cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 5.3 (SP14) RAR and webservices

former_member577095
Participant

on ‎01-25-2012 8:46 PM

0 Kudos

Hi all,

in our company we have full GRC AC 5.3 suite SP14 (RAR, ERM, CUP, FF). Actually we have implemented only RAR and FF.

For all NON SAP applications, we have implemented a custom workflow (with Sharepoint) for users management.

Instead of use CUP, we would like to integrate RAR (for SOD Risk Analysis) our custom workflow through web services.

Is it a possible scenario ?

Is it mandatory to use CUP or we can call directly RAR ?

Many thanks in advance.

Andrea

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

koehntopp
Product and Topic Expert
Product and Topic Expert
‎01-31-2012 7:34 PM
0 Kudos

Hi Andrea,

even though there is a risk analysis web service, it's not a public one and not supposed to be used (it's also not well documented...). There would also be the issue of making changes to the request as a result. You'll need to display risk analysis results in a way that's meaningful to the user, and allow for stuff like simulation or adding mitigations - risk analysis is most likely not just a yes/no decision.

This is why the public web services have been implented to CUP. You can call CUP from your Sharepoint app (granted, there'll be a diufferent UI), and then react to the risk analysis result. You'd be able to manage and document risks in requests and their mitigations there, and use your custom provisioning method.

Another alternative is to implement CUP for SAP (how do you manage users there now?) and implement the non-SAP systems there, too. You can then define your custom implemetation as an Identity Management system and hand over the request for provisioning.

There's a document here on BPX that describes GRC AC / IdM integration scenarios and has documentation of the web services.

Frank.

Show replies
Show replies
former_member577095
Participant
‎02-17-2012 5:09 PM
0 Kudos

Ciao Frank,

thanks for your help.

I do not really understand the concept about GRC AC webservice.

In the CUP configuration, we need to specify the VirsaCCRiskAnalysisService in order to use it.

Since the CUP is using webservice VirsaCCRiskAnalysisService, why we cannot use the same webservice in a custom application ?

We are performing some tests and we are successfully able to call VirsaCCRiskAnalysisService webservice.

We are not able to see the risk analysis result.

Do we need to call a further web service in order to get risk analysis results ?

One other issue is related to the threshold result. If a user has too much conflicts, the web service return an error message.

Thanks.

Andrea

former_member577095
Participant
‎05-02-2012 10:35 PM
0 Kudos

Hi again,

we are using RAR webservice VirsaCCRiskAnalysisService but it seems that it performs only risk analysis at ACTION level (and not at PERMISSION level).

Since there is not available any documentation, do you have any idea of which are the correct input parameters in order to launch a risk analysis at PERMISSION level.

When we try, from CUP side, to run a risk analysis, the webservice is sensible to ACTION/PERMISSION level setting. So, we expect that the webservice should work at PERMISSION level also when called directly.

Thanks in advance.

Andrea

former_member577095
Participant
‎05-23-2012 8:35 PM
0 Kudos

Hi all,

we have found a working solution using the GRC IDM web services:

  • SAPGRC_AC_IDM_SELECTAPPLICATION
  • SAPGRC_AC_IDM_SEARCHROLES
  • SAPGRC_AC_IDM_REQUESTDETAILS
  • SAPGRC_AC_IDM_SUBMITREQUEST
  • SAPGRC_AC_IDM_RISKANALYSIS
  • SAPGRC_AC_IDM_REQUESTSTATUS

All is working perfectly and we are developing a custom workflow well integrated with GRC RAR and CUP component.

Andrea

Former Member
‎01-31-2012 6:43 AM
0 Kudos

Hello Andrea,

I also do not know an implementation like this, but it should be possible, since there is a Web Service for this (used by CUP).

Maybe if you have a developer experienced in WSDL and SOAP, he can understand better the information on sapnote_0001522564 How To Test a Web Service and figure out how to implement a RPC interface.

What I can tell is that I did some tests in the opposite way, creating a CUP request using the link to wsnavigator/enterwsdl.html. I ran a test for web service AEWFRequestSubmissionService_5_2 and could create a simple CUP Request (request type with no roles assignment, just to have reduced arguments).

Another thing you can do is to look for development companies like Greenlight, specialized in plug-ins for GRC, maybe they already have some customizable plug-in for Sharepoint.

Good luck! Let us know if you succeeded in this.

Vaner

Show replies
Show replies
Former Member
‎01-26-2012 9:01 PM
0 Kudos

Hello Andrea,

I don't know if someone is using the web services as you're planning.

Actually, there's an option to extract data from GRC and export for reporting purposes using Data Mart:

Note 1369045 - AC SP09 Data Mart Design Description

Cheers,

Diego.

Show replies
Show replies
Ask a Question