cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mapping ECC roles to Portal roles for CUP??

Former Member

on ‎01-21-2009 4:57 PM

0 Kudos

Hi all,

We are implementing GRC Access control along with a fresh SAP implementation on the portal environment. We are planning to use CUP (AE) for the user access management process which is connected to the ECC backend system and the security administration is going to be centralized. However, the portal is the only point of entry for the user and so we also have portal roles built and to be assigned to the user/user group. But the challenge we are currently facing is :

1. In the CUP workflow, how do we make sure that user requesting Role A in ECC system will get Role Ap from the Portal as well

2. How is the mapping between the Portal and ECC role be established? We do not want the security administrators (decentralized) to assign the portal roles manually as it will be too much hassle. Is there a better approach to achieve this?

Appreciate your suggestion from your past experience.

Thanks

Siri

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎02-10-2009 3:50 AM
0 Kudos

Hi Kee,

As far as I know, CUP is an user provisioning solution so you can not provision roles to user groups via CUP. When you provisiong via CUP, it will create an user and/or assign roles to an user in EP.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎05-04-2009 5:15 PM
0 Kudos

FYI, With GRC 5.3 SP 5, you can auto-provision Portal roles, Portal groups in Portal if the workflow is correctly defined.

This new feature along with role mapping can automate all the ABAP, Java provisioning in one request.

This is cool..

Just thought of sharing this information as I have been struggling for a solution.

Hope this helps..

Thanks

Kee

Former Member
‎01-23-2009 2:53 PM
0 Kudos

Thanks Alpesh.

I definitely will try this option and let you know..

Awarded points for your timely response

Regds

Siri

Show replies
Show replies
Former Member
‎02-10-2009 3:27 AM
0 Kudos

Hi Alpesh,

While mapping the Portal roles to the ECC roles in CUP, where does the role provisioning happen in Portal (if auto-provisioing is configured) ? Can we configure the Portal roles to be assigned to user groups instead of the users (as this is the most preferred method for maintaining Portal roles) ?

Is this possible through role mapping in GRC?

Appreciate your response..

Thanks

Kee

Former Member
‎01-21-2009 5:58 PM
0 Kudos

Hello Siri,

I have done this before for SAP R/3 and it should not differ for EP. CUP has a nice functionality called 'Role Mapping', which can be used in this scenario.

Both of your questions lead to same answer. Go to configuration -> Roles -> Role Mapping configuration to enable Role mapping. Once enabled, go to Role Mapping sub menu to create main role and relationship between associated roles.

Click on 'Add main role' and add the ECC 6.0 Role A. Once added click on 'Add' button and add the Role AP from SAP EP. This should finish the required configuration.

Now, test this and let me know if it works or not.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎01-21-2009 5:10 PM
0 Kudos

Just for clarification:

The user administration and role assignment is going to be decentralized.

Show replies
Show replies
Ask a Question