cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GRC Access Control 10 Transport strategy and LDAP integartion

Former Member
0 Kudos

Hi Experts,

I have two quick queries and would seek your attention.

A. Is there any manual which talks about GRC Access Control 10.0 transport strategy, in terms of what is covered under transport and what is required to be configured manually in Dev to QA to Prod systems.

B. Is there any manual which talks of integrating LDAP server for user source and user deatil source for SAP GRC 10.0

Thanking you in advance.

Thanks & Regards,

Abhimanu Kumar Singh

Accepted Solutions (0)

Answers (2)

Answers (2)

simon_persin4
Contributor
0 Kudos

Regarding Transport Strategy, there is an article which I have written and is published on GRCexpertonline!

Although the landscape maybe similar you should really evaluate and re-define what it is that you want to achieve from your solution as transports in GRC 10 can make your life a mess. Also, if you are thinking about configuring directly in production with the client open for changes, think again as auditors will raise findings over things like that. As long as you manage it "correctly", transports will allow you to have much more control and consistency in your systems.

Simon

Former Member
0 Kudos

Simon,  I am doing some research on whether a transport system should or how it should be setup for GRC 10.1.  It is a all ABAP system but I am not sure if we really need transport to move user and roles for provisioning through the transport system.  Our customer system is a two system landscape. one managing non-prod systems and the other production systems.  I am not sure what advantage a QA GRC system would really give us.

simon_persin4
Contributor
0 Kudos

Thomas,

Your GRC QA system allows you to adequately control the risk of releasing erroneous or sub-optimal changes into your GRC Production system. Your GRC Production system controls access to maintaining PRODUCTION user master records and also contains the PRODUCTIVE set of access risks which are assessed by audit.

Any configuration which is relevant for managing that functionality should be transported through the GRC landscape otherwise, you are effectively putting any operational controls over the quality of the process or the quality of the data at risk. If you do not have a QA system, you have no test bed in which to adequately check your configuration when transported. In a two tier environment, every time you release and import a transport you are effectively crossing your fingers and hoping for the best. Not good practice.

You mention that you have the development GRC system to control the non-prod SAP systems. Why would you do that?

In effect you're basically just having a free-for-all access strategy for your non-prod SAP systems by controlling the access to them from an uncontrolled environment. Why wouldn't you use your PRODUCTIVE GRC system to manage all of the SAP systems (albeit, with different approval conditions) which would then strengthen the controls around all systems and allow you to manage the risks effectively?

Regarding the uploading of repository data e.g. User Role Syncs and BRM Role imports, that is a different case. You should only upload the data which is required to operate effectively. e.g. Test data in your Dev & QA systems and productive data in the Production system. That is not transportable and is sync'd through your connectors (configuration which should also be transportable).

I hope I've stated the case clearly enough.

S

Former Member
0 Kudos

Hi

OSS note 1548110 gives details steps and also a pdf document for LDAP integration.

Further as regards to the transport strategy are u referring to specific objects?

Pl refer to the same.

Regards

Hemant

Former Member
0 Kudos

Hi Hemanth,

Thank you for the update and letting me know the SAP note for LDAP integration, I had managed to get one though.

I am looking for the manual which talks about the transport strategy for SAP GRC 10 Configuration along with master data from Dev to PROD system.

I would like to get some help to identify as to what we can be transported for SAP GRC 10 and what we can not ( which may require to be configured manually in Production system)

Hope I am clear on my query.

Thanks & Regards,

Abhimanu Kumar Singh

Former Member
0 Kudos

Hi Abhimanu,

The transport strategy for grc 10 is similar to that of GRC 5.3 in terms of landscape. I believe you cannot transport all Master data. The listing is not given by SAP.

Rest all process for configuration transport stands same.

Regards,

Prasad

Former Member
0 Kudos

Hi Prasad,

Thank you for the effort made, but unfortunaltetly looks like either you have not understood my question correctly or not replied to my question the way I am looking for.

The Landscape and Transport strategy at the high level will still remain the same, what I am looking for is something beyond that.

Looking forward for some more detail.

Thanks & Regards,

Abhimanu Kumar singh

Former Member
0 Kudos

There is a wrong OSS number mentioned.

The correct number is : 1584110

Former Member
0 Kudos

Hi Norbert,

Yes you are correct, I was about to update, but I must say you are lightening fast .

Former Member
0 Kudos

Hi

this was typo error and regret for the same.

i had used the note no mentioned by and could achive the complete settings.

Regards

Hemant

Former Member
0 Kudos

Hi Abhimanu,

My apologies for late reply. Please find my response below

May be I can explain in your language. I believe you already ‘know’ SAP has moved into the ABAP stack (With Transports) so all your SPRO configurations would ask you for transports if you need a list of GRC 10 objects that can be transported let me know (GRC AC and PC (considering your PC consultant) would have transport created).

Except for your masters created through (NWBC or Upload programs) and the post installation steps most of the configuration can be transported.

To provide you some ‘more details’ all the GRC 10 AC objects are ‘Customizing Objects’ client dependent changes which allow you to mange content within clients for two system landscape.

Anyhoooo’ you know SAP standard is 3 tier landscapes. Based on the below input I feel you may use your prior PC experience to manage the transport management in AC.

Let me know if I can provide ‘more’ details.

Cheers,

Prasad