cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integrating inbuilt Access Management application with RAR

Former Member

on ‎07-15-2010 7:52 PM

0 Kudos

Hi,

We have an inbuilt custom access management application and would like to integrate with RAR for running risk analysis reports.

We do not CUP.We just want to get the risk analysis reports from RAR and show in our custom applications.

Can we use SAPGRC_AC_IDM_RISKANALYSIS webservice or some other web service available to integrate RAR with custom application.

Is there any other option to integrate GRC with custom IDM application from the risk analysis perspective

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎07-16-2010 4:52 PM
0 Kudos

Hi ,

Thanks for the info. It was very useful. I have 2 more doubts.

1)Can we use Risk Analysis (SAPGRC_AC_IDM_RISKANALYSIS) webservice without installing CUP.

2)This webservice requires request id , which we will not have untlil we create a request in CUP.Besides request id, it has user id and system id as input field.

Is there a way or any other web service available, which accepts some other fields like role (particularly), analsysis type,etc, and then return us analysis data.

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎07-16-2010 10:57 AM
0 Kudos

Saurabh,

while the RAR web service may give you analysis results, the SAP approved way to do this is through the published CUP web service interface (dopcumented in the AC Configuration Guide). The RAR web service is not published and may be subject to change without notice.

As it may not be obvious why you want to do that, here's what you get going through CUP:

- Risk results may be large. It's not just a red or green light. CUP has a display component that shows you the origin of conflicts, and you can drill down to the details.

- You may want to react to risks in a meaningful way: take away a role, assign a control. CUP can return changed request content for you to process.

- You may want to simulate stuff like "will the risks go away if I take out that one role or switch it for a different one". CUP does that.

- CUP also documents what you did to react to the risk, which is important for audit purposes.

Again: that is still in co-operation with your own solution. You do NOT need to do a full-blown CUP rollout to do that.

Frank.

Show replies
Show replies
Former Member
‎07-16-2010 8:10 AM
0 Kudos

Alpesh,

Which documento do you refer to?

Thanks for all. Kind regards,

Imanol

Show replies
Show replies
Former Member
‎07-16-2010 2:32 AM
0 Kudos

Saurabh,

That is the right webservice. There are other webservice available with AC 5.3 which will allow you to integrate any solution with RAR. The webservice document is available on the GRC BPX web site.

Regards,

Alpesh

Show replies
Show replies
Ask a Question