cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WebServices in GRC v10.0

Go to solution
Former Member

on ‎07-26-2011 9:50 AM

0 Kudos

Hi all,

I have three questions to WebServices regarding SAP GRC v10.0:

1. Is it possible with v10 to check permissions via WebServices (SAPGRC_AC_IDM_*) only with the RAR component? In v5.3 it was only possible, if CUP was installed too.

2. Contain the WebService SAPGRC_AC_IDM_RISKANALYSIS in v10 a analysis of critical permissions? In v5.3 only SoDs and critical actions was checked.

3. What is the task of the parameter includeCrossSystemsAnalysis of the WebService VirsaCCRiskAnalysisService in v10? In v5.3 the value of this WebService has no impact to the SoD check (it SHOULD be:

includeCrossSystemsAnalysis == true ==> cross system SoD check

includeCrossSystemsAnalysis == false ==> single system SoD check

But doesn't matter what's the value of the parameter. There is always a cross system check. Has this changed in v10.0?

Regards

Peter

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

koehntopp
Product and Topic Expert
Product and Topic Expert
‎07-27-2011 12:03 PM
0 Kudos

Hi Peter,

AFAIK the web services have not yet been published.

If you had the web service return violations without the requirement for CUP, what would you do with that information?

I hear that question a lot, I would really like to understand the ideas behind it.

To one of your other questions: cross system check is only possible for dedicated cross system risks. If there are no such risks defined, this will not yield any results no matter what the value of the parameter is.

Thanks,

Frank.

Show replies
Show replies
Former Member
‎07-27-2011 1:27 PM
0 Kudos

Frank, thank you for response

@CUP

Our customer won't implement CUP because it has another system for privilege approval etc.

@Cross system check

I am not sure if you understand: We configured cross system risks which we also discoverd in our analysis. But we discover the cross system risks every time, regardless which value is assign to includeCrossSystemsAnalysis

koehntopp
Product and Topic Expert
Product and Topic Expert
‎07-27-2011 3:21 PM
0 Kudos

Peter,

the cross system issue sounds like a bug - I suggest you open a ticket with SAP.

I understand that people may not want to implement CUP, but what else do they do with what the web service returns?

- how do you display the result (which may be large), including the information necessary for remediation/mitigation?

- how do you discover alternatives (simulation)?

- how do you hand over to remediation/mitigation

Frank.

Answers (0)

Ask a Question