cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC integration scenario and web services

former_member431321
Participant

on ‎04-22-2019 2:12 AM

0 Kudos

Hi experts,

I am trying to integrate IDM 8.0 with GRC AC 10.0.

By the configuration guide, I could know that there are 3 scenarios in centralized provisioning.

Risk Analysis only, Polling, Call back service.

Among them, 'Risk Analysis Only' scenario is recommended by SAP.

And IDM integrate to GRC AC with numbers of web services which is provided by GRC AC.

IDM is calling the web services through VDS.

.

Below is my questions ;

1. How 'Risk Analysis Only' scenario works?

For Polling and Call back service scenario, it seems clear how IDM get result from GRC AC.

But for Risk Analysis Only scenario, it is little confusing to me.

When a user request assignment for a privilege or a role, IDM will send the information to GRC AC.

And there could be 3 cases.

case 1. there is no SoD risk.

case 2. there is SoD risk and risk manager will reject it.

case 3. there is SoD risk and risk manager will mitigate it.

.

For case 1, IDM may know the result of risk analysis immediately with return value of web service.

For case 2 and 3, there must be a interaction of risk manager of GRC AC.

In this case, do IDM wait until it rejected of mitigated?

.

2. Which web service is used for each scenario?

.

best regards,

dongsu

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member431321
Participant
‎04-24-2019 5:43 AM

In the Config Guide, I missed below paragraphs..

------------------------------------

Process Risk Status

This internal execution task uses the Java library method com.sap.idm.grc.risk.ExtRARProcResult.exec to process the risk status. The status is handled in the following way:

● An error occurred when processing the risk analysis, i.e. something unpredictable has happened (something went wrong), and no status is obtainable: the utility task Group Failed is executed. It uses the Java library method com.sap.idm.grc.ac.ExtACGroupFailed.exec and removes all pending objects in the particular pending object group without applying them to the user (i.e. the roles and privileges will not be assigned).

● The risk analysis is successfully performed: the roles/privileges with the risk are added to the pending value object. Roles/privileges will either be applied if no risks are discovered (and thus the subsequent provisioning tasks will be executed), or declined if any risks are discovered (no provisioning will then take place, i.e. the subsequent tasks will not run).

--------------------------------------

So when there is any Risk, the IDM will just reject the assignment request.

dongsu.

(just left this stupid question for anyone who may benefit from it)

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎04-24-2019 12:02 PM
0 Kudos

There are no stupid questions, especially when they are so well thought through like yours. 😉

Don't forget to accept your own answer as the correct one. That's absolutely permitted and will not count towards your karma (well, it does on another level than the SCN karma ^^).

.

Regards,

Steffi.

Ask a Question