Exploring SAP Build Governance

Governance in SAP Build Process Automation allows administrators to establish and customize rules that control project creation and content transport. These rules ensure that all project activities align with compliance standards and organizational policies. By implementing governance, you can maintain operational integrity and enhance oversight within your development environments.

To configure governance rules, administrators must:

• Have an active subscription to SAP Build Process Automation.
• Have created a service instance and service key.
• Configure a destination for OAuth2 User Token Exchange and allow‑list it in the Governance environment.
• Assign the ProcessAutomationParticipant role to project members.
• Hold the ProcessAutomationAdmin role.

1. Navigate to Control Tower → Tenant Configuration → Governance Rules.
2. Review existing governance settings.
3. Adjust the rule Create a Project:
   • Governed: Requires approval before project creation.
   • Ungoverned: Allows project creation without approval.
4. Adjust the rule Transport a Project:
   • Governed: Requires approval for content transport.
   • Ungoverned: Allows unrestricted content transport.
5. Select Create Project Governance to apply a default governance template. The system may prompt selection of a template project.

Administrators can manage governance requests to ensure compliance with project creation and content movement workflows. This involves overseeing and processing requests to ensure that all project actions receive the necessary approvals.

To manage governance requests:

1. Go to the Control Tower.
2. Choose Governance Requests to view pending approvals.
3. Review the list of requests, noting project details and requested actions.
4. Select a specific request to check its details, including project name and status.
5. To view the workflow, choose Options and select View Workflow.

Environments in SAP Build Process Automation are virtual locations where projects are deployed and executed. They provide a means to control how projects are deployed and executed, allowing for different configurations and security levels.

There are two main types of environments:

• Shared Environments::Created by users with the ProcessAutomationAdmin role and shared with users having the ProcessAutomationDeveloperrole. Shared environments enhance security by isolating resources and projects with specific rights. This allows you to deploy the same project with different configurations for different lines of business or security requirements.
• Public Environment: Contains all existing projects deployed in SAP Build Process Automation. Access to the public environment is protected at the tenant level, granting access to all users with tenant access.

To create a shared environment, you must have the ProcessAutomationAdmin role:

1. Navigate to the Control Tower > Tenant Configuration > Environments.
2. Choose Create Environment.
3. Enter a name for the new environment in the Name field.
4. Optionally, edit the Identifier field.
5. Optionally, select a Color from the drop-down list.
6. Enter a short description of the environment in the Description field.
7. Choose Create.

Sharing an environment allows you to grant specific permissions to users or user groups:

1. In the Environments section, select a shared environment.
2. Open the environment and choose Share.
3. On the Share Environment with Members and Groups dialog, select the type of entity to share with (Users or User Groups).
4. Enter the user details (email address) or group name in the Share with field.
5. In the Authorization field, define the privileges you want to grant:
6. Monitor: View environment details and monitor deployed projects.
7. View Logs: Access detailed execution logs.
8. Deploy: Deploy and undeploy projects with Monitor rights.
9. Execute: Launch forms, processes, and visibility scenarios.
10. Administrate: Add agents or other resources to the environment; includes Monitor and Deploy permissions.
11. Supervise: Access process visibility dashboards and take necessary actions.
12. Monitor: View environment details and monitor deployed projects.
13. View Logs: Access detailed execution logs.
14. Deploy: Deploy and undeploy projects with Monitor rights.
15. Execute: Launch forms, processes, and visibility scenarios.
16. Administrate: Add agents or other resources to the environment; includes Monitor and Deploy permissions.
17. Supervise: Access process visibility dashboards and take necessary actions.
    • Monitor: View environment details and monitor deployed projects.
    • View Logs: Access detailed execution logs.
    • Deploy: Deploy and undeploy projects with Monitor rights.
    • Execute: Launch forms, processes, and visibility scenarios.
    • Administrate: Add agents or other resources to the environment; includes Monitor and Deploy permissions.
    • Supervise: Access process visibility dashboards and take necessary actions.

To access projects deployed in a specific environment:

1. Navigate to Control Tower > Tenant Configuration > Environments.
2. Select the environment.
3. Click on the project to open it in the Overview screen.

From here, you can manage and monitor the deployed projects, including triggers, automation launchers, agent management, alert handlers, variables, and API keys.

• Configuring governance rules allows administrators to control project creation and content transport, ensuring compliance with organizational policies.
• Managing governance requests ensures that all project actions receive the necessary approvals, promoting a secure and well-governed development environment.
• Creating and sharing environments enhances security by isolating resources and projects with specific rights, allowing for different configurations and security levels.