorizations User Management .

4.4 Subscribing to Applications

1. Navigate to your subaccount in the SAP Cloud Platform Cockpit.

1. Navigate to your subaccount in the SAP Cloud Platform Cockpit.

6.1 Defining and Bundling Roles

Enterprise Contract Assembly provides the following role templates:

Role Template Description Additional Details

VD_DISPLAY Read permission on virtual documents

TM_DISPLAY Read permission on legal templates

TB_DISPLAY Read permission on text blocks

PDM_Administrator User can export the personal data using

PDM_ CustomerServiceRepresentative User can process and manage personal

6.2 Assigning Role Collections to Users

Enterprise Contract Assembly provides various configuration applications.

Following are the configuration applications that are available:

7.1 Configuring Areas

The area list view is displayed.

The default language is English.

The new area is created.

The clause types list view is displayed.

Field Name Description

Code Indicates the identifier for the clause type.

This code is visible only within the Configure Clause Types

Name Name of clause type.

This is the name that is used in the Manage Templates

Language Default language is English.

Object Type of object, select one of the fol Not applicable

Status Choose the statuses for which the authorization is appli