on 07-15-2010 7:52 PM
Hi,
We have an inbuilt custom access management application and would like to integrate with RAR for running risk analysis reports.
We do not CUP.We just want to get the risk analysis reports from RAR and show in our custom applications.
Can we use SAPGRC_AC_IDM_RISKANALYSIS webservice or some other web service available to integrate RAR with custom application.
Is there any other option to integrate GRC with custom IDM application from the risk analysis perspective
Hi ,
Thanks for the info. It was very useful. I have 2 more doubts.
1)Can we use Risk Analysis (SAPGRC_AC_IDM_RISKANALYSIS) webservice without installing CUP.
2)This webservice requires request id , which we will not have untlil we create a request in CUP.Besides request id, it has user id and system id as input field.
Is there a way or any other web service available, which accepts some other fields like role (particularly), analsysis type,etc, and then return us analysis data.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Saurabh,
while the RAR web service may give you analysis results, the SAP approved way to do this is through the published CUP web service interface (dopcumented in the AC Configuration Guide). The RAR web service is not published and may be subject to change without notice.
As it may not be obvious why you want to do that, here's what you get going through CUP:
- Risk results may be large. It's not just a red or green light. CUP has a display component that shows you the origin of conflicts, and you can drill down to the details.
- You may want to react to risks in a meaningful way: take away a role, assign a control. CUP can return changed request content for you to process.
- You may want to simulate stuff like "will the risks go away if I take out that one role or switch it for a different one". CUP does that.
- CUP also documents what you did to react to the risk, which is important for audit purposes.
Again: that is still in co-operation with your own solution. You do NOT need to do a full-blown CUP rollout to do that.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Alpesh,
Which documento do you refer to?
Thanks for all. Kind regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Saurabh,
That is the right webservice. There are other webservice available with AC 5.3 which will allow you to integrate any solution with RAR. The webservice document is available on the GRC BPX web site.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.