on 04-16-2008 4:13 PM
We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
thanks
Detlef
Please get in contact with me directly, I'll try to help you find the right solution.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have the same need for documentation about VCC web services.
We have an internal app that manages the authorization workflow, and now we want to put some info from the VCC inside this app via webservices.
We need to programatically run some simulations and to associate (and desassociate mitigating controls)
But I cant find any documentation. Someone can help me?
Paulo,
currently mitigation is not part of the published web services, nor is simulations.
Part of the reason for that is that it would require a lot of user interaction, simulation for example is a highly dialog oriented task.
If you take your approach further, you're replicating a lot of the functionality from Risk Analysis And Remediation and Compliant User Provisioning into your application.
If you're already a GRC Access Control customer - woud it be an option to hand the SAP ERP part of your authorization workflow over to Compliant User Provisioning (formerly Access Enforcer)? That would take care of all of your analysis and mitigation issues, and then some.
Frank.
Unfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
what do the published webservices do? Is there any documentation about them?
In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
VCC has any documentation that would help me to find how I would do this integrations?
Thanks in advance
Well,
- you can use UME to authenticate AE users, thereby limiting requests to people maintained in UME (or a directory)
- in 5.3, you can call a web service that checks training status before a role can be requested
- in 5.3, there is a report that will show you invalid/expired controls, allowing you to remove them.
Frank.
We are trying to use the AE Audit Log webservice to retrieve user and role information for requests to use with our training lookup tool. I have read the document about what values can be sent to and retrieved from AE, but I cannot find anything about exactly how to call the webservice and what security is needed to get information. Does anyone have anything on this? Frank? Help?
Thank you.
Jennifer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
We are currently in process of integrating SUN IdM with SAP GRC. If you go to the web service navigator, you will see the web services listed out including AE web services. AESubmitRequest5_2 is the web service which SUN IdM needs to call to submit a request in AE. Similarly AEExitService will return the status of the request back to SUN IdM.
Problem-- While integrating i am facing an error. The initiator is based on Functional Area and Business Process. AESubmitRequest does not allow to pass these 2 fields to Ae, hence I am not able to trigger my workflows. If anyone knows how to modify the web service, pls let me know.
Thanks
Rashmi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The link to the Identy Management PDF was interesting and it implied it should work.
I want to bring in xEM (a SAP web application) into Access Enforcer - but since it is not an ABAP applications, I am unable to find techinical documents on how to do.
xEM is being used for Emmission Reporting and may be covered by a regulatory body -- so we want roles to be approved inside of AE, just like our other SAP enviroments.
So is there a document to bring in non-ABAP enviroments?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear board,
are you aware of documentation regarding the mentioned Web Services? We are trying to implement functionality leveraging the Request Submission to GRC-WS, but we weren't able to figure things like "account validity" yet?
Any recommendations how to get this information?
Many regards,
Richard
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.