Integrate external identity management solution in SAP GRC Access Control
We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
thanks
Detlef
Unfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
what do the published webservices do? Is there any documentation about them?
In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
VCC has any documentation that would help me to find how I would do this integrations?
Thanks in advance
Similar Messages
-
SAP GRC Access Control 5.3 intergration with orcale
Good Day GRC Gurus,
We want to integrate SAP GRC Access Control 5.3 with ORACLE.
It would be great if someone could share some documents, presentation and experience on the same.
Thanks in advance!!!!!!!!!!!!!
Thanks and Regards,
JagatHello Hersh,
RTA for Oracle is basically a set of PL/SQL stored procedures to create grc schema, grant access and object creation. The package was created using oracle 11.5.10.2 version. I am not sure about the compatibility of the package with the new versions of oracle but still batch mode risk analysis is achievable even if the RTA is not compatible.
I do not really like batch mode but it does serve the purpose. If I get a chance to test oracle RTA on new version I will surely share it with you.
Best Regards,
Amol Bharti
http://amudee.com -
SAP GRC Access Control 5.3 .TXT - where to upload it
Hi Experts,
can anyone please tell me, I have to deploy/upload the patch:
SAP GRC Access Control 5.3 .TXT SP04
As I am new to GRC, can somebody please tell me where I upload/deploy this file.
Is it on the server at operating system level, or through the application in the Web Browser ?
Thanks and regards,
Petr.HI ,
As sahad said that is the right way to extract the *.SAR files the syntax is given below .
for unix : SAPCAR -xvf /<path>/<filename>
windows : SAPCAR -xvf <volume>:\<path>\<filename>
If you donot specify the path then it would get extracted in the path where you are right now means the same location where you the *.SAR file is present and then you can upload .
Then you can login into RAR portal and then go to configuration tab then click on utilities which would be the last option and then click on import and give the file location. -
Add Fields in CUP Request - SAP GRC Access Control 5.3
Dear Friends,
I am wondering on how to add fields value in CUP (Compliant User Provisioning) SAP GRC AC 5.3.
Currently i'm leading 9 SAP Security Coordinators in Indonesia and i want to create Performance Metrics on how long the CUP Requests is processed. It needs to enhance the CUP by adding value Delegation of Authority and the record no. of the DOA requests.
Really appreciate your inputs on how to add fields value in CUP.
Thank you so much
-Mesti-
Edited by: AnnisaPramesti on Jan 2, 2012 5:37 PMHi.
Check under http://service.sap.com/instguides
SAP BusinessObjects -> SAP BusinessObjects Governance, Risk, Compliance (GRC) -> Access Control -> SAP GRC Access Control 5.3
Cheers,
Diego. -
Cross-enterprise integration of SAP GRC Access Control with PeopleSoft
Friends,
Does anybody has/have/had the owner to implement Cross-enterprise integration of SAP GRC Access Controls 5.2 with PeopleSoft ?
If yes, what are the key points and approach one should keep in mind while going for this kind of cross-enterprise implementation.
Is there any reference material, blog, wiki or such informative resource regarding cross enterprise GRC implementation available on the web?
I tried to search, but could not get good results.
Any help would be highly appreciated.
Best Regards,
Amol BhartiAmol-
From my experience:
CC 5.2 with Peoplesoft: as long as you have the RTA's installed in the Peoplesoft system and create the connectors in CC, you are good to go.
AE 5.2 with Peoplesoft: cannot provision to Peoplesoft, however you can connect with Peoplesoft HR for Password Self-Service. You have the capability to provision to SAP HR.
FF 5.2 with Peoplesoft: N/A
RE 5.2 with Peoplesoft: N/A
I am not sure if there are any standalone docs out there for AC integration with Peoplesoft. And the 5.2 manuals have sparse information on integration. However, the AC 5.3 manuals have more detailed info on the integration piece with various other non-SAP systems.
Sorry, I couldn't share more info, as that is all I know for now...
Ankur
GRC Consultant -
Installation SAP IDM 7.1/SAP GRC Access Control 5.3
Hello,
I can install Access Control products with Solution Manager, Enterprise Portal... But it is possible to install Access Controll 5.3 and IDM 7.1 on the same server?
Thanks and best Regards
AlexanderHi Alexander,
SAP IDM 7.1 is still in the ramp up state. as per the product availability matrix [pam|https://websmp104.sap-ag.de/~form/handler?_APP=00200682500000001303&_EVENT=DISP_NEW&00200682500000002804=01200314690900001014] , I am not yet sure if SAP IDM is available for 64 bit servers.
SAP GRC AC 5.3 should be installed on as java netweaver
server after properly sizing. If your hardware can support sizing for both GRC AC 5.3 and SAP IDM 7.1 , then you can install both on them. usually netweaver 7.0 sp12 will be in 64 bit system.
You can get GRC AC 5.3 sizing information from [link|http://service.sap.com/~form/sapnet?_SHORTKEY=00200797470000071612&_SCENARIO=01100035870000000112&_OBJECT=011000358700000435122007E] -
SAP GRC Access Control - Compliance Calibrator - License Cost
Dear all,
I have some questions on Compliance Calibrator implementation.
1. Do we have to pay additional cost for the license to implement Compliance Calibrator?
2. Since SAP GRC 5.3 is just released, which one do you recommend? SAP GRC 5.2 or 5.3?
3. What would be the major difference between Compliance Calibrator in GRC 5.2 and 5.3?
Best regards,
RolandoHi Rolando-
1. Yes, there lies some license cost and the amount should not as much as taking SAP R/3 license. I am not sure of exact amount but its nominal as compared to other SAP products.
2. SAP always recommend for the latest version available and why not one would go for latest version if you are paying something for that.
Also, it depends on your existing R/3 version and its compatibility. In short run, you can choose per your existing versions but in long run everyone has to move to latest version. Say for example whoever is using SAP R/3 technology with whatever version, they all need to upgrade to ECC6.0 by 2011 with extension upto 2013. I am not sure of any such information about GRC AC though.
3. Some enhancement have been done with CC 5.3. Those features include-
1. Risk analysis for SAP Enterprise Portal and UME
2. BI integration for custom reporting
3. Reporting enhancement features include additional auditor, business manager and IT reports
4. SOD management by exception. Can be integrated with workflow.
5. Import/Export of configuration data
6. Migration scripts
7. Download and print capability on every report.
Some performance improvements-
1. Concurrent risk analysis.
2. batch mode risk analysis
3. Improved memory mgmnt etc.
Hope it gives you now some more visibility.
Cheers!
Ashok -
SAP GRC Access Control - RAR 5.3
Question...
I am seeking some opinions on the the functionality/usage of the data provided under the Informer Tab - Management View Section. There are several sub-sections in this section that would appear to provide some very useful summary data at a management level. However, I've been informed by one of our consultants that the usage/functionality of this section is really not helpful, because the data can't and is never accurate. I'm confused, if this is feeding from other data loaded in the system...why the discrepancies and un-usefullness? I hesistate to believe this section would be apart of the system if limitations prevented its accuracy. Are any other of you using this section? Is the data accurate? Do you find it helpful?
Your advice, comments, and experience greatly appreciated!
Regards,The informer tab is just that - an informer. So long as your ruleset has been setup properly, and your background jobs are synchronizing properly to the backend systems, and you've set the background risk analyses to update the management views, there shouldn't be any inaccuracies in the informer tab.
It's a good idea to have the latest Support pack installed as there have been cases where erroneous numbers are shown, but those have been fixed in subsequent support packs.
I hope this helps.
Santosh Krishnan -
GRC Access Control 5.3 installation
Hello all,
I'm planning the installation of SAP GRC Access Control 5.3 and have a few questions. In the software download section of SAP Service Marketplace, the most recent installation files are for Virsa 5.2. Under SAP GRC Access Control, there are no installation files that I can see. (I tried several different OSS IDs including partner ID, so I do not think it is a licensing issue) Could someone please confirm that the Virsa 5.2 files represent GRC Access control 5.3?
One reason for this question is that in Solution Manager, under Business Blueprint (SOLAR01), SAP GRC Access Control 5.3 is displayed as the default selection for Internal Controls. Is SAP planning to release installation files in the near future for SAP GRC Access Control 5.3? If so, when?
Thanks in advance,
Glen Hoaglund
Capgemini Basis Consultant
Edited by: Glen Hoaglund on Jun 3, 2008 3:13 PMJohn & Glen-
Right now Compliance Calibrator 5.3, now Risk Analysis and Remediation, which is part of Access Control 5.3 is currently in Ramp Up, and will be available in October 2008.
You can download the User manuals for 5.3 from SAP Marketplace. That will give you an idea of what functionalities 5.3 has and how it is structured.
From my observation of 5.3, and having implemented 5.2 for some clients, 5.3 does have some functionalities which are missing in 5.2. But for setup and sizing, it is always recommended that you allocate GRC on its own server with a lot of space. The applications are very memory-intensive.
I believe FireFighter, or Superuser Privileged Access in 5.3, will still reside in the ABAP stack, with the reporting done on both ABAP and Java stacks. The bulk of the functionality of 5.3 is the same as 5.2.
Let me know if you have any questions...
Ankur
GRC Consultant -
Is Compliance Calibrator the same as GRC Access Control?
I have been asked to look at<b> Compliance Calibrator </b>and am getting confused about what functionality is offered. I have done the basic e-learning course for Compliance Calibrator (GRC200): this was all about separation of duties etc. Fair enough. But I also have a Document called "<b>SAP GRC Access Control</b>" which talks about the same S.O.D compliance functionality but also talks of "roles triggering workflows", "users creating roles", "automated approvals for roles" eg:
"SAP GRC Access Control streamlines access requests by filling each request automatically with user identity information from a lightweight directory access protocol (LDAP) directory or HR database, thereby eliminating the need for user intervention. Approvers receive an e-mail with a direct hyperlink to the request inside the application, where they can easily view and approve the request. The application then checks for security violations before updating accounts automatically."
None of this was covered on the Compliance Calibrator course, so what product offers this? I can see another product by Virsa called <b>Access Enforcer</b> but have no info on this... can anyone enlighten me?SAP GRC Access Control is the SAP application that comprises the former Virsa products Compliance Calibrator, Access Enforcer, Risk Terminator, Firefighter and Role Expert.
-
Problem Maintenance Optimizer - SAP GRS Access Control 5.3
Hi,
I have a problem in calculating the SPS to the SAP GRC Access Control 5.3.
I recorded the system automatically from SLD. I defined the logical component and I created the solution.
Now, when I try to calculate the Maintenance Optimizer error is generated:
No Addon Product Version allowed for transaction: SAP GRC ACCESS CONTROL 5.3 (01200615320900001673)
Program:CL_MOPZ_EVALUATE_INSTANCES====CP,Include:CL_MOPZ_EVALUATE_INSTANCES====CM00R,Method:CHECK_INPUT,Line: 67
Can you help me?
Best regards,
Diego.Hi,
Check this note.
1464712
This should solve your problem.
Feel free to revert back.
-=-Ragu -
Install GRC Access Control 5.3 on Java only?
Hello,
we want to install SAP GRC Access Control 5.3 on a stand alone system. We tried to figure out, if it's possible to install it on a NW 07 Java stack only or if it's necessary to make a add-in installation with Abap and Java.
For the backends and the RTA we need Abap, but also for the GRC itself?
Thanks in Advance
IngmarI just found something useful..
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/408bd039-d9c1-2a10-0fab-a92b97c7cd25
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a07b4cc8-1a57-2b10-1798-d2fec068473a -
Solution Manager and a SAP GRC AC 5.3
Hello,
We have a Solution Manager and a SAP GRC AC 5.3
We ant to know if somebody knows how to connect or the architecture os infrastructure to connect the Solution MAnager with the GRC.
What we have to do is... If someone in the Solman does a user or role request, the SAP GRC gets this request and begins the necesary workflows.
I need help
Best regards.
Pablo Mortera.Hi,
As per your requirement, you want that the request should be automatically trigerred from Solman to GRC.
In GRC, CUP is used to provision the user and roles. The request can directly be created in CUP by a functionality known as HR triggers however this requires SAP_HR module which is not present in Solman.
So it is not possible to create request directly from solman. User can login to CUP and then can create the request for his login.
Regards,
Shweta -
Comparision of various Identity Manager solutions
I am doing a comparative study of all the Idantity Manager solutions available in market.
Could someone please post the advantages and disadvantages of Sun Identity Manager in comparision to other Identity Manager solutions like Novell,Tivoli,Oracle Identity Manager.
Thanks,
pdeepThere's the Gartner report you should see. At one time, Sun and Novell kept copies on their site
found it... Get it before it disappears !
http://www.sun.com/software/products/identity/2h07.pdf
Edited by: Joseph.Smith on Sep 11, 2009 3:04 PM -
Enterprise Risk Management Approach in SAP GRC
Hi All,
Can you please let me know as to what is the approach followed for implementation of Enterprise Risk Management (ERM) in SAP GRC. Also please tell me how the internal control frameworks like COSO, COBIT is mapped to ERM in SAP GRC.
Regards
VivekDear Vivek,
While assigning roles to users, you will be displayed the risks that are identified with those roles, if any. You can either mitigate or remove the roles.
The process covered by GRC Risk management includes the following steps:
-Risk Planning: Determines the approach to risk management in each business area or project. This includes setting up the risk management organization and defining risk thresholds . This phase is partially supported by a software application.
-Risk Identification and Analysis: Identifies the risks in order to analyze and prioritize them along different attributes, such as probability of occurrence and potential total loss associated to the risk.
-Risk Response: Decides on actions needed to respond to a risk. One action could be to actively mitigate the risk to reduce probability of occurrence and/or potential impact.
-Risk Monitoring: Includes the regular update of risk information and the risk reporting to monitor progress along the risk management process.
The Risk Management application provides a set of different reporting capabilities based on the individual needs of the target groups:
-A set of built-in reports that are delivered with the application. These reports allow risk managers to review the current risk state.
-Visual Composer based dashboards that provide information about the current risk status on an aggregated basis. The dashboards fulfill the risk reporting needs of senior managers and line managers.
Step 1: You maintain the Risk structure
1. You set up the organizational hierarchy
2. You set up the Activity Hierarchy
3. You set up the Risk Hierarchy
Step 2: You perform the Risk Assessment
1. You identify the risks
2. You analyze the risks
3. You respond to risks
4. You document the Incidents
Step 3: You analyze risk reports
1. You generate risk reports
2. You report the incidents
Step 4: You analyze the dashboards
Refer SAP documentation on GRC for more information.
Regards,
Naveen.
Maybe you are looking for
-
Why can't I install Adobe Reader to my new version of windows 7?
I up graded my computer from win dows XP to windows 7 ultimite and now I can't install my printer or Adobe Reader.when I try to install it comes up installation failed:unknown error.can someone advise me how to install this using windows 7 ultimite?
-
Is iphone 6 IOS interrupt driven?
Is iphone 6 IOS interrupt driven ?
-
Hi All, I performed database backup and send it as a job using EM. Upon viewing the backup jobs, i found out that the backup failed and the following is the the output log: <<< start of output log >>> Recovery Manager: Release 10.2.0.1.0 - Production
-
Trying to EXPORT-CSV without headers - Tried suggestions in forum - still stuck
I am tryling to get the contents of my array out to a CSV with no neader records. I looked for examples here and on other sites but I still cannot get it working. Below is the latest attempt and the 1st row of te output. I end up with a CSV with
-
How can I sync (or export) Evernote (and CaptureNotes 2) files to Dropbox in iPad?
I want to export my Evernote files into a Dropbox folder in iPad. The same goes for CaptureNotes 2 files. However, there is no such option in Evernote or CaptureNotes. Is there any way to send my note files (may be in PDF or JPEG format) to Dropbox?