Showing results for 
Search instead for 
Did you mean: 

digital signature in QM

Former Member
0 Kudos

Hi all,

I have some douts pls help me to solve it

1)The digital signature ensures that certain tasks are only performed by specially authorized users and documented in a signed document together with the name of the undersigned person, and the date and time.

But this can also be met by using basis tools providing authorisation to restricted usere only for UD and Result recording

then what is the use of Digital signature?

2)If i am using digital signature it is not reflecting any where.

i can olny see logs for that under Tcode DSAL


Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
0 Kudos

Hello Guys

I would like come back to the part of original question ..  "then what is the use of Digital signature?"

Its clear and its nice functionality with double logging and the password ( in case of system signature).

But I just wonder what it gives more...

This is called 'digital signature' - I assume there is kind of encryption done on  the signed data.. but could not find any info on it. I assume I should be able to see/display also what I have signed. But DSAL transaction  is quite simple, for example I can not find information what was the UD code .. Signature should be linked with the signed data..I can not find this..the only link is the lot this enough?

What if someone is manipulating on the tables and he is changing the UD code.. what DSAL will display.. how it proves that data has not been changed...

Maybe someone can put some more light on it.


Active Contributor
0 Kudos


Please create this as new question.  We try not bring back really old posts.  But putting a link to this older one in your new one would keep the info linked up.


Former Member
0 Kudos

It's nice to see an article I wrote almost 8 years ago show up on this page!



Active Contributor
0 Kudos

What's really nice is you were credited too!!!

With the amount of cut and pasting that goes on you are lucky!


Active Contributor
0 Kudos

Hi Carl

Now signature strategy have been introduced. Can you release or post a document how we can use signature strategy for result recording by multiple signature.  As i have implemented but how i can implement for multiple and what is use of it in result recording.



Former Member
0 Kudos


To just help you further, I would like to share a beutifull artical rather a white paper artical on SAP tips from Carl Dunlap. That may help you!!!

Pls find the URL for the same.


update us to help you more, reward points to help you better!



Active Contributor
0 Kudos

The digital signature process is meant to satisfy specific regulatory requirements. Yes.. you can use standard SAP security. But what prevents me from using your account and recording results if you signed on already? In many labs and plants I've seen one person log on and everyone on shift uses that log on to record data. Wrong.. but it does happen.

With the digitial signature process your forced to reenter at a minimum, the users valid password. Which means to accomplish the above, the password would have to be shared. Which does happen too!

In a true digitial signature system the validation is not simply a password but a token or biometric measure. This might be a secure ID token where the number changes every 30-60 seconds. The user must enter the number on the token. The system knows what number should be on the token at a given time based on some security algorithim. A biometric measure might be a fingerprint reader connected to the work station, a palm reader, or an iris scanner to name a few.

If you are using a digital signature in SAP you should know it. It would pop up a window requiring a password to be enterred. If you used more extensive checks, you would have to have set up the bio-metrics with an outside vendor who would show you how to set it up.


Former Member
0 Kudos

Hi craig ,

First thanks for reply . Criag i know that system will ask me user name and passord while saving results and UD. I know how to map digiatl signature in QM

But i never implemented digitital signature in any of the client so can u pls tell me what kind of inputs i will require if i want to integrate digital signature with other biometric measure


Active Contributor
0 Kudos

I pasted below the help file info from SPRO on digitial signatures. This gives you a good overview. You can find more info on this by searching help for information on SSF Settings for the System Signature. SSF = Secure Store and Forward and you will help files on this as well. These areas are set up by BASIS folks, not QM. You may want to inquire in a BASIS forum for more specific info on setting this up.



The basis application component Secure Store and Forward (SSF) is used to realize digital signatures in the SAP System. This section tells you how to make the following settings:

SSF settings for the digital signature

Which settings you make here depends on the signature method you use (see Specify Signature Method for Approval Using Simple Signature and Define Signature Strategies)

The complete names of the users that are supposed to execute the signatures as well as their personal time zones

When a signature is executed, the system copies the signatory name together with the local time according to the signatory's personal time zone to the signed document.


All users can maintain their address data and defaults by choosing System -> User profile -> Own data. The general user settings along with the SSF settings for the user are part of this data. Therefore if you use digital signatures, do not assign the authorization to maintain own data to all users.


If you use the user signature as your signature method, you need an external security product that islinked to your SAP System by way of SSF.

Note that you should not store the users' Personal Security Environment (PSE) in a file system but rather, for example, on a smart card. The PSE software does not comply with legal requirements for digital signatures.

Standard settings

The SSF settings for the system signature are contained in the standard system.


SSF Settings for the User Signature

1. Go to Customizing for Basis Components, choose System Administration -> Digital Signature and carry out activity Application-Dependent Parameters for SSF Functions.

2. Enter the SSF information for the users that are supposed to execute digital signatures. If you want, you can also make the general user settings now (see below).

a) Go to user maintenance.

b) Enter the user ID of the user whose data you want to maintain and choose Change.

c) Go to the Address tab page.

d) Choose Other communication and double-click SSF (Secure Store & Forw.).

e) Enter the user's SSF information.

How the entries must be structured depends on the security product you use.

f) Choose Continue and save your entries.

SSF Settings for the System Signature

Check and, if required, maintain the standard settings. To do so, go to Customizing for Basis Components, choose System Administration -> Digital Signature and carry out the following activities:

Application-Dependent Parameters for SSF Functions

SAPSECULIB Maintenance Information

General User Settings

1. Go to user maintenance.

2. Enter the user ID of the user whose data you want to maintain and choose Change.

3. Go to the Address tab page and enter the user's first and last names.

4. Go to the Defaults tab page and enter the user's personal time zone.

5. Save your entries.