- SAP Community
- Products and Technology
- Additional Q&A
- GRC, CUA and IDM
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC, CUA and IDM
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-08-2011 4:55 PM
We are in process of installing GRC 10.0 in our landscape. We have following questions?
1. Can I run my CUA from GRC box instead of say Solman?
2. Can I hook GRC with LDAP so I import the users from active directory?
3. Do we need IDM, if active directory is hooked up to the system where we have the CUA?
Regards,
Kedar
Edited by: Kedar Joshi on Aug 8, 2011 5:57 PM
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Kedar
1. Can I run my CUA from GRC box instead of say Solman?
Yes ,very much .You can connect your CUA directly to SAP GRC .
2. Can I hook GRC with LDAP so I import the users from active directory?
Yes ,for sure .
3. Do we need IDM, if active directory is hooked up to the system where we have the CUA?
It depends for what all purpose you want to use IDM .IDM can be very well integrated with GRC.
In your case , i feel you already have a user repository (LDAP) so if only for user data source you want to use IDM it is not required as you already have LDAP . But if you planning to use other features of of IDM ,you can go ahead it is supported by GRC .
Thanks & Regards
Asheesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Kedar,
The easy answer to your question is yes to all of them!
1. It is technically possible to run CUA from the GRC box as it is an ABAP based environment.
Depending on your user provisioning processes though, you may want to consider the scope of using CUA.
For example, you may want to retain CUA for pre-production access but may want to have automated Access Request Management (CUP) for the production environments. Alternatively, if you are going down the full IDM route, you may wish to have everything provisioned via GRC rather than having the additional manual assignments through CUA.
2. Yes, you can still connect to LDAP Active Directory from GRC. There is a technical change in setting up the connection as it uses an RFC destination rather than a JCo but it's still possible and actually advisable for creating a single user master source.
3. This is slightly more difficult to say without further knowledge of your organisation. Generally, IDM is focussed on a more holistic view of User Access across the enterprise estate. IDM is still of use when managing SAP and Non SAP applications and managing the roles from a business perspective. Whilst GRC is able to offer the business role concept inherently, it is still slanted towards the management of risk rather than pure Identify Management and therefore the tools do perform a separate yet integrated function.
I hope this helps.
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thanks Simon,
The requiremnet is to have
1. CUA
2. GRC
3. LDAP users should show up in SAP so if somebody gets terminated,he should get locked in SAP etc etc.
So I though I can put GRC and CUP together and have ldap hooked up to GRC. It seeems its possible.
The IDM thing we are not sure as of now and I was going through the install guide, it talks more about the roles etc but I think those roles are not SAP roles but the role of a person. I have never worked in IDM. Is my assumption right?
Kedar
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Kedar,
Yes, your assumption is correct. Within IDM, the Role is often a more generic business role or Job function rather than technical role.
It will be similar to the GRC Business role concept whereby it is a mixture of technical functions and organisational responsibilities e.g
Purchasing Manager =
LAN access
email access
SAP access to approve POs
SAP Access to approve team member's expenses, timesheets
SAP BI access to view reports / KPIs
Bespoke application access for ...
You should be able to achieve your key requirements without IDM but if you want a cross system repository to act as the job to role and user to job database then that might still be on the wish list.
- Bank key for International banks in Financial Management Q&A
- Análise Combinatória de dados de bancos diferentes in Technology Q&A
- SOAMANAGER - Field Cardinality - Min Occurence - WSDL in Technology Q&A
- SWPSTEPLOG table partitioning in Technology Q&A
- 体验更丝滑!SAP 分析云 2024.07 版功能更新 in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.