on 09-23-2014 12:39 PM
Hi All,
I have a business requirement wherein an Access Request deals with 2 different systems: ERP and Portal.
This is quite similar to "Default Roles" assignment to a user in an Access Request.
I have configured "Default Roles" in our GRC system and it is working absolutely fine. However, now there is a new requirement which is explained below:
Requirement:
When an Access Request is raised for a user which involves the assignment of lets say "ERP_ROLE1" in ERP system. Now, as soon as this role, belonging to ERP system is requested in an Access Request, a default role "PORTAL_ROLE1" should be assigned to the user in Enterprise Portal upon the Request completion.
So far I have dealt with ERP system only. I believe, now I have to configure Portal System in GRC, which is not done as of now. I was following the AC Installing guide and came to know that I have to install 2 components on Portal (Page#25), which will be done shortly. It is quite confusing, but managed to get the objective!
Certainly, these Portal components will be installed on Portal. However, I would like to have clarity on below things:
1. What kind of RFC I will be creating for Portal? Please share the details and procedure on both systems, if need be.
2. After creating the RFC for Portal, I believe I have to synchronize the roles and then import them in GRC as we do for ERP roles. Please advise, if
need be.
3. As I have already configured "Default Role" for ERP system and it is working fine, I believe I DONT have to do any extra configuration for getting any "Default Portal Roles" assigned to a user. As here ONLY system is changing but the overall concept and assignment remains the same. Please advise, if required.
Waiting for your kind suggestions/advice.
Regards,
Faisal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In addition to above mentioned note, you can also refer to: http://service.sap.com/sap/support/notes/1607232
This will deal with EP configuration with GRC along with setting up the connectors.
Kindly let us know whether or not this helps.
Regards,
Ameet
Dear Faisal,
I am not sure whether your requirements can be met up completely.
Even I am engaged with default roles mapping for ERP and EP systems separately but in your case, you want this to happen simultaneously which is quite interesting though.
I would rather see others to provide their valuable inputs.
Regarding role import for EP systems, you can refer: http://service.sap.com/sap/support/notes/1937479
Regards,
Ameet
first of all you need to install portal plugin in portal system.
then as per sap note for portal configuration create 2 http connector 1 for system other for spml.
you need to create logical port as per note dont remember number you can search.
only difference is you need to paste this in path suffix in logical port.
/GRACAuthMgmtWebServiceOutBinding/Config1?wsdl&style=document
you cannot create shortcut.
SPML connection is used for provisioning
this is used for provisioning and maintained under subsequent connector.
regarding your default role, you dont need that as per your example.
if user select ERP_ROLE 1 , then map portal role to it in rolemapping.
so when user select role1 automatically portal role mapped to it will be selected in request.
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Prashant,
Thanks for your reply.
Currently all our roles are "Technical". I have not yet created any Business Roles. As for EP role mapping, do you think it works well with "Technical" Roles?
I mean, I "guess" roles can be mapped with Business Roles, but not sure if this goes with Technical Roles as well.
Please advise.
Regards,
Faisal
Dear Faisal,
Role import for EP can work out with Technical roles as well.
Kindly refer: http://service.sap.com/sap/support/notes/1937479
Let us know if you face any issues.
Regards,
Ameet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.