on 01-11-2010 4:29 PM
Hi,
I have a DEV GRC instance and production GRC instance.
I am connecting my DEV GRC to my DEV & QAS SAP systems and am configuring superuser privilege manager on the DEV & QAS SAP systems.
I am connecting my PRD GRC RAR system to my DEV, QAS and PRD SAP systems. I am wondering can I configure SPM on my QAS SAP system so that it links to both my DEV GRC and PRD GRC systems?
Thanks,
Niamh
Niamh,
SPM and RAR have one to one relationship so I don't know anyway you can connect SPM to more than one RAR instance. RAR, SPM, CUP and ERM are not separate products anymore. They are part of Access Control and they all go together as different components of Access Control.
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks All,
that answers my question. I only need to connect one system anyway now.
Thanks,
Niamh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Niamh,
first of all - why would you want to do that?
SPM uses RAR to display SoD violations in SPM sessions. What would be the benefit of doing that on two different systems, probably with differing rule sets...?
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Frank,
I'm with you on that one!
Niamh,
The original question seems to be about referring to two separate RAR systems from one SPM implementation. Is that correct?
I am not sure what the end goal of this is as RAR is only the repository for risk and SoD data?
In any case, only one connector ID can be defined in the SPM config and therefore only one destination can be identified. (Unless you have configured your infrastructure with lots of virtual hosts etc.).
If the question is about being able to jump from one system to another using a FFID then that is indeed a different problem but I see no reference to that in the question, just the response!
Simon
Niamh,
The password for the FFID is always automatically and dynamically generated in the production system where the user is starting a FFID session, when an user tries to logon by the use of that FFID.
Thus if someone tries to access to the production system from the development system via RFC connection by the use of that FFID, he/she (who is trying the access to the production system) don't have any way to generate and know the actual password, and the access to the production system is impossible.
I hope that answers your question.
Ankur
SAP GRC RIG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Niamh,
The password for the FFID is always automatically and dynamically generated in the production system where the user is starting a FFID session, when an user tries to logon by the use of that FFID.
Thus if someone tries to access to the production system from the development system via RFC connection by the use of that FFID, he/she (who is trying the access to the production system) don't have any way to generate and know the actual password, and the access to the production system is impossible.
I hope that answers your question.
Ankur
SAP GRC RIG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.