cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDM/CUA/GRC Question with HANA DB

bulka14
Member

on ‎01-17-2020 12:10 AM

0 Kudos

Hello,
Currently we are looking into some options for our SAP system. Currently we use GRC AE and CUA(Not fully automated) to create users and role assignments. We have CUA with about 6 child systems connected with some programs to check Quals for training, inactivity, and role cleanups. We are starting to use HANA DB and need to assigned users to those DBs. We know CUA can't support those systems.

We are looking into our options on how to upgrade to allow GRC to assign users/roles to HANA DB but unsure how to keep CUA as the central system (to include those custom programs as these were just developed 2 years ago) or how to use SAP IDM Primary but keeping CUA/GRC to allow programs and AE processing or just going Full IDM and rewritting those custom program logic?

Anyone else run into these same issues? Any recommendations? I feel that everyone will say Full IDM but we currently need to implement something very soon but rewrite the program logic.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

christoph_reckers3
Explorer
‎01-17-2020 3:17 PM
0 Kudos

I do not know your environment, processes etc. but I can tell you from 10 years SAP IDM projects, that SAPIDM 8.0 can be set up very #SMART and very #COMPLEX.

In such a use case you explain, SAP IDM can introduced very standard style and very SMART as SINGLE POINT OF TRUTH without replacing the CUA AND WITHOUT BEEING THE LEADING SYSTEM FOR THE ROLE ASSIGNMENT (can still be AC or CUA). SAP IDM provision CUA like a normal ABAP System and CUA forword the accounts like before.

Of cause the double operation cost for CUA and IDM should be not for long term, but when the consultant who know what to do introduced for this use case and the mapping of the CUA connectors is standard, this can be done in days/some weeks. After this you can think about connecting the child systems directly to IDM or go on with the CUA middleware.

SAP IDM is very flexible and has lots of connectors out of the box (...hana ...). It can also provision cloud systems directly or via IPS (SAP Cloud Platform Identity Provisioning Service) and so can be in a hybrid scenario your gate to the cloud .

As i said, without knowing you environment, processes etc. in details - only to give you some options.

Show replies
Show replies
Ask a Question