on 12-09-2009 3:42 PM
I need to be able to add webservices into my function groups to create risks for AC 5.3 SP9.
Is there any guide available on how to create rulesets that contain webservices and how to load the equivalent of the USOBT/SU24 and TSTC information for web services?
Any help would be greatly appreciated.
Regards
Simon
Hi AMol
Thanks for the update, I will try this and when I have worked out the solution I will write a guide and publish it to the GRC Community.
regards
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Simon,
Can you please provide clarification on type of web services you are referring to? Are those hosted on SAP system or Non SAP system? How user access is restricted to web service?
I believe you will have to load the web service authorization data as if it is for a Non-RTA system (using RAR data Extraction functionality). As RAR SOD rule logic is based on Risk -- Function --Action --- Permission concept, you will have to represent webservices as dummy actions, add dummy permission if there are any further authorization restrictions on web services. Define and load dummy text and permissions ( to replicate USOBT/SU24 and TSTC information)
Define functions and risks based on dummy actions/permissions, generate rules. Refer latest AC configuration guide for Non-RTA system's data mapping templates which you will need to upload the authorization data
Hope I understood your question correctly, let me know if u meant something else.
Regards,
Amol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.