cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integrate GRC Access Control 10 with BObj

Go to solution
Former Member

on ‎08-28-2013 5:03 PM

0 Kudos

Dear experts,

Currently we are implementing GRC Access Control 10 for ERP, SRM, BI and SolMan. In addition to these systems, the client requires to implement GRC in BObj. Specifically, we intend to integrate GRC with BObj for at least AUTH and PROV scenarios, so we can create users for BObj through GRC, provision them with roles and perform access risk analysis.

Do you know if there is any type of integration supported by BObj with GRC AC 10? Is there any plugin available for this or any SAP note or Configuration Guide regarding to this topic?

Thank you,

Best Regards,

Nicolás

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎09-02-2013 4:31 AM
0 Kudos

HI Nicolas

I've implemented BOBJ before where I had the authentication source as SAP BW. I did this as the BOBJ reports used SAP BW cubes so users also needed anlaysis auths, etc.

In doing this, I provisioned users their BOBJ access using SAP BW Shell roles. The BOBJ has a sync job that would import the SAP role as a Group. Within the security I built BOBJ roles to set the permission and assigned them to the SAP Group. Therefore, users would inherit their BOBJ access from their SAP BW.

This suggestion would allow you to do CUP for SAP BW access with sync jobs in BOBJ. It won't cover risk analysis. For SoD checks you could then consider a legacy connector to import the user and role information

It would be interesting to see what recommendation SAP comes back with for this situation.

Regards

Colleen

Show replies
Show replies
Former Member
‎09-12-2013 3:11 PM
0 Kudos

Hi Coleen, how are you?

I believe that right now this is the best way to implement the integration between GRC and BObj. We had already scheduled the sync job to import SAP roles as groups but we wanted to find another way to connect GRC directly with BObj. However, this scenario fulfils our requirements, as users that access BObj will need to have a user ID in BW.

I believe that risk analysis will not be considered, as we will not use legacy connectors in this project.

Thank you


Regards

Nicolás

Colleen
Advisor
Advisor
‎09-13-2013 12:11 AM
0 Kudos

Hi Nicolas

Good to hear you have the decision

For risk analysis - you need to decide if there are major business risks or if you can identify them through SAP BW authorisations. If not, you could at least maintain critical roles for SAP BW shell roles where you have provided administration access, etc in BObj

Still, it'd be good to see what connectors/syncs SAP can provide for non-ABAP based systems. Possibly @Prasant_Paichha comment about GRC 10.1 with HANA will also provide solution for Business Objects.

Regards

Colleen

Answers (1)

Answers (1)

former_member193066
Active Contributor
‎08-29-2013 11:32 AM
0 Kudos

Hello,

I think you wanted to integrate with BOBJ DS?

I think not possible ,as users are created at DB level

Regards,

Prasant

Show replies
Show replies
Former Member
‎08-29-2013 6:01 PM
0 Kudos

Hello Prasant,

In fact we intend to integrate GRC with BOBJ Data Services and Reporting. That is, we want to create users, provision them with access levels and groups and perform risk analysis. At least we want to create users in BObj through GRC

And if they are created at database level, why is it impossible to integrate GRC and BObj?

Thank you for your answer.

Regards,

Nicolás

former_member193066
Active Contributor
‎08-30-2013 8:53 AM
0 Kudos

Hello,

I would suggest check GRC 10.1 that might integrate and it can integrate with SAP HANA.

Would suggest to check with SAP aswell.

Regards

Prasant

Former Member
‎08-30-2013 9:48 PM
0 Kudos

Thank you Prasant,

In fact we are implementing GRC 10 in our client, so we intend to integrate this version with BObj

Perhaps we'd better check with SAP.

Regards,

Nicolás

Former Member
‎08-30-2013 10:41 PM
0 Kudos

Hello Nicholes,

Can you pleas update the flow you are using, we are also thinking to integrate BOBJ user provisioning with GRC , Can GRC direct hits BOBJ groups created in CMC?

Thanks

K

Former Member
‎09-12-2013 3:50 PM
0 Kudos

Hello Karthik,

Colleen's answer may answer your question. I believe that right now there is no way to connect BObj directly to GRC unless you do it with a legacy connector. Therefore, you cannot directly create BObj groups.

What you can do is create roles in ABAP, for example in BW, configure SAP authentication in BObj, connecting it to BW, import the roles you have created in ABAP and then those roles are created as groups in BObj. You can assign access levels to those groups, so if a user is assigned a role in the backend, and then you synchronize this role in BObj, the user will be created immediately in BObj and will inherit the access levels assigned to the group.

Regards

Nicolás

Former Member
‎09-12-2013 7:30 PM
0 Kudos

Hello Nicoles,

That was the solution i already proposed to client , using solution manager as base ABAP stack and importing users from it( aliasing to AD in BOBJ, so we wont miss SSO), so that even the promotion of security will be in sync from BOBJ side. But i was bit curious to know if there was any direct connection.

Anyways thanks for the reply and recommendations.

Thanks

Karthik

Ask a Question