Skip to Content

GRC access control: what user data source options are there?

Hi GRC Experts,

We use GRC AC 10.1 and have currently set up our system in such a way that it uses our Active Directory as user search data source and user detail data source. This works nicely and because of the mapping we set up the attributes of the users in AD are copied to the fields of the access requests. We also have sync jobs running that sync the data of AD into the GRACUSER /GRACUSERCONN tables.

Due to several changes in our IT landscape we will no longer have all needed data about our users in Active Directory in the future. This leaves us with a gap. They are now looking into having one central place where all identity data with all needed information is available. Possibility is that it is stored on SQL server, but this has not be finalized yet.

We used SAP (SU01 style) as user source for our GRC dev system earlier and I know that SAP HR can be used as data source. But both are not an option in this case because we do not have the latest data about our users there. I know there are different type of connections that can be created (EP, Peoplesoft, Oracle etc), but what are good viable options besides SAP and LDAP to use as user data source that could potentially be used? and does anybody have any experience with them?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Feb 07, 2017 at 12:51 PM

    Hi David,

    I am not clear with which sap solution you are going to use ?

    is it IDM,GRC or HR

    I am assuming GRC and according to that i have prepared some details on the same

    Pros & Cons of LDAP

    The main benefit of using LDAP is the consolidation of certain types of information within your organization. For example, all of the different lists of users within your organization can be merged into one LDAP directory. This directory can be queried by any LDAP-enabled applications that need this information. It can also be used by users who need directory information.

    Other LDAP benefits include its ease of implementation (compared to X.500) and its well-defined Application Programming Interface (API), which means that the number of LDAP-enabled applications and LDAP gateways should increase in the future.

    On the negative side, if you want to use LDAP, you will need LDAP-enabled applications or the ability to use LDAP gateways. While LDAP usage should only increase, currently there are not very many LDAP-enabled applications available for Linux. Also, while LDAP does support some access control, it does not possess as many security features as X.500.

    SAP GRC a solution that allows you to automatically detect, remediate and prevent access risks.

    Thanks

    Amit

    Add comment
    10|10000 characters needed characters exceeded