cancel
Showing results for 
Search instead for 
Did you mean: 

AC Validation Job

Former Member
0 Kudos

Hi All,

I have got small clarification regarding AC Validation Job in IDM ..... Does this job can be used in the centralized scenario because we have got requirement of approval in GRC as well.

Every time I read Configuration Guide ( SAP NetWeaver Identity Management Compliant provisioning using SAP Access Control)  it say AC Validation Job is   reserved for Distributed provisioning however you can be used in centralized scenario  , although they are few adjustments on both the GRC10 repository definition and on GRC side need to be done in order for the task to be used in centralized scenario.

Document didn't mention anything about adjustments, I would be every much thankful , If someone can share some insight on this topic or how to deal with approval workflow in GRC system.

Regards,

Ali.

Accepted Solutions (1)

Accepted Solutions (1)

Murali_Shanmu
Active Contributor
0 Kudos

Hi,

I am assuming that for every role assignment, you are looking for an approval in GRC. You are using a Centralized Provisioning with result polling option.

Yes, you have to add "AC Validation" tasks to the GRC10 repository under Event task for "Add Validate" task. This will validate all your role assignments.

I hope you have done the Privilege enrichment as suggested in the document.

Cheers.

Murali

Former Member
0 Kudos

Hi Murali,

Thanks for your response...

Yes, I am using centralized Provisioning with result polling option,At the movement for every role assignment but i am sure in future they would be few exceptions.

Secondly , Is there anything need to be done from GRC system  ( so that i can inform GRC consultant ).

Cheers,

Ali.

Murali_Shanmu
Active Contributor
0 Kudos

Hi,

I am clear with you you mean by "few exceptions", Are you looking at an option to restrict what roles go to GRC for approval ?

There are lot of things to be dobe in GRC.  Web Service would need to be activated, BC Sets for Access Requests and its corresponding Workflows need to be configured. Also, Global Provisioning Config needs to be maintained.

Former Member
0 Kudos

Yes , absolutely your very much right.

I have just got confirmation from GRC consultant

  1. Web services are activated (as per SAP NetWeaver Identity Management Compliant provisioning using SAP Access Control recommendation ) , apart from these , any future Web services need to be activated.
  2. BC set for workflow are activated & tested.
  3. User are automatically provisioned using the Global Provisioning.

Is this complete list or any other adjustments need to be done in GRC side.

Murali_Shanmu
Active Contributor
0 Kudos

Looks fine. There is always something missing when doing the first time

Proceed with this for now and see how it goes.

Cheers,

Murali.

Former Member
0 Kudos

I have tried but unfortunately I am getting below error in "Submit AC Request"  , Does any parameters need to be maintained in GRC or anything else.

I have attached available global parameters snap shot after Initial load - commons

Many Thanks....

Cheers,

Ali.

Murali_Shanmu
Active Contributor
0 Kudos

Hi,

Can you please post the repository constants for GRC10 ?

Also, in your VDS, increase the Operation Log level to "ALL" and see what error message you can see in those logs.

You should be able to see a request like below where the request type and parameters will be populated. Examine this one and see.

{requestreason=[Sent by Netweaver IdM : user needs to assign / deassign

privileges to SAP back-end], request_employeetype=[XXX], roledata=

[ROLEID=XXX!!ROLETYPE=SIN!!SYSID=XXX!!

ITEMTYPE=XXX!!VALIDFROM=XXX!!VALIDTO=XXX!!action=XXX],

request_priority=[XXX], validfrom=[XXX], bproc=[bproc], telephone=

[XXX], functionalarea=[XXX], validto=[XXX], mgrid=

[XXX], lastname=[XXX], requestorid=[XXX], auditid=[XXX], cn=

[XXX], request_type=[XXX], request_initiator=[XXX], firstname=[XXX], emailaddress=[XXX], requestoremailaddress=

[XXX], empjob=[XXX]}#

Cheers,

Murali.

Former Member
0 Kudos

Hi Murali,

Sorry for delay in response , Please find below GRC10 constants & log from configuration trace.

GRC10 constants

Configuration trace logs

Cheers,

Ali.

Murali_Shanmu
Active Contributor
0 Kudos

Looks good.

Can you pls debug further with the step in this blog of Kai's. Infact, he shows how to troubleshoot for the same error message. Please post your findings.

Thanks.

Former Member
0 Kudos

Thanks Murali ... it is working now

Murali_Shanmu
Active Contributor
0 Kudos

Hi Mohammed,

Good to know that your issue is resolved. Could you please post what was the reason for the error.

Thanks

Murali.

Former Member
0 Kudos

I have applied note 1833773 & corrected initiated system name constant.

Cheers,

Ali.

Answers (0)