on 11-17-2009 2:49 AM
Hi All,
Would like to check a question with you. As I know SAP IDM can be connected with SAP GRC for risk analysis during user request. Does anyone know if there are any other IDM solutions (other than SAP IDM) which can be connected with SAP GRC and do risk analysis during user request?
Thanks in advance.
Benny Ren
Bin,
You can use SUN IdM and ITIM (IBM Tivoli) out of the box with SAP GRC Access Control. For other IdM solutions also, you can write code to consume webservices available from Access Control.
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Alpesh,
Thanks very much for the update. Something more to check with you.
As you know SAP IDM can use SAP GRC to facilitate preventitive control, which means the SOD check can be done before the authorizations are provisioned to the target system.
Do you know if Sun IDM and ITIM can also fulfill the same preventitive control?
Benny Ren
CUP offers a set of web services for integration with identity management systems.
Potentially, all IdM systems can provide the same level of integration. You'd have to ask the other verndors individually how well they have done this.
The exact method of integration may differ, there are many different scenarios possible. For example, you need to define if you want to initiate requests in IdM or CUP - at least with SAP IdM, both ways are possible and can even be combined.
Frank.
Hi All,
I would like to integrate SAP GRC with ITIM for SoD evaluations. However, am not able to find any correct documentation on how this can be done. I read that ITIM supports this out of the box but could not get help on how this can be achieved.
Any pointers from you will be really very helpful. Am completly new to this and looking for your help.
Thanks and Regards,
Ashish Choudhary
Ashish,
If you are completely new with this, you have to gain an understanding on how webservices work. If you have ITIM installed in your landscape, then you will have to connect to AC via webservices available from AC.
We have an IdM overview guide that can point you to the right direction, which can be found here:
http://www.sdn.sap.com/irj/bpx/index?rid=/library/uuid/20bfb824-ea45-2c10-b093-bd097a579793
Thanks!
Ankur
SAP GRC RIG
Hi Ankur,
I have good knowledge of ITIM and basic of web services. For web services I understand that we will need some WSDL file for the communication and all.
However, need to know if there is specific document which gives details about integration of SAP GRC for SoD Violations and ITIM.
Please share any information that you have. Will be really helpful for me to move forwardon this.
Thanks for your reply.
Regards,
Ashish Choudhary
Ashish,
you will find that the best way of integration is via the CUP web services. Calling a risk analysis directly will give you a result, but no way of reacting to it.
When one of your planned authorization changes runs into SoD issues, what you need is
- a way to display the information (what kind of risk, what's the root cause)
- a way to simulate alternatives, including taking away existing authorizations
- finding and assigning mitigating controls
What's your plan to do this -how are you going to deal with the Risk Analysis data in ITIM?
Frank.
Hi Ankur,
Thanks for your reply. As I understand the GRC adapter in ITIM works only with SAP resource (please correct me if I am wrong) and not any other ERP or non-ERP resource. Is there any way so that I can directly use webservices with ITIM without using ITIM adapter.
Hi Frank,
If I can integrate the webservice directly with ITIM, then what I can do is using the risk analysis find out what are the roles which violates the SoD. If web services can return that, then I can use the following steps:
- Create a Life cycle rule to find all the violations.
- Once violations are identified then send an approval for the violations.
- If this are approved, then the role can remain with the person.
- If rejected then the role will be removed through the life cycle it self.
Please let me know if what I think can be done and is feasible.
Thanks to all for your replies.
Regards,
Ashish Choudhary
Hi Ashish,
there is no openly published web service for risk analysis in RAR. The once you see are internal and subject to change without notice.
The documented way is to go via CUP; only there will you also ahev the GUI to deal with the result of SoD analysis. Going to RAR directly is a dead end.
Frank.
Hi Frank,
Thanks for the reply! What I want to do is, query the SAP GRC for SoD compliance (through some java code or web services call) and get the result for the SoD compliance. Then, based on result take the action.
Will this be possible through CUP? If yes, can you please point me to some documentation link.
Thanks and Regards,
Ashish Choudhary
Hi Ashish (and others),
I have exactly the same requirement in my project, where I need to query GRC from ITIM to find out about any SoD confilcts.
Based on the GRC response, we have different routes to take in ITIM workflow.
The SoD analysis is required in ITIM at a step when supplemental access is requested for a user in ITIM, and before completing the request, ITIM would query the GRC by calling GRC's CUP Web Service.
I have gone through the Config Guide also, but could not find enough useful information for my requirement.
If you were able to achieve the above and/or have more information which you can share, that will be highly appreciated.
As my requirement, I just need to query (analyse) the GRC and will not submit any modification request.
Thanks in advance.
Regards,
Saurabh
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.