SAP Access Control Project

Similar Messages

• Composition of business team in GRC Access control project

  Hi
  Can I get any information about the composition of business team in a GRC access control project?
  What type of people form this team?
  Please provide some clarity on the role of business people in this type of projects.
  Regards
  Abhijeet

  Hi,
  Idealy the team should comprise of
  1] A representative of the IT Governance team -he ensures that the IT delivers value to the business,the risks have been analysed and fully addressed to.
  2] The Buiness process owners -these people only define the access restrictions for various activities like purchase,payment,etc.
  3] Application specialist -in charge of SOD-he defines the roles and profiles for the access control.
  4] If required a member from "Assurance" - these will be auditing the "access control " on a regular basis after the implementation.
  5] The configuration team.-they configure the controls in the Appln.sysytem
  Regards.
  Ramesh.

• Upgrade SAP Access Control v5.2 to Access control v5.3 in DS v3

  Hi All,
  I have a Discovery Server v3 with which SAP Access Control v5.2 is available. Is there a possibility to upgrade the version of Access Control to v5.3. Does SAP supports this.Please provide your inputs ASAP.
  Regards,
  Chaitra

  Solved from another SDN forum thread:
  Re: Testing SP07 with SPM  
  Posted: May 18, 2009 8:10 PM    in response to: David Damaskinos           Reply 
  Actually SP7fix1 fixed a security gap in FF. It would have been better if SAP did not require this auth check. In the redesigned process when FF session is started the FF ID is unlocked and password is reset. Now no one needs to maintain the FF passwords anymore (even though this was not the security gap), as the security button in FF overview screen is not in use anymore.
  Gary Morris  
  Posts: 31
  Registered: 5/9/07
  Forum Points: 0 
     Re: Testing SP07 with SPM  
  Posted: May 19, 2009 3:01 AM    in response to: S. Pados           Reply 
  New process? Where did you get documentation on the new process for SP7, fix 1?
  Frank Koehntopp      
  Posts: 255
  Registered: 1/4/05
  Forum Points: 402 
     Re: Testing SP07 with SPM  
  Posted: May 20, 2009 11:46 AM    in response to: Gary Morris           Reply 
  Actually this fixed a few security issues - I agree it should be documented better.
  You now no longer need to know the password of the FF ID User, so noone can misuse it.
  Also, you're no longer limited to service users and can use dialog users for FF IDs. This has been a requirement by some customers, as the "Services for Object" Menu Item will only be possible for Dialog users.
  You should assign all FF IDs to a Firefighter user group and limit S_USER_GRP to that user group in the SPM roles.
  Frank.

• Difference between SAP Access Control and IDM

  Hi Expert,
  I have one question What is the difference between SAP Access Control and SAP Identity Management ?

  Ali,
  That's a good question, but a tough one.
  While both applications can do most of what the other can do, it's a matter of specialization in my opinion.
  Access Control is all about managing and controlling access to SAP system roles and has the ability to report on role conflicts for compliance and reporting purposes. (I'm sure I'm leaving a lot out, but maybe a GRC / AC expert can fill in more details)
  SAP IDM is about managing the user life cycle with regards to landscape and enterprise systems. It will handle the creation, update and ultimately the removal (or de-provisioning) of users in SAP ABAP, SAP JAVA, LDAP, JDBC, and API based applications.  It will also do Role Management through a web based UI (User management is web based as well). and as of the latest Service pack for SAP IDM 7.2, it will do attestation (limited certification) as well. It is a definite upgrade to CUA as it will work with a greater variety of systems, include workflows and approvals.
  GRC will do some provisioning, but it's somewhat limited, as is IDM's compliance abilities.
  The applications are designed to work together, however it does not have a great track record and the integration is typically heavily modified to work as desired.
  If you have specific questions, feel free to post / DM.  Obviously I am more knowledgeable about IDM, but I'll be happy to help you in any way possible.
  Regards,
  Matt

• Reporting on Access Control 5.3 with SAP BO 4.0

  Hello All,
  I have to develop WebI reports on Access Control 5.3 data. Are there any direct connectivity options available in IDT for Access Control 5.3 or Do I have to go through Oracle database connectivity as Access control 5.3 backend database is Oracle? And also for authorization data I have to connect to ERP system.
  Any help that you can provide will be greatly appreciated.
  Thanks and Regards,
  Aashutosh

  Hi,
  Generally speaking,  i believe GRC 10  is more closely aligned to BI4.0 in terms of product releases.
  However, to the best of my knowledge, there's no direct connector from BI semantic layer (IDT/UDT) specifically for GRC.
  I believe there is a web-based UI (dynpro) for dashboard-like analysis of the compliance topology, but that's it:
  http://help.sap.com/saphelp_grcac10/helpdata/en/16/7a5f2e29744e078f9305017fee2fc2/frameset.htm
  You may want to contact the GRC forum to confirm.
  Regards
  H

• Problem Maintenance Optimizer - SAP GRS Access Control 5.3

  Hi,
  I have a problem in calculating the SPS to the SAP GRC Access Control 5.3.
  I recorded the system automatically from SLD. I defined the logical component and I created the solution.
  Now, when I try to calculate the Maintenance Optimizer error is generated:
  No Addon Product Version allowed for transaction: SAP GRC ACCESS CONTROL 5.3 (01200615320900001673)
  Program:CL_MOPZ_EVALUATE_INSTANCES====CP,Include:CL_MOPZ_EVALUATE_INSTANCES====CM00R,Method:CHECK_INPUT,Line: 67
  Can you help me?
  Best regards,
  Diego.

  Hi,
  Check this note.
  1464712
  This should solve your problem.
  Feel free to revert back.
  -=-Ragu

• SAP GRC Access Control 5.3 .TXT - where to upload it

  Hi Experts,
  can anyone please tell me, I have to deploy/upload the patch:
  SAP GRC Access Control 5.3 .TXT SP04
  As I am new to GRC, can somebody please tell me where I upload/deploy this file.
  Is it on the server at operating system level, or through the application in the Web Browser ?
  Thanks and regards,
  Petr.

  HI ,
  As sahad said that is the right way to extract the *.SAR files the syntax is given below .
  for unix : SAPCAR -xvf /<path>/<filename>
  windows : SAPCAR -xvf <volume>:\<path>\<filename>
  If you donot specify the path then it would get extracted in the path where you are right now means the same location where you the *.SAR file is present and then you can upload .
  Then you can login into RAR portal and then go to configuration tab then click on utilities which would be the last option and then click on import and give the file location.

• SAP GRC Access Control 5.3 intergration with orcale

  Good Day GRC Gurus,
  We want to integrate SAP GRC Access Control 5.3 with ORACLE.
  It would be great if someone could share some documents, presentation and experience on the same.
  Thanks in advance!!!!!!!!!!!!!
  Thanks and Regards,
  Jagat

  Hello Hersh,
  RTA for Oracle is basically a set of PL/SQL stored procedures to create grc schema, grant access and object creation. The package was created using oracle 11.5.10.2 version. I am not sure about the compatibility of the package with the new versions of oracle but still batch mode risk analysis is achievable even if the RTA is not compatible.
  I do not really like batch mode but it does serve the purpose. If I get a chance to test oracle RTA on new version I will surely share it with you.
  Best Regards,
  Amol Bharti
  http://amudee.com

• Add Fields in CUP Request - SAP GRC Access Control 5.3

  Dear Friends,
  I am wondering on how to add fields value in CUP (Compliant User Provisioning) SAP GRC AC 5.3.
  Currently i'm leading 9 SAP Security Coordinators in Indonesia and i want to create Performance Metrics on how long the CUP Requests is processed. It needs to enhance the CUP by adding value Delegation of Authority and the record no. of the DOA requests.
  Really appreciate your inputs on how to add fields value in CUP.
  Thank you so much
  -Mesti-
  Edited by: AnnisaPramesti on Jan 2, 2012 5:37 PM

  Hi.
  Check under http://service.sap.com/instguides
  SAP BusinessObjects -> SAP BusinessObjects Governance, Risk, Compliance (GRC) -> Access Control -> SAP GRC Access Control 5.3
  Cheers,
  Diego.

• Integrating SAP HCM with third party Access Control System

  Hi Experts,
  We have client using SAP HCM and intend procuring an Access Control Solution to manage her people.
  What the client wants to avoid though is having to create a new employee in SAP HCM and manually creating same in the Access Control Software. Is there a way this can be automated such that upon recruitment of new staff, the data is updated in the Access Control DB which uses MS SQL? If this is possible, what is required to get this working well.
  Thanks for your support in this regard.
  Regards
  John

  For time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
  It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
  These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
  I hope this answer will help.

• Project Admin & Contributor cource code access control

  I am setting up access control on a TFS 2013.2 TFSVC project
  To deny access by default I added the Contributors group in the root of the source tree and set all permissions to deny, then on individual source folders I set the permissions for specific groups. So far so good, members of those groups can see the code
  I want them too and only that code.
  The problem is for project admins.
  All teams are members of the contributors group so that they get team functionality such as team email alerts. If someone in the Project Admin VSO group is added to a team they therefore become part of the contributors group due to inheritence and their
  code access to the top of the source tree is denied by default.
  Is it so that project admins canot be members of teams? This would be a problem because often the project admins also are the leads who define and administer the teams in TFS. If no-one is able to see the top of the source tree, whould be able to create
  a new sub-folder?

  Hi QualityJanitor,
  Thanks for your reply.
  In your scenario, if you add the team project admin user in team group, he can view the source structure in Source Control Explorer, but he cannot open any file to read. He can create new sub-folder in Source Control Explorer, but he cannot check-in this
  sub-folder. 
  We suggest you create a custom team group in your team project, and add all the users(which you want deny the code access by default, exclude team project admin) in this custom group, then use this custom group instead of Contributors group in the root of
  source tree, and set all permission to deny for this custom group.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• SAP Business Objects Access control with BI4.1 and enterprise authetication

  Hi Team,
  We are on BI 4.1 with enterprise authentication. We are using IDM (oracle waveset 8) for access management. Currently we receive request from IDM and we manually configure user in BI4.1. We are now planning to automate this process, like as soon as user request place request through IDM , his access wil lget configure in BI 4.1
  can we achieve this using SAP Business Objects Access controle or with any other method ? Need your guidance
  Thanks,
  Nivedita

  Hi Andrea,
  1. you configure the BOE Server with the SAP authentication for your SAP server
  1b you configure trust between the portal server and the SAP system
  2. you import the portal iView template as part of the SAP Kit into the portal server
  3. you create a new system (or use an existing one) in the portal system landscape and configure the properties of the Crystal Enterprise properties
  4. you create a new iView based on the portal iView template
  ingo
  I have some difficulties to create a new system, I don't know witch option i should choose.
       System (from template)     
       +BI JDBC System
       BI ODBO-Compliant OLAP System
       BI SAP Query System
       BI XMLA-Compliant OLAP System
       EP 5.0 System
       HTTP System
       JDBC System
       KM Lotus System
       KM WebDAV System
       KM Windows System
       SAP system using connection string
       SAP system using dedicated application server
       SAP system with load balancing
       Web Service System using WSDL URL+
       System (from PAR)
       com.sap.km.cm.repository.manager
       com.sap.km.common.domino
       com.sap.netweaver.coll.appl.gw
       com.sap.netweaver.coll.appl.sync
       com.sap.portal.httpconnectivity.urlsystem
       com.sap.portal.ivs.sl.connector.helper
       com.sap.portal.runtime.application.soap
       com.sap.portal.systems.bi
       com.sap.portal.systems.datasource
       com.sap.portal.systems.EP5
       com.sap.portal.systems.jdbc
       com.sap.portal.systems.sap
       com.sap.portal.systems.webservices
       com.sap.portal.unification50.template
  Thanks a lot
  Selvam

• Cross-enterprise integration of SAP GRC Access Control with PeopleSoft

  Friends,
  Does anybody has/have/had the owner to implement Cross-enterprise integration of SAP GRC Access Controls 5.2 with PeopleSoft ?
  If yes, what are the key points and approach one should keep in mind while going for this kind of cross-enterprise implementation.
  Is there any reference material, blog, wiki or such informative resource regarding cross enterprise GRC implementation available on the web?
  I tried to search, but could not get good results.
  Any help would be highly appreciated.
  Best Regards,
  Amol Bharti

  Amol-
  From my experience:
  CC 5.2 with Peoplesoft: as long as you have the RTA's installed in the Peoplesoft system and create the connectors in CC, you are good to go.
  AE 5.2 with Peoplesoft: cannot provision to Peoplesoft, however you can connect with Peoplesoft HR for Password Self-Service.  You have the capability to provision to SAP HR.
  FF 5.2 with Peoplesoft: N/A
  RE 5.2 with Peoplesoft: N/A
  I am not sure if there are any standalone docs out there for AC integration with Peoplesoft.  And the 5.2 manuals have sparse information on integration.  However, the AC 5.3 manuals have more detailed info on the integration piece with various other non-SAP systems.
  Sorry, I couldn't share more info, as that is all I know for now...
  Ankur
  GRC Consultant

• Installation SAP IDM 7.1/SAP GRC Access Control 5.3

  Hello,
  I can install Access Control products with Solution Manager, Enterprise Portal... But it is possible to install Access Controll 5.3 and IDM 7.1 on the same server?
  Thanks and best Regards
  Alexander

  Hi Alexander,
  SAP IDM 7.1 is still in the ramp up state.  as per the product availability matrix [pam|https://websmp104.sap-ag.de/~form/handler?_APP=00200682500000001303&_EVENT=DISP_NEW&00200682500000002804=01200314690900001014] ,  I am not yet sure if  SAP IDM is available for 64 bit servers.
  SAP GRC AC 5.3 should be installed on as java netweaver
  server after properly sizing. If your hardware can support sizing for both GRC AC 5.3 and SAP IDM 7.1 , then you can install both on them. usually netweaver 7.0 sp12  will be in 64 bit system.
  You can get GRC AC 5.3 sizing information from [link|http://service.sap.com/~form/sapnet?_SHORTKEY=00200797470000071612&_SCENARIO=01100035870000000112&_OBJECT=011000358700000435122007E]

• HSS Export of Essbase project server Access Control info

  I have successfully used the import/export utility with HSS 9.3.1 to export and import the provisioning information for our HSS setup,
  but I want to be able to export & import the Access control information as well for an Essbase 9.3.1 server and the filters and calcs etc that the groups can use that I have provisioned with the tool.
  Does anyone know how to do this as I am pulling my hair out (the little I have)
  Regards
  John

  Hi,
  HSS the central hub for all provisioning well maybe not entirely true, it is my understanding that the information you are after is still held in the essbase security file and the hss export utility doesn't go down to this level.
  I think you will have to use another method to get this information, maybe maxl, essbase advanced security manager utility or just export the sec file.
  Cheers
  John
  http://john-goodwin.blogspot.com/