on 06-24-2009 11:39 AM
Hello,
We have a 50 User id's ECC system and we have created a set of user id's in GRC
(like riskowner, roleadmin Approver).
Few Queries are:
1) Do i need to create existing User ID's in SAP GRC UME?
2) If NO then how user will request for a Role access in CUP by using which user id he will login in GRC?
3) For Eg: If a FINANCE Manager has a ECC user id and he wants to approve a Role can he login using the ECC user ID in CUP?
Thanx in Advance
Regards,
Kumar Rayudu
Sorry Kumar but this statement got me confused:
"We have a 50 User id's ECC system and we have created a set of user id's in GRC"
What do you mean by you created user id's in GRC? GRC is not a product and you can not create users in any of the GRC products. I am sure you meant CUP here. GRC Access Control product can talk to LDAP, UME, SAP, SAP HR for authentication so it does not have it's own user administration module.
You can connect Compliant User Provisioning module of GRC AC to UME, SAP or LDAP for end-user (requestor) authentication but approvers and administrators have to reside in SAP UME.
In simple words, if all or most of your endusers exist in LDAP or SAP, you can configure authentication system as LDAP or SAP in CUP. You will have to create user ids for all the approvers and administrators in SAP UME.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi Rayudu,
You need to create different users in UME (GRC) for approver, monitor ,role owner etc by assigning different appropepriate UME roles (actions). And these users will approve requests for creating, changing, deleting, locking/unlocking users which will come to them.
Thanks,
Sudip.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Alpesh is correct.
However I think it is not always needed to create the approvers in GRC system UME.
If you authenticate to your SAP backend or better LDAP then you can assign e.g. the approvers a SAP approver role on the backend or approver group in LDAP. Within UME on GRC AC you then assign your UME role to the group (either role or LDAP group name).
Every user then assigned to the SAP backend role in case of SAP backend authentication or approver group in LDAP can authenticate to the GRC AC system and would have the approver authorizations.
We are in progress to make this work in LDAP in combination with SSO via portal, so I do not have the practical experience yet.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.