Reporting on Access Control 5.3 with SAP BO 4.0

Similar Messages

• Access control's method with MVVM

  Let's say I want to access an element control's method with MVVM.
  My idea is to call these methods through an event fired from ViewModel, maybe using
  DependencyProperty and Blend interactivy.
  Some suggestions?

  I don't really get what you're trying to achieve. Could you be more explicit?
  If you need to name a control you're on the wrong track with MVVM! Generally you should really
  not call a control's methods from a ViewModel, otherwise that'll make it impossible to run unit tests on that class.

• Nameidentifier claims is no longer in the token issued by Access Control Service(ACS) with newly created ACS

  Hi,
  In our existing ACS, when we add a new relying party with that associate with rule as bellow:
  input claim type as
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
  and output claim type as
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
  When I used the ACS created previously, for token I received, I have
  Received claims with existing ACS:
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier:           testoem2,
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name:             TESTOEM2-MS,
  htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider:                htps://wp8partnerservicesv1-tst.accesscontrol.windows.net/
  but for the new ACS namespace, when I configure it exactly the same way, I receive
  htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name:             TestOem2-MS,
  htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider:                htps://zackpartnerservice1-tst.accesscontrol.windows.net/'
  The nameidentifier claim is no longer in the token.
  Does anyone from Azure ACS team know what change in ACS might have cause this issue and how do I config the ACS so that I can get nameidentifier claim in the token too?
  since my account is not verified, I use h_ttp instead of http in my question.
  thank you,
  Zach

  Greetings, Zach!
  Please refer to this:
  https://msdn.microsoft.com/en-us/library/hh446535.aspx
  The article elaborates how federated identity works with ACS.
  Thank you,
  Arvind

• SAP GRC Access Control 5.3 intergration with orcale

  Good Day GRC Gurus,
  We want to integrate SAP GRC Access Control 5.3 with ORACLE.
  It would be great if someone could share some documents, presentation and experience on the same.
  Thanks in advance!!!!!!!!!!!!!
  Thanks and Regards,
  Jagat

  Hello Hersh,
  RTA for Oracle is basically a set of PL/SQL stored procedures to create grc schema, grant access and object creation. The package was created using oracle 11.5.10.2 version. I am not sure about the compatibility of the package with the new versions of oracle but still batch mode risk analysis is achievable even if the RTA is not compatible.
  I do not really like batch mode but it does serve the purpose. If I get a chance to test oracle RTA on new version I will surely share it with you.
  Best Regards,
  Amol Bharti
  http://amudee.com

• Cross-enterprise integration of SAP GRC Access Control with PeopleSoft

  Friends,
  Does anybody has/have/had the owner to implement Cross-enterprise integration of SAP GRC Access Controls 5.2 with PeopleSoft ?
  If yes, what are the key points and approach one should keep in mind while going for this kind of cross-enterprise implementation.
  Is there any reference material, blog, wiki or such informative resource regarding cross enterprise GRC implementation available on the web?
  I tried to search, but could not get good results.
  Any help would be highly appreciated.
  Best Regards,
  Amol Bharti

  Amol-
  From my experience:
  CC 5.2 with Peoplesoft: as long as you have the RTA's installed in the Peoplesoft system and create the connectors in CC, you are good to go.
  AE 5.2 with Peoplesoft: cannot provision to Peoplesoft, however you can connect with Peoplesoft HR for Password Self-Service.  You have the capability to provision to SAP HR.
  FF 5.2 with Peoplesoft: N/A
  RE 5.2 with Peoplesoft: N/A
  I am not sure if there are any standalone docs out there for AC integration with Peoplesoft.  And the 5.2 manuals have sparse information on integration.  However, the AC 5.3 manuals have more detailed info on the integration piece with various other non-SAP systems.
  Sorry, I couldn't share more info, as that is all I know for now...
  Ankur
  GRC Consultant

• Custom GRC  access control reports

  Hi,
  Is it possible to have custom reports for access control?  Specifically we are looking at developing reports based on roles and users for compliance calibrator (risk analysis and remidiation). 
  Thanks.

  Hi Clark,
  Just go through with the following document......
  http://www.sdn.sap.com/irj/bpx/index?rid=/library/uuid/706f48c6-9694-2c10-319f-c379570dc988&overridelayout=true
  You will come to know all the new features about custom reports.
  Regards,
  Mohit

• Error while Connecting report Best Practices v1.31 with SAP

  Hello experts,
  I'm facing an issue while trying to connect some of my reports from Best Practices for BI with SAP.
  It only happens when it's about info sets, the other ones that are with SAP tables go smoothly without a problem.
  The most interesting is I have already one of the reports connected to SAP info sets.
  I have already verified the document of steps of creation of additional database that comes with BP pack. They seem ok.
  Here goes what Crystal Reports throws to me after changing the data source to SAP:
  For report "GL Statement" one of the Financial Analysis one which uses InfoSet: /KYK/IS_FIGL_I3:
  - Failed to retrieve data from the database; - click ok then...
  - Database connector error: It wasn't indicated any variant for exercise (something like this after translating) - click ok then
  - Database connector error: RFC_INVALID_HANDLE
  For report "Cost Analysis: Planned vs. Actual Order Costs" one of the Financial Analysis one which uses InfoSet: ZBPBI131_INFO_ODVR and ZBPBI131_INFO_COAS; and also the Query CO_OM_OP_20_Q1:
  - Failed to retrieve data from the database; - click ok then...
  - Database connector error: check class for selections raised errors - click ok then
  - Database connector error: RFC_INVALID_HANDLE
  Obs.: Those "Z" infosets are already created in SAP environment.
  The one that works fine is one of the Purchasing Analysis reports:
  - Purchasing Group Analysis -> InfoSet: /KYK/IS_MCE1
  I'm kind of lost to solve this, because I'm not sure if it can be in the SAP JCO or some parameter that was done wrongly in SAP and I have already check possible solutions for both.
  Thanks in advance,
  Carlos Henrique Matos da Silva - SAP BusinessObjects BI - Brazil.

  I re-checked step 3.2.3 - Uploading Crystal User Roles (transaction PFCG) - of the manual where it talks about CRYSTAL_ENTITLEMENT and CRYSTAL_DESIGNER roles, I noticed in the Authorizations tab that the status was saying it hadn't been generated and I had a yellow sign, so then that was what I did (I generated) as it says in the manual.
  Both statuses are now saying "Authorization profile is generated" and the sign is now green on the tab.
  I had another issue in the User tab (it was yellow as Authorizations one before generating)....all I needed to do to change to green was comparing user (User Comparison button).
  After all that, I tried once more to refresh the Crystal report and I still have the error messages being thrown.
  There's one more issue in one of the tabs of PFCG transaction, it is on the Menu one where it is with a red sign, but there's nothing talking about it in the manual. I just have a folder called "Role menu" without anything in it.
  Can it be the reason why I'm facing errors when connecting the report to SAP infoSets? (remember one of my reports which is connected to an infoSet works good)
  Thanks in advance,
  Carlos Henrique Matos da Silva - SAP BusinessObjects BI - Brazil.

• Getting Started with SAP-HCM training

  Dear All,
  After quiting job in India, I have recently shifted to USA on H4 visa. My professional background includes four years of experience into Human Resource with one of the leading DTH providers in India. I want to do SAP-HCM training, which might help in career start in US market.Looking forwarded for a proper guidance & suggestions..............How to start ?
  Regards,
  Anud

  Hi Anud,
  if you follow this link you will find under "support" the recruit to retire business processes that cover all aspects of HCM training & certification in the SAP context.
  https://training.sap.com/shop/catalogue/by-business-process
  Instead of attending in person training you can receive access to all learning content for self-study via SAP Learning Hub, which also includes instructor moderated Learning Rooms and access to training systems with SAP Live Access, helping you prepare for SAP Certification.
  https://training.sap.com/shop/learninghub
  Good luck!
  Arnold

• Crystal Reports access to SAP/CRM 6.0 with Integration with SAP Solutions

  Hello,
  we are running Crystal Reports 2008 with SAP CRM 6.0.
  To boost productivity or Report writeing we need especially access to:
  - Function Modules
  - the CRM Business Objects Repository (Transaction SW01).
  What kind of SAP/CRM  ( or SAP / ERP )  Objects can be accessed with the Integration for
  SAP Solutions ?
  The BO Documentation  [BusinessObjects XI Integration for SAP Solutions User's Guide|http://help.sap.com/businessobject/product_guides/boexir31SP2/en/xi31_sp2_bip_sap_user_en.pdf]  does not give a clue if this is possible.
  However,  Ingo Hilgefort stated in his book that it is at least possible to access  ABAP Functions, SAP Querries and SAP InfoSets.
  What is the minimum product portfolio and the necessary Version - Can I install the following products stand alone ?
  Crystal Reports 2008
  Integration for SAP Solutions
  Tomcat / Jaco
  or
  Must I need at minimum BO Edge  and must install the CMS Server ?
  Thank You
  Martin

  HI,
  What kind of SAP/CRM ( or SAP / ERP ) Objects can be accessed with the Integration for
  SAP Solutions ?
  here is also a blog about this:
  /people/ingo.hilgefort/blog/2008/03/23/businessobjects-and-sap-part-4
  However, Ingo Hilgefort stated in his book that it is at least possible to access ABAP Functions, SAP Querries and SAP InfoSets.
  >> correct. It is also in the Installation Guide / User Guide for the SAP Integration kit. You can use ABAP Functions, ABAP / SAP Queries, InfoSets, Tables
  What is the minimum product portfolio and the necessary Version - Can I install the following products stand alone ?
  Crystal Reports 2008
  BusinessObjects Integration for SAP Solutions
  BusinessObjects Edge or BusinessObjects Enterprise
  Ingo

• Integrating SAP HCM with third party Access Control System

  Hi Experts,
  We have client using SAP HCM and intend procuring an Access Control Solution to manage her people.
  What the client wants to avoid though is having to create a new employee in SAP HCM and manually creating same in the Access Control Software. Is there a way this can be automated such that upon recruitment of new staff, the data is updated in the Access Control DB which uses MS SQL? If this is possible, what is required to get this working well.
  Thanks for your support in this regard.
  Regards
  John

  For time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
  It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
  These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
  I hope this answer will help.

• SAP Business Objects Access control with BI4.1 and enterprise authetication

  Hi Team,
  We are on BI 4.1 with enterprise authentication. We are using IDM (oracle waveset 8) for access management. Currently we receive request from IDM and we manually configure user in BI4.1. We are now planning to automate this process, like as soon as user request place request through IDM , his access wil lget configure in BI 4.1
  can we achieve this using SAP Business Objects Access controle or with any other method ? Need your guidance
  Thanks,
  Nivedita

  Hi Andrea,
  1. you configure the BOE Server with the SAP authentication for your SAP server
  1b you configure trust between the portal server and the SAP system
  2. you import the portal iView template as part of the SAP Kit into the portal server
  3. you create a new system (or use an existing one) in the portal system landscape and configure the properties of the Crystal Enterprise properties
  4. you create a new iView based on the portal iView template
  ingo
  I have some difficulties to create a new system, I don't know witch option i should choose.
       System (from template)     
       +BI JDBC System
       BI ODBO-Compliant OLAP System
       BI SAP Query System
       BI XMLA-Compliant OLAP System
       EP 5.0 System
       HTTP System
       JDBC System
       KM Lotus System
       KM WebDAV System
       KM Windows System
       SAP system using connection string
       SAP system using dedicated application server
       SAP system with load balancing
       Web Service System using WSDL URL+
       System (from PAR)
       com.sap.km.cm.repository.manager
       com.sap.km.common.domino
       com.sap.netweaver.coll.appl.gw
       com.sap.netweaver.coll.appl.sync
       com.sap.portal.httpconnectivity.urlsystem
       com.sap.portal.ivs.sl.connector.helper
       com.sap.portal.runtime.application.soap
       com.sap.portal.systems.bi
       com.sap.portal.systems.datasource
       com.sap.portal.systems.EP5
       com.sap.portal.systems.jdbc
       com.sap.portal.systems.sap
       com.sap.portal.systems.webservices
       com.sap.portal.unification50.template
  Thanks a lot
  Selvam

• Access Control 5.3 RAR - BW Reporting 0GCC_UPV

  Hi experts,
  I have activated the SAP GRC Access Control content and everything works fine so far. However, I can't report risks by users properly, as mitigated controls are not taken into account in cube 0GCC_UPV. Mitigated users are stored in 0GCC_MTUS.
  Has anyone experience with this ? Of course we want to report on users which are not mitigated and still have risks.
  The query select * from virsa_cc_prmvl on Java Stack says that MITREFNO is always empty. However, there is the possibility on the java stack to report on users and select/deselect mitigation. I don't believe they join two tables during runtime !
  Any help is appreciated !
  Thanks,
  Max

  Hi Annie,
  For your first question check this thread -
  GRC 5.3 Zero Violations & unable to exclude critical profiles
  Question 2:
  When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
  As per my uderstanding mgt-risk violation will show you the results based upon the selected criteria in the view and not based upon the background job you selected. Once Full Batch Risk Analysis is done, the data is there in GRC database. After that it keeps syncing each time you run a new batch risk analysis and adds any new changes.
  Showing in mgmt report is based upon what you select to see.
  Regards,
  Sabita

• Difference between SAP Access Control and IDM

  Hi Expert,
  I have one question What is the difference between SAP Access Control and SAP Identity Management ?

  Ali,
  That's a good question, but a tough one.
  While both applications can do most of what the other can do, it's a matter of specialization in my opinion.
  Access Control is all about managing and controlling access to SAP system roles and has the ability to report on role conflicts for compliance and reporting purposes. (I'm sure I'm leaving a lot out, but maybe a GRC / AC expert can fill in more details)
  SAP IDM is about managing the user life cycle with regards to landscape and enterprise systems. It will handle the creation, update and ultimately the removal (or de-provisioning) of users in SAP ABAP, SAP JAVA, LDAP, JDBC, and API based applications.  It will also do Role Management through a web based UI (User management is web based as well). and as of the latest Service pack for SAP IDM 7.2, it will do attestation (limited certification) as well. It is a definite upgrade to CUA as it will work with a greater variety of systems, include workflows and approvals.
  GRC will do some provisioning, but it's somewhat limited, as is IDM's compliance abilities.
  The applications are designed to work together, however it does not have a great track record and the integration is typically heavily modified to work as desired.
  If you have specific questions, feel free to post / DM.  Obviously I am more knowledgeable about IDM, but I'll be happy to help you in any way possible.
  Regards,
  Matt

• Creating SOD matrix with the help of Access control default ruleset

  I am creating the SOD matrix for the existing roles of CRM and HR modules.  As I am the security consultant therefore does not have the functional knowledge about the conflicts for CRM and HR transactions. My question is can I use the function/actions/risks conflicts provided with the Access control 5.3 default ruleset.  We are not using Access control for these systems, so I want to know whether I can take the help of AC 5.3 default risks to create the SOD matrix based on it.
  For e.g, like H001 default HR risk, I would make sure not to assign PA30(maintain HR data) with the PA03/PA04(maintain personal control record) as this will result in the providing conflict "Modify payroll master data and then process payroll". 
  Once I have the SOD list based upon AC 5.3, I can consult the Business approver/auditor to verify and modify as per the business requirement.
  Maybe I am thinking the wrong way, please provide your inputs so I can work on it.  Any help appreciated.
  Thanks,
  Sanjay Desai

  The most important thing to keep in mind is that you need to build a rule set that reflects the customers real business risk!
  What you build there will influence the way the customer will be able to continue work, assign access and perform control activities. The input HAS to come from the business!
  You can use the SAP standard risk definitions as a starting point for discussions, and the HR functions are an excellent building block to identify the transactions and necessary authorization objects that allow users to perform the actions.
  But the real challenge is to identify the risks as perceived/accepted by the business!
  Frank.

• NWBC no option "Access Control" - can't start working with GRC 10.0

  I have installed GRC AC 10.0 and have followed the post-installation documentation. All seems to be fine so far.
  But when I run NWBC, I do not get the Icon/Option "Access Control".
  What can go wrong? My user has sap_all and sap_grac_all, so it shouldn't be the access rights...what else can I check?

  I have installed GRC AC 10.0 and have followed the post-installation documentation. All seems to be fine so far.
  But when I run transaction NWBC, the web-browser (Iexplorer) opens the HTML-NWBC, but I do not get the Icon/Option "Access Management". I see this option however on the screenshots of the documentation. And it seems to be the only way to work with the application - or can I work directly within SAP-GUI ?
  I see however the Icons "Office", "Cross-Application Components", "Accounting", "Information Systems", "Tools" and I can well drill down into the submenus and use the fonctionality.
  What can go wrong? My user has sap_all and sap_grac_all assigned, so it shouldn't be the access rights...what else can I check? any ideas are welcome... - thanks in advance...