BI_CONT 7.35 with GRC 5.3
Hi All,
Has anyone had experience with activating this business content version with GRC 5.3 CC and AE?
I have created the UD connection and activated all the process chains and downstream objects, however I am pulling almost no data into the DSO's and cubes.
Master data looks to be populated fine.
Any help is greatly appreciated.
Kind Regards,
Eric
Hi Eric,
I've not used the Business Content as such but have been involved with connecting GRC 5.3 to BW for reporting purposes.
We had to resort to DB connect in our version to connect properly.
Have you got Data Mart functionality (verson 5.3 SP9 and above)? If so, you can use that to prepare the data extract which makes life a little easier than having to manually identify the source of your key fields and characteristics.
Simon
Similar Messages
-
False Positives with GRC AC 5.2
Hi,
I actually have been working with GRC AC 5.2 (Compliance Calibrator) and we encountered several problems with false positives, working in the risk analysis.
¿do anyone knows how to solve this problem? ¿do you have documents or links to help?
Thanks,
Ricardo.Thank you Alpesh for response.
In fact, i have several problem with false positives, but with transactional level. For example, i have a user with pfcg and su01 transaction. The configutation of profiles in SAP r/3 system do not allow to user involved in this, to execute both transactions in end-to-end process, i mean, the user have a transaction vía s_tcode object, have some other objects related with pfcg and su01 transactions, but he doesn´t have the values that allow to a transactions work properly. Then the Compliance Calibrator informs risks that it doesn´t exists.
It seems that is a ruleset configuration problem in the CC, then my question is, ¿the standard ruleset detects properly these problems?
Let my explain the reason that causes the problem.
We have been working with personalized ruleset, for customer-request. For that reason we look the usobt_c table and we form the ruleset-->functions in CC so that this functions were equal to usobt_c table. We did that because the standard ruleset shows false positives, such as first example of this post.
Thank you very much,
RCL.
Edited by: Ricardo Carrasco on Jun 18, 2009 11:58 PM -
Integrating BOBJ XI 3.1 with GRC AC 5.3
Hi all
Has anyone worked on integrating BOBJ with GRC Access Control 5.3.
We have been using GRC CUP for access provisioning all the SAP (ECC, BI, Portal) systems. Now, we have integrated SAP Business Objects Enterprise XI 3.1 with our SAP BW system.
We are looking to provision the BOBJ groups to users when they request BI roles. Has any one done this integration or do you have any documentation on this topic?
Appreciate your response.
Thanks
KeeHi Kee,
AC 5.3 CUP can only provision ABAP roles and via the portal RTA UME and portal roles.
Best,
Frank -
Oracle IAM integration with GRC 10
Hi All,
Our client is using Oracle IAM for user provisioning process. Now they have SAP GRC being implemented for two of their SAP systems. Now client wants to integrate SAP GRC Access Risks analysis (ARA) for SOD analysis and User Access Management(UAM) for user provisioning modules of SAP GRC 10 with Oracle IAM.
As far as i know, webservices needs to be activated in GRC 10 and has done that. Now i want to know how Oracle IAM communicates with GRC 10. How connectors needs to be developed, User account to be created for web service access and how the parameters are passed from oracle to grc.
Also how many different scenarios are there in oracle IAM for this integration?
In SAP IDM vs SAP GRC integration we have 2 scenarios.
1. Request raised in IDM -> SOD analysis in GRC -> Provisioning in GRC -> Return success/failure status back to IDM
2. Request raised in IDM -> SOD analysis in GRC -> Return SOD success/failure status back to IDM -> Provisioning in IDM
So can anyone help with possible scenarios for this integration process??Hi vikas and Frank,
Do you have any information related on How to enable the webservices in the GRC 10 (does NWBC holds the key). if you have any information related to it please share it with me.
Thanks and regards,
keerthi -
Auto-provisioning new users with GRC 10.1
There is some lack of clarity at my client on auto-provisioning new users into SAP systems with GRC 10. Here's what they want and I'm telling them they need SAP IdM.
The client will regularly have upwards of 500 new users on an on-going basis. These users are approved and created in Active Directory. The client believes that GRC 10 can now pick up these new users from Active Directory and then go ahead and provision them into ECC and CRM automatically, as soon as they're created, with no further approval required.
To the best of my knowledge, the easiest way to do this would be for IdM to do this, and have IdM trigger GRC for certain users, and to provision users who fall into this group of 500 users.
These users are different from regular users, who need to go through the approval workflows. Regular users will have managers and roles that need approval. These 500 or so users are approved to be created in the system and don't need to get caught up in the approval workflow.
Am I wrong in saying that IdM 7.2 is the best way to do this, or am I missing something about what GRC 10 can do?
Thanks for your help. I really appreciate it.Hi Santosh,
In AC 10.1, I created one brf plus initiator rule.Although I saved it in GRAC_ACCESS_REQUEST package.Transport button is not available(Not greyed).
Dis you faced this issue..How to get this change in transport??
PS:Application are activated.
Thanks,
Mamoon -
Gurus,
Has anybody worked on BI 7.0 with GRC 5.2? Does BI follow the same approach like integrating ECC with GRC tools?
Any thoughts will be very helpful.
Thanks
SundaramHi,
depends on what way are you talking about.
If you want Risk Analysis for BI, this should be possible. As there is mainly custom reports in BI, there is no standard Rule Set delivered by SAP. You will have to create your own Rule Matrix.
From 5.3 it is also possible to integrate Access Control reports into BI, so you can create your own complex views on CC, AE ... output data.
Regards,
Daniela -
GRC: defining and maintaining profile with GRC.
Hi to all.
Some questions from operational staff:
1- With GRC, could I define and maintain and delete users, roles, profiles for all Sap systems I'm managing ?
2- How GRC can help me to define and maintain and delete users, roles, profiles ?
3- Could GRC become the only system I've to logon for define and maintain and delete users, roles, profiles ?
Thanks a lot.Hi Alpesh,
I was thinking that ERM (GRC RE module) and CUP ( GRC AE module) could be an help to create/maintain user/role/profile.
Now you are writing me that ERM and CUP will substitute TA SU01/PFCG we are using now in development systems; We will maintain prod system via change request transports.
So I'm realizing we will work only on GRC and we will transport what done in GRC via change request into all our Sap systems...
It's right ?
Thanks a lot for your answer.
Regards -
There are documents available for best practice on provisioning using CUP by integrating SUN idM with GRC AC...I have not found any document on best practice for deprovisioning when some one leaves organization...
Is there any one who has worked on the same or are there any best practice guide on how it can be implemented...What should be architecture or data flow?
Regards,
MilanHi Milan,
here is the document you need:
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e0b2e5c5-fa62-2c10-9687-ff98bc0b99f8
Best,
Frank -
Role Based FireFighter with GRC 10.0 (CEA)
Does anyone know how the Role Based functionality of FireFighter exactly works besides putting the application type parameter to Role Based in SPRO?
The manuals explain that the FF users log in to the remote system with their own users, but how are the FF roles or roles that are enabled for Firefighting assigned to these users and how will the log file know which activity to record?Good question, and the answer is not pretty.
In Role-Based Firefighter Application, the firefighter ID on the target system contains the user's regular access plus his/her firefighter access.
Reporting turns on when the user runs a transaction in the firefighter role.
If the transaction is in both the user's regular access and the firefighter role, reporting will turn on because the firefighter role access is in use.
The reports only track firefighter role usage. So if a user runs a firefighter transaction but also uses access defined in the user's regular access, the only thing recorded is the transaction.
If your company is not completely married to the idea of using Role-Based Firefighter Application, I suggest you consider the ID-Based Firefighter Application. In this, there are separate firefighter IDs on the target system and a firefighter gains access to them by going into GRC and completing a form showing how the firefighter ID will be used, and then the GRC system will let the firefighter into the target system using that firefighter ID. -
NWBC no option "Access Control" - can't start working with GRC 10.0
I have installed GRC AC 10.0 and have followed the post-installation documentation. All seems to be fine so far.
But when I run NWBC, I do not get the Icon/Option "Access Control".
What can go wrong? My user has sap_all and sap_grac_all, so it shouldn't be the access rights...what else can I check?I have installed GRC AC 10.0 and have followed the post-installation documentation. All seems to be fine so far.
But when I run transaction NWBC, the web-browser (Iexplorer) opens the HTML-NWBC, but I do not get the Icon/Option "Access Management". I see this option however on the screenshots of the documentation. And it seems to be the only way to work with the application - or can I work directly within SAP-GUI ?
I see however the Icons "Office", "Cross-Application Components", "Accounting", "Information Systems", "Tools" and I can well drill down into the submenus and use the fonctionality.
What can go wrong? My user has sap_all and sap_grac_all assigned, so it shouldn't be the access rights...what else can I check? any ideas are welcome... - thanks in advance... -
GRC 4.0 running with GRC 10.1 plugins
Hi Everyone,
I am commencing a GRC Access Control 10.1 migration Proof of Concept for my current customer. We do not have the luxury of a project environment or of system copying the ERP Development system. GRC AC 4.0 content is currently in use in ERP Production, so the ERP Development system is the configuration master for the GRC 4.0 content.
One of the ealry steps in the migration guide is installing the GRC 10.1 plugins. I have searched on here and on SAP notes but cannot find a definitive answer, though there are a number of threads which come very close to what I need.
My question is simple: once I have installed the 10.1 plugins will the GRC AC 4.0 content still function?
This is important to us since there is no knowing whether out Proof of Concept will be approved to become a full project. If installing the GRC 10.1 plugins breaks the GRC AC 4.0 content and the project is not approved to continue, we will then have a broken system landscape.
If anyone has any personal experience of this scenario I would greatly appreciate hearing what you have to say. I assume that experience of the 10.0 plugins will be relevant if that is what you have.
Looking forward to hearing from you,
Kind regards,
AndyThanks for your response Harinam. Must admit I thought more people on here would have had experience of this jump, but clearly most people went from 4 to a 5.x system. In some ways it is a very good thing the customer has held back from jumping to Java.
Anyway, I had logged a message with OSS in parallel to posting here, thought I would get a good balance of views doing both.
Here is the official answer we received :
Once the GRC 10.1 plugin will be installed on the GRC 4.0 system,
though the 4.0 product is still accessible and the data will still
remain in the tables, it is no longer supported and it must be clear
to your users and administrators that the 4.0 product is not to be
used with the v10.1 plugin.
SAP Active Global Support
SAP Labs Palo Alto
So although I could argue that 4.0 is unsupported so what is the difference, this response is useful to our project team as it further justifies the need to upgrade.
I am still interested in hearing from anyone who has done this migration path and tried the old tcodes, to know for sure what the result would be.
I assume also based on the response from OSS we should lock the 4.0 tcodes to make sure no-one hits an old favourite, seeing as they clearly are not removed as part of the migration process.
cheers,
Andy -
Option with GRC 5.3 CUP to consolidate the Login Notif. for Xple Systems
Hi,
We are setting up a GRC environment for provisioning accounts for users in Dev and Test SAP systems. We are planning to use a single request to provision accounts to 15-20 systems simultaneously and we are checking ways to consolidate the login notification to the user.
With our current setting to auto provision the account, the user will get separate mails for each systems. Is there any tweak that will help in consolidating the different mails for different systems to a single one with the same UID and password.
I know there may not be any standard way of doing this, but then there can be fresh ideas from experts.
Thanks, AnilSorry, Anil. There is no way to configure those provisioning emails. You can change the wordings or remove them but you won't be able to consolidate them.
Regards,
Alpesh -
Unable to connect Enterprise portal with GRC AC CUP
Hi Guru's ,
We are configuring Portal with CUP so that we can provision portal roles. We have installed RTA in EP ( both producer and consumer) and have set up the connector portals We have setup the parameters of the connectors as below. Not sure why when I am trying to import role this is not working. Can you please help.
ASSIGN_ROLES:OC
saprole
ASSIGN_GROUPS:OC
sapgroup
CHANGE_USER:OC
sapuser
CREATE_USER:OC
sapuser
CREATE_USER:password
password
DELETE_USER:OC
sapuser
LOCK_USER:OC
sapuser
LOCK_USER:islocked
true
LOCK_USER:type
CHANGE_USER
ROLESEARCH_URI
http://server:port/UserroleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_PASSWORD
password defined for Portal user (for retrieving roles)
ROLESEARCH_URI_USERNAME
Portal user id (for retrieving roles)
ROLE_DATA_SOURCE
ROLE.UME_ROLE_PERSISTENCE.un :
SCHEMA_ID
SAPprincipals
UNLOCK_USER:OC
sapuser
UNLOCK_USER:islocked
false
USER_DATA_SOURCE
Choose data source as configured in Portal UME:
USER.PRIVATE_DATASOURCE.un:
USER.R3_DATASOURCE.
USER. CORP_LDAP.Hi GS GRC team,
Check the below link from RIG that explains you the detailed steps to configure CUP with EP:
[RIG Document on configuring GRC CUP with EP|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed?quicklink=index&overridelayout=true]
Regards,
Raghu -
What a basis admin can help with GRC except install/upgrade?
Our basis team installs and upgrades GRC.
However when coming to the support for GRC, we are not sure where to draw the border line between
basis team and security team.
What is the responsibility of basis team in GRC area?
Thanks for your help.Hi Jennifer,
There is no real clear cut answer for this! Where do you draw the line for the other ERP systems?
It really depends on your own support structure and the skills of the individuals. I would ask your Application Support Mgr to confirm / define the remit with those involved.
Having said that, I would suggest that the technical landscape management and connectors would lend itself to the basis / netweaver analysts role. You may also want them to deal with the assignment of the webservices and the connectivity of the components to each other.
The functional configuration would tend to lend itself to the security team though as I expect that they would be more business focussed and be able to design the way in which the tools should be used by the business.
I hope this helps?
Simon -
Tivoli IDM Integration with GRC 10
Hi All ,
Can someone please help me with the information about webservices that we need to enable on GRC 10 so that it can integrate with the IDM Solution (IBM Tivoli ) . I had a look at the GRC 10 docs in market place , however couldnt find any help on this.
Thanks for your time.
VikasHi vikas and Frank,
Do you have any information related on How to enable the webservices in the GRC 10 (does NWBC holds the key). if you have any information related to it please share it with me.
Thanks and regards,
keerthi
Maybe you are looking for
-
It's just another Blackberry as far as I'm concerned. Nothing much has changed since 1999 when BB first came onto the market. Here's why I feel that way. I would have thought that throughout the development of the 10 platform BB would have gone out o
-
How to fix Action Link Issue in Table and Pivot Table when used Section
My OBIEE Version: OBIEE 11.1.1.6.5 Issue Description: Action links (Navigate to BI Content) doesn't work in PIVOT TABLE or TABLE object when used Section area (one or more columns in Section area). If you want to recreate this issue please follow nex
-
Servlets/JDBC - Connect to database ONCE and not in every servlet - How?
Hello, I'm using servlets and JDBC. In every servlet , i connect to the database and then i close the connection, but this is not ptactical. I would like to connect to the database once (at the beginning) when container starts and then close the conn
-
Converter pictures and videos files to jpg and mpeg
Do you know a safety software o freeware to convert pictures and videos files to jpg and mpeg? to use in my desktop with windows?
-
Re: Q150 DisplayPort to HDMI output FAIL
Got it. I replaced the Video driver package which has an audio driver as well