SAP IdM and GRC Integration Sample Scenario

Similar Messages

• SAP IDM and GRC 5.3

  Hi all,
  I'm running SAP IDM 7.0 with GRC Provisioning Framework 5.3 and GRC 5.3 with AE/CC/...
  When I  test web task from the GRC Provisioning Framework "Sample WF Create GRC User" the process launched works but I'm facing the following problem:
  If I put on the previous request 2 SAP Roles (with no conflict one first time), I see 2 requests created as "NEW" with 1 role each time. If I add 3 SAP Roles, I got 3 requests, ....
  You understand so I never got conflict detected by Compliance Calibrator.
  How should I proceed to get only 1 request with all SAP Role requested from SAP Identity Management?
  I tried as well to change Priority, Type and Employee Type request attributes directly on the task "GRC - create account user with a single privilege", but sounds like SAP Identity Management does not send the correct value to SAP GRC 5.3
  Thanks for your help,
  Benjamin

  Hi all,
  Due to following notes
  https://service.sap.com/sap/support/notes/1318053
  https://service.sap.com/sap/support/notes/1168508
  I upgrade SAP GRC 5.3 to SP7 Patch 1.
  But now, when the SUMIT REQUEST is send to GRC from VDS, I'm facing an error that I did not get with SP5 or SP6 :
  Exception from Add operation:javax.naming.NamingException: [LDAP: error code 1 - (GRC Submit Request:1:[msgcode=2010;msgdescription=SqlException occured while getting Global DueDate;msgtype=JAVA ERROR])]; remaining name 'cn=ZTEST0001,ou=submitrequest,o=grc'
  I looked at VDS log files and VDS sounds to send a correct request :
  FULL OUTPUT: {requestreason=[Sent by Netweaver IdM], request_employeetype=[EMP_IT_EXTERNAL], roledata=[MSKEYVALUE=PRIV:GRC:A:MM:C:PUR_REQ_REL____:SITE-20!!MX_ENTRYTYPE=MX_PRIVILEGE!!MXREF_MX_APPLICATION=34653!!SYSID=SID-110!!DESCRIPTION=MM-PUR: PURCHASE REQUISITIONS - ASSIGN - RELEASE - 20!!TYPE=S!!VALIDFROM=2009-04-21!!VALIDTO=9999-12-31!!ROLEID=A:MM:C:PUR_REQ_REL____:SITE-20!!DISPLAYNAME=PRIV_GRC_A:MM:C:PUR_REQ_REL____:SITE-20!!MX_REPOSITORYNAME=GRC!!MX_PRIVILEGE_TYPE=GRC!!MX_ADD_MEMBER_TASK=479!!MX_DEL_MEMBER_TASK=479], mskeyvalue=[X9393664], requestorlastname=[MyLastName], request_priority=[HIGH], isid=[1], validfrom=[2009-04-21], validto=[9999-12-31], requestorfirstname=[MyFirstName], grc_operation=[ADD], mgrid=[XMGRID], lastname=[Manag]erLastNane], requestorid=[X9393664], auditid=[9970], cn=[X9393664], request_type=[NEW_HIRE], firstname=[MyFirstname], emailaddress=[myemail'at'company.com], requestoremailaddress=[myemail'at'company.com], application=[SID-110]}
  Some of you have already facing this problem ?
  Benjamin

• SAP IDM  7.0 integration with third party system

  Hi Experts,
  I know SAP IDM  7.0 can integrate with third party systems and create user ids on most of the third party systems.
  But I need to know regarding If it is possible to integrate with following systems
  1) Microsoft Exchange 2007 (  I know till exchange 2003 SAP  IDM support )
  2)  Microsoft  Active directory 2008 ( I know till Actice directory 2003)
  3) EMC  Documentum 6.5
  4)  ARIS 7.1.0
  5)  BlackBoard, Release 9.0
  6) Oracle 10g  ( Is it possible to create users at oracle level ? or at what level ? )
  7)  Sun Solaris Sparc  ( Is it possible to create users at  OS level )
  If you have information how on this please share. I know that  provisioning framework will have templates for most of the target systems. I want to know if they are available for above systems on SAP IDM 7.0 or if not have we can connect to them?

  Hi Matthew
  Your expertise in SAP IDM is indeed a great help!!
  >Can't see why not, it's all done via SQL commands. I've done similar things with MSSQL
  You mean that there will be oracle 10g drivers/oledb connectors in SAP IDM and in through SQL commands like "create user alfredo identified by alfredos_secret; " we can create user  in oracle database ?. As you said this should be possible.  What about creating user( user management ) in oracle 10g application  like dba or scot  and assigning the privileges in oracle application?
  >might need to do via UNIX scripts, but it can be done
  You mean that Unix scripts will be defined in SAP IDM and SAP IDM will execute these scripts in the Sun Solaris Sparc ?. It should be possible as you said. By the way how we will be able connect to Sun Solaris sparc ?  Is it via  the option "file " under the "Repositories" with repositories wizard  and later executing the file from SAP IDM ?
  Thank you once again for your expert answers on third party systems.

• SAP IDM and SAP Ariba Integration

  is there any connector available for the integration from sap ariba? or has anyone any experience with the sap ariba integration?!
  we want create,change and archive the ariba user with sap idm 7.2.

  hi fedya,
  the case is very simple - we must create / change and deactivte Enterprise users on the ariba Portal!
  I attached the ariba screenshot:
  bg thomas

• SAP GRC AC with SAP IdM and without SAP Idm

  Hello,
  Could anyone provide me what are the advantages implementing SAP IdM with SAP AC suite?
  Can I use SAP GRC User Provisioning tool with SAP HCM position based concept?
  Thanks in advance.
  -Harry

  Hi ,
  In GRC 10 there is no concept of web services . GRC 10 uses native SQL query for calling risk analysis which mean no need to configure web service in GRC 10
  Thanks & Regards
  Asheesh

• Brief discussion on SAP XI and its' Integration with SAP MDM.

  Hi,
  I have never worked on SAP XI.
  I am discussing it on brief, please give your valuable replies.
  SAP XI consists of System Landascape Directory(SLD).
  SLD Consists of Business System and Techinical System.
  Technical System contains all information about the software
  component. The Business System consists of Inbound and Outbound Business
  System which are used as logical names for data transfer.
  There is communication Channel for Receiver and Sender Business System and n agreement
  is signed between Sender and Receiver.
  Outbound Interface defined for Business System Outbound and Techical System associated
  with the Business System,
  Inbound Interface defined for Business System Inbound and Techical System associated
  with the Business System.
  In SAP NetWeaver XI Integration Directory, we have defined the Integration Scenarios,
  Actions, Interface Objects, Mapping Objects, Adapters Objects.
  Mapping Object defines the Structure and Value Mapping.
  Adapter Objects defines the Adapter program which implements RFC Adapter, FTP Adapter logic.
  FTP Adapter is used for XI-MDM Communication.
  RFC Adapter is used for XI-ECC Communication.
  Integration Repository: Both Outbound and Inbound Interfaces are Mapped with Value mapping and
  Structure Mapping inside Integration Repository.
  The File Adapter takes the File from the Outbound port of MDM System
  and sends it as IDOC to Receiver Business System.
  Value Mapping must be done between Sender and Receiver interfaces.
  Value Mapping is done by XSLT or Java based program.
  SAP NetWeaver XI Integration Server at runtime:
  Message Split, Interface Determination, Receiver Identifaction, Mapping, Techincal Routing
  and Call Adapter Proccess are done.
  In SAP XI 3.0 and MDM 5.5:
  Step 1: Create busines system as service.
  Step 2: Create communication channel for each business service. If the system can communicate
  through different channels, then create all possible channel types if necessary.
  Step 3: Create receiver agreement between the systems.
  Step 4: Interface determination:
  - Here you see for the first time the software component mentioned;
  there are some special requirements regarding this software component in relation to the customizing ID mapping.
  - To modify this software component, the customer needs to copy the SAP standard delivered software component
  into its own namespace. The customer is able to modify to create archives
  for the customized ID mapping.
  Receiver determination.
  Configure an FTP Server on the MDS.
  Create a send folder for outbound messages using outbound port(s) for
  remote systems(s).
  Create receive folder inbound messages using inbound port(s) for remote systems.
  This ia all about concept of SAP XI Infractsture and its' Integration with SAP MDM 5.5.
  Regards
  Kaushik Banerjee

  Hi Kaushik,
  You must be aware of File types that MDM Import Manager can Import i.e. we have XML, Excel etc. Now there are two transactions to extract data from R3
  1. MDMGX -
           - For lookup table extraction
           - Output in XML format which MDM can import without using XI.
            - FTP can be configured to put the file in the desired folder which will be then picked by Import Server.
  2. MDM_CLNT_EXTR -
            - For Main table records.
            - Output is in Idoc format which MDM doesn't understand hence we need XI in between which converts Idoc file received from R3 into XML which can then be imported using Import Manager or Import Server. For this we need to implement XI Scenario that consists of Source System, Receiver System, Type of Data etc.
  Just a basic understanding...
  Regards,
  Jitesh Talreja

• Can you have IDM and GRC on the same stack?

  HI, I am new to IDM and am a Netweaver Basis professional with some performance experience around GRC. Is it wise to place the two together on the same stack?
  The customer will have 190,000 employees and lord knows what the roles will look like at this stage but I'm just a bit worried as I have seen the GRC jobs run for an awfully long time with a lot less users/roles and chew things up a bit
  the right advice appreciated.

  Now thats interesting.
  My architect told me that we were using the 7.1 version but in affect it runs on a 7.0 J2EE.... perhaps he is having me on. If you know for sure then let me know.... regardless I'll have a dig in the documentation.
  Naturally having Project and dev share with GRC should not be considered an issue but having production, pre-production and validation instances running combined with GRC is my concern as I have seen the GRC really slow up the system. The argument they are saying is the heavy jobs will run overnight and mostly just collection and configuration of GRC during the day. They are intending to run in production with 2 instances of 3 servers.

• How to or Step by step to connect SAP ECC and Data Integrator

  Hi,
  I need a document How to or Step by step to configure and connect SAP ECC 6.0 and Data Integrator or Data Services.
  someone help me?
  thanks!!

  Antonio,
  Please find the detail guide step-by-step document for different connectivity types at this following link on SDN under business Object section.
  [http://wiki.sdn.sap.com/wiki/display/BOBJ/ConnectingtoSAP]
  Thanks,
  Ashok

• SAP PI and Ariba integration (Master Data)

  Hi All,
  I have to integrate SAP with Ariba for master data interfaces.
  We have certain transaction data scenarios where we are using webservice communication with Ariba, but for master data interfaces what should be the approach?
  How we can use Ariba tool kit?
  How we do batch processing with Ariba Tool kit.
  Please advice.
  Thanks
  Shivi

  Hi Shivanjali,
  did you get chance to look at below liinks
  http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/05/24/configuration-of-ariba-network-adapter-with-client-certificate-in-netweaver-pi
  http://scn.sap.com/docs/DOC-43653
  http://scn.sap.com/community/high-tech/blog/2013/06/26/rapid-integration-with-the-ariba-network
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d060ac35-a269-3110-34b7-c7d3a1f54175?QuickLink=index&overridelayout=true&59064390272846
  Regards,
  Naveen    

• Questions on SAP BI and SharePoint integration

  Hi all,
  I was looking into how we can integrate SAP BI with our SharePoint server.
  Does anyone has got exposure to this type of integration?Is there anyway that we can achieve this integration using SAP Business Objects or Performance Points?
  Please advise.
  Thanks
  Kukku

  Hi all,
  We would like to get some thoughts on SharePoint integration with SAP BI.Could you please help us in solving the following questions:
  1. Which one is better? SharePoint integration through PerformancePoint Server 2007 or SAP Business Objects(SAP BO XI integration kit)?
  2. What are the starting point(system requirements)  to develop a prototype on both the methods?
  I was able to find some info on both PPS and SAP Business Objects from the above link and also from sdn documents(those were really helpful,thanks!) but none of them provide some detailed insight into which one to opt for or how you can goahead.If someone has got more info on this please let us know.
  Thanks
  Kukku

• SAP Workflow and GRC 10.1 Workflow

  Hi all,
      We are in the midst of upgrading our GRC system up to 10.1 and some questions are coming up about the workflows.  In short are GRC workflows and SAP workflows the "same thing", i.e. if someone outside of the upgrade project were to learn how to create/maintain workflows within GRC 10.1 would they be able to turn around and run the same transactions within an ECC 6.0 environment and create SAP Business workflows?  From what I have seen so far in my searching is that, they have the same basic principle but very different implementation/maintenance.
  Any documentation that you are aware of from SAP showing this would be helpful as well.
  Thanks

  The basic mechanism is the same, but the GRC workflows are more fixed (they leave less room for the workflow to be changed) have build in screens, and relay on the BRF engine to determine approvers etc.
  Workflows in the ECC give you a lot more room for implanting the workflow however you wish (use a decision task, asynchronous tasks, develop your own custom approval screen etc.) and some time required you to implement changes to the workflow object (set a user status, release a document etc.) and don't usually use the BRF.
  So I would have to say that the answer is no, someone who learned how to implement the GRC workflows will not be able to turn around and immediately create workflows in the ECC.  

• SAP MM and SD Integration steps

  Hi Friends,
  This is Ramakrishna,can any one give proper information about MM&SD integration, steps and process interview point of view.
  And also MM&PP Integration(MRP)
  Regards
  Ramakrishna
  Doha,Qatar

  Hi Ramakrishna,
  [Link Between SAP SD, MM & FI |http://www.sap-img.com/sap-sd/link-between-sap-sd-mm-and-fi.htm]
  [MRP|http://help.sap.com/erp2005_ehp_03/helpdata/EN/ff/515c4749d811d182b80000e829fbfe/frameset.htm]
  Thanks and Regards,
  Naveen Dasari.

• Need SAP SD and SD/FI Sample Resumes

  Hi,
  I would appreciate if anyone can send me sample resumes for SD and SD/FI.
  You can send it to: [email protected]
  I will reward generously.
  Thank you.

  Hi Hk7,
  Sent Mail.
  Reward if it helps
  Regards
  Srini

• SAP IDM vs SAP GRC

  Hi All,
  One basic question is coming again and again due to overlapping features of SAP IDM and SAP GRC. Why SAP IDM is required when all most all use cases can be fulfilled by SAP GRC? Is there any document available which can tell me why customer can choose IDM when he already has GRC?
  1. SAP IDM and GRC both can accomplish access request and provisioning.
  2. SAP IDM and GRC both has capability of risk management.
  Then why SAP IDM is required?
  Thanks,
  Dhiman Paul.

  Hi Dhiman,
  SAP IDM is more flexible and is Java based (providing excellent customizations).  GRC 10 is ABAP based and originally designed for Access Control.  As mentioned by Chris, IDM connectors are flexible than GRC & provisioning workflow is highly variable.
  I'd say if there are quite a few number of Legacy systems to be connected for IDM solution, SAP IDM would be an ideal choice than SAP GRC, as it can be implemented with less cost and customization.
  My simple opinion.  There may be other points as well.
  BR,
  Ganesh

• Right PAAS/Middleware for SAP HCM and SAP Cloud Integration ?

  In 2013, SAP has lot of Focus on SAP Cloud and SAP HCM on premises integration elements following the hybrid model, I will like to know the direction from SAP on integration Middleware/PAAS which will reap great returns in terms of TCO to customers over next 4-5 years basis the SAP Integration Road map esp the exposing standard connectors ?
  Please do keep in mind the the Middleware/PAAS should be able to support easy integration with Third Party Vendors like ADP/Hewitt etc

  The SFAPI and OData API are exposed for any web service integration, including Dell Boomi AtomSphere. The OData API can handle delta changes.
  HCI is an evolving platform and offers similar functionality to Boomi in terms of building integrations with a drag-and-drop interface, etc. There is a SuccessFactors connector provided for HCI and the Talent Hybrid integration content is available on HCI as well as PI. The Employee Central integration content currently available on Boomi should be available on HCI hopefully by the end of the year. The Talent Hybrid high-level roadmap can be found here:
  SAP HCM and SuccessFactors Integration Packages: an overview
  Boomi is included in the Employee Central subscription, but is very expensive to license for other use cases (i.e. Talent Hybrid scenarios). HCI costs 7.5% of the SuccessFactors subscription. PI is free. HCI may be included in the Employee Central subscription at a later date, but this is not definitely going to happen.