integration of microsoft rights management in sap plm · pdf fileintegration of microsoft...

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com

© 2010 SAP AG 1

Integration of Microsoft Rights

Management in SAP PLM

Applies to:

SAP ERP 6.0 EhP4 Active Directory Rights Management Services. For more information, visit the Product Lifecycle Management homepage.

Summary

SAP Product Lifecycle Management (SAP PLM) contains enormous quantities of sensitive and confidential data. Once this information leaves the SAP PLM system protecting this information in compliance to the authorizations set in SAP PLM is a challenge. Customers are therefore looking for ways how to enforce compliance via an Information Rights Management (IRM) framework. This applies for Microsoft Office documents as well as for Non-Microsoft file formats. In this whitepaper we show how Active Directory Rights-Management can be leveraged to encrypt Microsoft Office documents and give an Outlook how the same setup can be leveraged also for Non-Microsoft file formats in the near future.

Authors: André Fischer, SAP AG

Martin Bachmann, SAP AG

Florian Schneider, Microsoft

Akif Ünal, SAP Deutschland AG & Co.KG

Company: SAP AG

Created on: 11 May 2010

https://www.sdn.sap.com/irj/bpx/plm


Integration of Microsoft Rights Management in SAP PLM


© 2010 SAP AG 2

Author Bio

André Fischer works at SAP AG in the Technology Solution Management where he addresses various kinds of interoperability topics regarding SAP and Microsoft solutions. In addition Andre has lent his talents as an SAP technology consultant for eight years before joining SAP 2004.

Martin Bachmann works at SAP AG in the SAP PLM Solution Management. Martin is an mechanical engineer and joined SAP 1997 as a developer for SAP PLM. After this Martin was part of the EMEA Regional Solution Center for SAP PLM and the Automotive team.

Florian Schneider works at Microsoft as a Technical Solutions Specialist, responsible for Identity and Access Solutions. Florian joined Microsoft in 2004 as Platorm Support Engineer, worked 4 years as a Infrastructure Consultant, focused on Security Solutions.

Akif Ünal works at SAP Deutschland AG & Co.KG as Senior Business Process Consultant focused on SAP PLM. Akif Ünal works more than six years in professional consulting services and has domain expertise in project management, SAP architecture and product life cycle management implementations.



© 2010 SAP AG 3

Table of Contents

Introduction ................................................................................................................................................... 4

Active Directory Rights Management Services .............................................................................................. 5

Overview ................................................................................................................................................... 5

BulkTool .................................................................................................................................................... 5

Outlook – [Information] Vault...................................................................................................................... 5

Configuration Steps in Active Directory Rights Management Services ........................................................... 6

RMS Service Account ................................................................................................................................ 6

RMS specific User Settings........................................................................................................................ 6 Local Intranet Zone Browser Settings .......................................................................................................................... 6

Root RMS Server certificate......................................................................................................................................... 6

Regional and Language Options.................................................................................................................................. 8

Create Demo Groups to be used for templates .......................................................................................... 9

Create Demo Templates ............................................................................................................................ 9 Create templates ........................................................................................................................................................ 10

Change distributed rights policy templates file location ............................................................................. 12

Publish Template location on clients ........................................................................................................ 14

Active Directory Rights Management Services Bulk Protection Tool ......................................................... 15

SAP PLM .................................................................................................................................................... 16

PLM Access Control Context ................................................................................................................... 16

Conversion Server ................................................................................................................................... 17

How to setup the SAP PLM Conversion Server ........................................................................................... 18

Step1: Copy the required files on to Conversion Server ........................................................................... 18

Step 2: Start the conversion server using the batch file RunConvUtil.bat. ................................................. 18

Step 3: Setting up Batch Files .................................................................................................................. 18

Step 4: Configure the Conversion Server to run as a Windows Service .................................................... 18

Required Customizing in SAP ECC.......................................................................................................... 20 Create a RFC destination........................................................................................................................................... 20

DMS Customizing ...................................................................................................................................................... 22

Preparing Test examples ......................................................................................................................... 25

Monitoring the result on Conversion Server.............................................................................................. 26

Checking the Result ................................................................................................................................ 27

Limitations and ToDo‘s ................................................................................................................................ 28

Outlook 28

Related Content .......................................................................................................................................... 29

Appendix..................................................................................................................................................... 30

Appendix A( RunConvUtil.bat) ................................................................................................................. 30

Appendix B (ConvServ.bat):..................................................................................................................... 31

Appendix C (doc2drm.bat) ....................................................................................................................... 31

Copyright .................................................................................................................................................... 33



© 2010 SAP AG 4

Introduction

SAP Product Lifecycle Management (SAP PLM) contains enormous quantities of sensitive and confidential data. Once this information leaves the SAP PLM system protecting this information in compliance to the authorizations set in SAP PLM is a challenge.

Customers are therefore looking for ways how to enforce compliance via an Information Rights Management (IRM) framework. This applies for Microsoft Office documents as well as for Non-Microsoft file formats.

In this whitepaper we will show how Active Directory Rights Management Services can be leveraged to achieve this task using SAP standard technology delivered by SAP PLM out of the box.

In our scenario we are leveraging the conversion server that is shipped with SAP PLM as part of the standard. SAP PLM offers the option to perform conversion of documents that are downloaded from SAP PLM using the conversion server. The conversion server can use command line based tools to convert single documents or even complete projects before they can be downloaded by a user. An example for this kind of integration is the conversion of documents into the PDF format.

Instead of converting documents this setup can also be used to encrypt documents using Active Directory Rights Management Services (AD RM).

The implemented process and the different components that are involved are shown in the following picture.



© 2010 SAP AG 5

1. End User requests file from SAP PLM

2. Export files to Conversion Server and start BulkTool with the RMS template that matches the Access Context in SAP PLM.

3. Access published RMS Template file.

4. SAP PLM is uploading encrypted document(s) from Conversion Server

5. Encrypted files are retrieved for end user for consumption.

6. If the user tries to open the file the RMS sever is contacted for licensing and access control.

Please note that the SAP Conversion Server must run on a Windows server that is member of the Active Directory. It can run on the same hardware as the AD RMS server as in our demo scenario.

Active Directory Rights Management Services

Overview

By using Active Directory Rights Management Services (AD RMS) and the AD RMS client, you can augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved. You can use AD RMS to help prevent sensitive information—such as financial reports, product specifications, customer data, and confidential e-mail messages—from intentionally or accidentally getting into the wrong hands.

An AD RMS system includes a Windows Server® 2008 based server running the Active Directory Rights Management Services (AD RMS) server role that handles certificates and licensing, a database server, and the AD RMS client. The latest version of the AD RMS client is included as part of the Windows® 7 and Windows Vista® operating systems. The deployment of an AD RMS system provides the following benefits to an organization:

Rights policy templates are used to control the rights that a user or group has on a particular piece of rights-protected content. Active Directory Rights Management Services (AD RMS) stores rights policy templates in the configuration database. Optionally, it may maintain a copy of all rights policy templates in a shared folder that you specify. More information about RMS Template Considerations can be found here.

BulkTool

RMS BulkTool can be used to encrypt large amount of files in a command line mode.

It uses templates to specify the encryption settings that are applied to the document(s).

Outlook – [Information] Vault

[Information] Vault is a solution provided by Microsoft consulting services that leverages RMS to provide RMS enabled containers that can be used to encrypt also document formats of non RMS enabled applications.

http://technet.microsoft.com/en-us/library/dd996658(WS.10).aspx



© 2010 SAP AG 6

Configuration Steps in Active Directory Rights Management Services

In our demo landscape we configured the role of an Active Directory Rights Management Services Server on a Windows Server 2008 SP2.

RMS Service Account

Prior to RMS Server Role installation a Service Account must be created. The Accounts only needs to have domain user rights and must have permissions on the RMS Template folder in order to publish and modify ADRMS Templates.

RMS specific User Settings

Since the Active Directory Rights Management Services was configured in a demo system landscape we had to perform several manual configuration steps for all demo users on a client in our system landscape.

In our demo landscape we configured only the internal publishing and certification URL. (URL has been configured to use SSL connection). If you need access from external network, you can configure the external pipeline as followed:

a. In Administrative Tools click on Active Directory Rights Management Services. Right click RMS Server and

then click Properties.

b. Click the Cluster URLs tab, and then click the Extranet URLs check box.

c. Under Licensing, click http://, and then type the address of the external RMS URL

d. Under Certification, click http://, and then type the address of the external RMS URL

e. Click OK.

Local Intranet Zone Browser Settings

The URL of the AD RM server https://<hostname AD RM server>/ must be added to the zone Local Intranet specified in the browser settings of the test user. This can be done by logon script, software deployment or group policies. With the group policy extensions you can configure all the settings for the RMS Client. (RMS Template Path, Registry overwrites, etc)

Root RMS Server certificate

In a production environment, the certificate of the RMS server should be one that is trusted by a certification authority. If you set up a demo environment you might encounter a certificate error if you try to access the RMS web service for the first time.

If you encounter an Certificate Error: Navigation Blocked error message when trying to access the RMS web service URL https://<hostname AD RM server>/_wmcs/licensing/license.asmx proceed as follows:

1. On the Certificate Error: Navigation Blocked Web page, click Continue to this website (not

recommended).

2. In the Address Bar, click Certificate Error, and then click View Certificates.

3. On the Certificate Information page, click Install Certificate.

4. On the Welcome to the Certificate Import Wizard page, click Next.

5. Select the Place all certificates in the following store option, click Browse, click Trusted Root

Certification Authorities, and then click OK.

6. Click Next, and then click Finish.

7. You will get prompted to install the certificate also in the Trusted Root CA Users store. Accept the

popup with yes.



© 2010 SAP AG 7

Hint:

If the conversion server is configured to run as a windows service one has to log on once to the server where the windows service is running using this user and make sure that the RMS web service can be accessed without any problems.



© 2010 SAP AG 8

Regional and Language Options

When creating a template you have to select the language that the template will support and then type a Name and description to be displayed to users of that language.

It is important to check that the language selected in the Regional and Language Options of the user that is creating the templates does match the language that is selected when creating the template.

If the two settings do not match the file name of the template is not the one chosen in the description but the GUID of the template.

If more than one language is needed to be added to a template, make sure that as described above, the first language does match the regional settings language. If that is the case, you can add any additional language to the template. The name of the template will stay with the name of the template.

In our test environment we run into this problem when we created templates using the language English (United States) with a user whose Regional and Language Options were set to German (Germany).

After we changed the Regional and Language Options of that user to English (United States) the file name of the template matched the description.

To check the settings of the Regional and Language Options click on Start



© 2010 SAP AG 9

Create Demo Groups to be used for templates

For our demo we created two groups

SAP PLM 01

SAP PLM 02

in Active Directory.

It is important to add value in the field email for those groups (only email attribute necessary, no real mailbox in Microsoft Exchange) because this attribute is used by RMS to identify those groups.

The demo users were distributed as follows:

RMSTest1, RMSTest2 are members of SAP PLM 01

RMSTest3, RMSTest4 are members of SAP PLM 02

Create Demo Templates

For each Access Context in SAP PLM we create a template in AD RMS. Using this setup it is possible to achieve a 1:1 Mapping between these security contexts.

Please Note: Since the length of the descriptions of Access Contexts in SAP PLM is limited to 32 characters we have to limit length of the names of the corresponding RMS templates as well if we want to achieve a 1:1 mapping between RMS templates and RMS templates.



© 2010 SAP AG 10

Create templates

For our demo we thus created two templates

AccessContext_01

AccessContext_02

as follows using the Active Directory Rights Management Services MMC SnapIn that can be found in the Administrative Tools on the Rights Management Server:

In the ―Add User Rights‖ step we select access rights for the groups that we have created before.

In our example the following settings have been used:



© 2010 SAP AG 11

RMS Template Group Rights

AccessContext_01 SAP PLM 01 View

AccessContest_01 SAP PLM 02 Full Control



© 2010 SAP AG 12

Change distributed rights policy templates file location

We created a share on iwdfvm3134 (RMS Server host) \\iwdfvm3134\ RMS Templates that is used to ―distribute‖ templates. Usually this is done via software distribution or group policy settings. The RMS Service account must have full control on templates and therefore has to be configured as a co-owner of this share.

To activate the usage of the share click on ―Change distributed rights policy templates file location‖ and set it to the directory \\iwdfvm3134\RMS Templates that has just been created.

The Distributed Rights Policy Template information therefore now looks as follows



© 2010 SAP AG 14

Publish Template location on clients

Now this file location will be specified in the user‘s registry to enable the templates in a pull down menu

In the key HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM create a new REG_SZ value called AdminTemplatePath with the value of the UNC path where the templates are located.

In production environments usually more advanced distribution scenarios would be used where the templates will be published to the client locally, so content can also be encrypted by using templates, even if the Template share is not available. As of Windows VISTA an appropriate Windows scheduled task is available that will check for changed templates.

When a user now tries to protect an office document the templates will be offered as a selection of templates available on the share.

Hint:

Be sure to delete any spaces at the end of the UNC path because otherwise the file location will not be recognized.



© 2010 SAP AG 15

Active Directory Rights Management Services Bulk Protection Tool

The Active Directory Rights Management Services Bulk Protection Tool was downloaded from the Microsoft Web Site.

http://www.microsoft.com/downloads/details.aspx?FamilyID=F9FBE58F-C175-41D0-AFDC-6F160AB809CD&displayLang=en





© 2010 SAP AG 16

SAP PLM

PLM Access Control Context

For optimizing collaboration in product development with external, internal employees and partners with restricted access to the SAP Product Lifecycle Management (SAP PLM) back-end system, the concept ―access control context‖ in SAP PLM is implemented as of SAP ERP 6.0 EhP4. This supports for example the following process:

External employees from another design team are working together with internal employees in a project in the same office on the same SAP PLM back-end system. The external employees should have access only to the project data.

Internal employees from a subsidiary with limited trustworthiness are working together with other internal employees on the same SAP PLM back-end system. The internal employees from a subsidiary with limited trustworthiness should have access only to the data relevant for their work.

Trusted contract manufacturers accessing manufacturing data require direct controlled access to the SAP PLM back-end system of the original equipment manufacturer (OEM) to increase process efficiency. The contract manufacturer should get only access to the data that is relevant for the collaboration with the OEM.

Access context management supports the following procedures:

Granting controlled direct access to the SAP PLM back-end system. For trusted external partners a presentation layer is provided in the demilitarized zone (DMZ), through which they can access the data in the internal system. This approach is compliant with then network security approach called ― Layered Defense‖.

Controlling intranet and extranet access by an authorization concept that supports authorizations on object level.

Administration of authorizations within departments or projects.



© 2010 SAP AG 17

The key object of the new authorization concept is the Access Control Context, which groups the PLM Objects together and established in a hierarch representing a project/ product parts.

For the context object an administrator can define context roles, relevant for the project/part. The context roles are administrated centrally by the system administrator so that the project administrator can choose from a set of predefined roles. Examples for context roles are: BOM administrator, CAD Designer, Engineer, Purchaser, and Reviewer.

The project members are assigned to the appropriate context role. You can also assign user groups to a context role.

Finally, the objects that are part of the new collaboration must be assigned to the context. The supported objects are material master, engineering change master, bill of material, and document info record. Objects can be owned by only one context, but can be assigned to a limited number of compound contexts. A compound context allows access to objects from various contexts by only accessing one context.

Example Access Contexts

ACC1 (AccessContext_01)

ACC2 (AccessContext_02)

These will be used later and accessed via a work around.

Conversion Server

As part of the SAP PLM shipment SAP provides a basic conversion server that can be used to perform document conversions using command line tools.

Technically the conversion server is a simple RFC Registered Server Program. An RFC server program can be registered with the SAP gateway and wait for incoming RFC call requests as shown in

From the SAP PLM System it is thus accessed through a TCP IP RFC destination with activation type ‗T‘ Registered Server Program.

In this integration scenario the Conversion server must run on a Windows server where the client component of Active Directory Rights Management Services (AD RMS) is installed with the operating system.

The Conversion server must be started using a domain user that has appropriate rights in AD RMS.

On the conversion server there are two ways to start the service (either or – not both…):

1. Manually by the user starting batch file or

2. Automatically as a Windows service.



© 2010 SAP AG 18

You should start with option 1 when setting up the configuration because any error messages are available in clear text in the command prompt. Since option1 is not ideal for productive usage you should start the Conversion server as a Windows server once the setup has been tested.

Please note that you cannot start the conversion server at the same time manually and as a Windows service. The second attempt to register the Conversion server would fail it is only possible to register once using the same registration ID at the SAP Gateway.

In our demo environment we configured the Conversion server on the same server that hosts the RMS server role.

How to setup the SAP PLM Conversion Server

Step1: Copy the required files on to Conversion Server

Create a separate directory on the Windows server and copy the required files into this directory. You should always make sure to have up-to-date versions of the .exe and .dll files).

In the mentioned Wiki you can see where to find the files:

- SAPhttp.exe

- SAPftp.exe

- Librfc32.dll

- ConvServSamp.exe

- ConvUtil.exe

- Sleep.exe

Step 2: Start the conversion server using the batch file RunConvUtil.bat.

You can start the conversion server using the batch file RunConvUtil.bat. The coding for the batch file is available in Appendix A.

Starting the Conversion server this way is easier for development and debugging but is usually not ideal for productive usage. The batch file has to be started one time, only then the SM59 can be used to check whether the system is able to connect to this RFC server program.

Step 3: Setting up Batch Files

A script file is required for setting up the start parameters of the real conversion batch file (ConvServ.bat) -> Appendix B

In a third file the real conversion from Word to a protected version is done. In this batch file the Microsoft DRM bulk-tool is called with the required parameters. Please also have a look at the ToDo Chapter.

(doc2drm.bat -> Appendix C)

More details on the used syntax in the MS-DOS Batch can be found here:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/percent.mspx?mfr=true

These Batch files are only templates to illustrate the general idea. Of course they can be changed

depending to customer requirements. In addition the batch-files from the appendix contain a lot of remarks

and comments for information.

Step 4: Configure the Conversion Server to run as a Windows Service

The procedure how to start a registered RFC server program as a Windows service is described in detail in the blog How to start a RFC Registered Server Program as a Windows service that Andre has published in SDN recently.

The executable ConvUtil.exe is called using the following syntax

ConvUtil.exe -a conv_util -x 3350 -g q35main.wdf.sap.corp

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/percent.mspx?mfr=true

http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/19007



© 2010 SAP AG 19

Therefore the following value has to be entered in the Windows service registry settings

In the service Control Centre you can now define the Startup-behaviour for the new windows service.

You have to make sure that programs that are started by the conversion server can be reached by the user

running the service.

Therefore one should first try to start the service manually as described above.



© 2010 SAP AG 20

Required Customizing in SAP ECC

Create a RFC destination

We can now set up a RFC Connection in SM59 to test the communication between the SAP PLM system and the conversion server.

1. Create new RFC Destination (T)

2. Enter as program ID the ID that is used in parameter “a” by the conversion server (see above). In

our example we have to use the program-ID “conv_util “.

When there is a successful connection, then the Connection Test should look like this:



© 2010 SAP AG 22

DMS Customizing

Setting up Conversion Server Customizing in DMS Customizing:

Go to ‗Maintain Converter‘. Here the RFC-Destination from SM 59 needs to be entered.



© 2010 SAP AG 23

In ‗Define Conversion‘ the parameters for the Conversion need to be entered (which Document Type, which Workstation Application as a source and target, timeouts,). Also the path on the conversion server is required. At this path on the conversion server the folders containing the information will be created.



© 2010 SAP AG 25

Preparing Test examples

Now a DIR can be created, containing a Word-file:

Since as of today the Access Control Parameters are not handed over via the conversion server, we are using the workaround to enter the parameters as characteristics to figure out the access rights. This is only a workaround that could be changed via enhancements e.g. via BADIs …



© 2010 SAP AG 26

Either by a status change or via Transaction CONV02 the conversion can be started. Monitoring is possible via transaction CONV01.

Monitoring the result on Conversion Server

As a result on the Conversion Server for every conversion a new directory is created with two sub-folders (in, out).

The file is copied to the in-folder, and is then, after the conversion, copied to the out-folder. After a successful conversion a file is created in the out-folder, the ConvPath.txt file. The Batch-Program is monitoring, if this file is there. If it can be found, the file which is mentioned inside this file is copied back to the DIR.



© 2010 SAP AG 27

Checking the Result

When logging on to a RMS enabled client using the demo user RMSTest1 it is possible to check the permissions set on the Word document for the user RMSTest1. When trying to open the Word document the user RMSTest1 gets a dialog telling him that permission to this document is currently restricted and have to be downloaded from the RMS Server.

The user RMSTest1 has the permission to view the document because the user is member of the group SAP PLM 01 that has been assigned view permissions using the template ACC1.



© 2010 SAP AG 28

Limitations and ToDo’s

Some tasks have not been implemented by us as part of this PoC. They can however be performed by those who want to implement this scenario.

Currently the main script doc2drm.bat uses a hardcoded template name to encrypt the files using the RMS BulkTool. Since inside the ClassData.txt file the values of the description of the characteristics are available these need to be extracted by the script doc2drm.bat.

Since the length of descriptions of Access Context in SAP PLM is limited to 30 characters we are limited to the same number of characters used in the descriptions of Rights Management Policy templates since we would like to achieve a 1:1 mapping out of the box.

For every Access Context created in SAP PLM a corresponding RMS template has to exist or has to be created. This could for example be achieved by the implementation of an appropriate workflow and the usage of an Identity Management Tool.

Please note that the regional settings of that user have to match the language chosen for the description.

Outlook

Especially Non-Microsoft file formats used by computer-aided design (CAD) tools are frequently stored in SAP PLM. Therefore customers would like to encrypt those document types as well.

Using the solution [Information] Vault that is provided by Microsoft‘s consulting services it is possible to leverage the integration of Microsoft Active Directory Rights Management Services and SAP PLM also for non-Microsoft document formats.

The [Information] Vault solution is able to store non-Microsoft format documents in a container (similar to a zip file). Rights Management settings can be applied to this container using a command line tool that can be started by the conversion server of SAP PLM like the described integration using the RMS Bulk Tool.

The usage of [Information] Vault will be described once this solution is available for customers in an upcoming whitepaper. Please stay tuned.

Since Rights Management templates can be created using scripts (see Related Content) it might be an option to try to automate the creation of such templates.



© 2010 SAP AG 29

Related Content

1. SAP Online Help – Conversion Server

http://help.sap.com/erp2005_ehp_04/helpdata/EN/e1/6ae63736544d4de10000009b38f8cf/frame

set.htm

2. Wiki on Conversion Server

https://wiki.wdf.sap.corp/wiki/display/PSupportERPPLM/Document+Conversion+-

+Conversion+Server

3. How to start a RFC Registered Server Program as a Windows service?


SAP DMS

http://www.sdn.sap.com/irj/bpx/plm?rid=/webcontent/uuid/10887281-217c-2b10-e4a9-

beffa143e16b

4. SAP Online Help: Registering Server Programs with the SAP Gateway

http://help.sap.com/saphelp_nw04/helpdata/en/22/0429aa488911d189490000e829fbbd/framese

t.htm

5. Configuring Rights Policy Templates using PowerShell scripts

http://technet.microsoft.com/en-us/library/ee221066(WS.10).aspx

6. For more information, visit the Product Lifecycle Management homepage.

http://help.sap.com/erp2005_ehp_04/helpdata/EN/e1/6ae63736544d4de10000009b38f8cf/frameset.htm

http://help.sap.com/erp2005_ehp_04/helpdata/EN/e1/6ae63736544d4de10000009b38f8cf/frameset.htm

https://wiki.wdf.sap.corp/wiki/display/PSupportERPPLM/Document+Conversion+-+Conversion+Server

https://wiki.wdf.sap.corp/wiki/display/PSupportERPPLM/Document+Conversion+-+Conversion+Server


http://www.sdn.sap.com/irj/bpx/plm?rid=/webcontent/uuid/10887281-217c-2b10-e4a9-beffa143e16b

http://www.sdn.sap.com/irj/bpx/plm?rid=/webcontent/uuid/10887281-217c-2b10-e4a9-beffa143e16b

http://help.sap.com/saphelp_nw04/helpdata/en/22/0429aa488911d189490000e829fbbd/frameset.htm

http://help.sap.com/saphelp_nw04/helpdata/en/22/0429aa488911d189490000e829fbbd/frameset.htm

http://technet.microsoft.com/en-us/library/ee221066(WS.10).aspx




© 2010 SAP AG 30

Appendix

Appendix A( RunConvUtil.bat)

@echo off

rem $Id: //lo/dev/src/converter/NTintel/Word2pdf/RunConvUtil.bat#2 $ SAP

rem (c) Copyright SAP AG Walldorf, 2000

rem use transaction sm59 (in SAP R/3) to create an RFC destination

rem pointing to this file (RunConvUtil.bat).

rem choose 'T' as 'Connection type' and

rem 'Registration' as 'Activation Type'.

rem Enter 'p08551.doc2pdf.ConvUtil' into the 'Program ID' field.

set ProgramID=conv_util

rem hint: you can choose any program ID you like.

rem But make sure the value you define in this program for

rem ProgramID is identical with the setting of Program ID in sm59

rem choose 'Destination->Gateway options' in the top menu.

rem enter the name of your gateway host (e.g. pwdf0288) and

rem your gateway service (e.g. sapgw28) into the appropriate fields.

set GATEWAY_HOST=q35main.wdf.sap.corp

set GATEWAY_SERVICE=sapgw50

rem hint: you MUST change the settings (pwdf0288 and sapgw28) used

rem in this example according to your local environment !!!

rem Ask you system administrator for your gateway host

rem and gateway service.

rem Start this program (RunConvUtil.bat) and

rem test the RFC destination using the button 'Test connection' !!

rem add path's to the PATH variable to make sure the

rem following programs will be found:

rem - sapftp.exe and saphttp.exe (on the SAP client CD)

rem - ConvUtil.exe

rem - ConvServ.bat (shell script in this directory)

set PATH=%~dp0;%~dp0..;%PATH%

:START

ConvUtil.exe -a %ProgramID% -g %GATEWAY_HOST% -x %GATEWAY_SERVICE%

echo ConvUtil stopped, start again in 1 minute

sleep 60

goto :START



© 2010 SAP AG 31

Appendix B (ConvServ.bat):

@echo off

rem $Id: //lo/dev/src/converter/NTintel/Word2pdf/ConvServ.bat#1 $ SAP


rem sample file to start the translator using ConvUtil

rem %~dp0../ConvServSamp.exe -s %~dp0doc2pdf.bat %*

%~dp0ConvServSamp.exe -s %~dp0doc2drm.bat -readDocumentDetails -logFile %~dp0Conversion.txt -consoleLog %*

Appendix C (doc2drm.bat)

rem @echo off

rem $Id: //lo/dev/src/converter/NTintel/All2txt/All2txt.bat#2 $ SAP


set VERSION=%1%

rem indicates the features currently supported by R/3

rem 1: first Version

rem 2: key of document passed to the converter

rem 4: CURRENT_USER is passed to the converter and

rem bapireturn supported (=> you will see messages in the

rem Appl. Log. if BAPI_DOCUMENT_GETDETAIL2 fails)

rem 5: SY_LANGUAGE is passed to the converter

set WORKDIR="%~dp2"

cd %WORKDIR%

rem temporary working directory unique for each conversion process

rem set in double quotes (")

set IN_FILE="%~f3"

rem path name of file which must be converted


set LANGUAGE=%4%

rem preferred language for error messages as set in the customizing

rem (X: no language specified)

rem hint: compare SY_LANGUAGE=%9%

set TIMEOUT_MINUTES=%5%

rem after this time the converter should stop

set CONVERSION_NAME=%6%

rem unique name of this conversion

set DOCUMENT=%7%

rem key of document in double quotes ("), 33 digits long:

rem first 3 digits: documenttype

rem next 25 digits: documentnumber

rem next 3 digits: documentpart

rem next 2 digits: documentversion



© 2010 SAP AG 32

set CURRENT_USER=%8%

rem user who initiated the conversion (implicitly or explicitly)


set SY_LANGUAGE=%9%

rem Language used by %CURRENT_USER% in SAP R/3


"C:\Program Files (x86)\AD RMS Bulk Protection Tool\rmsbulk" /encrypt "%~f3" "d:\rms templates\AccessContext_01.xml"

move "%~f3" %WORKDIR%

echo %~dp2%~n3%~x3 > ConvPath.txt

echo Done



© 2010 SAP AG 33

Copyright

© Copyright 2010 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server,

PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX,

Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered

trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP

Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable fo r errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the

express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituti ng an additional warranty.

integration of microsoft rights management in sap plm · pdf fileintegration of microsoft...

Documents