cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP IDM GRC Integration- Risk Analysis

saurabh_sharma19
Explorer

on ‎07-16-2018 12:47 PM

0 Kudos

Hello Experts,

We have SAP IDM (7.2) with GRC (10) integrated for Risk Analysis.We are having business role concept.

When we are requesting business roles in IDM.The risk analysis happens and GRC response gets captured in IDM.The request for risk mitigation gets created in GRC only for risk type high and sensitive.

One request per business role (with high/sensitive risks) created in GRC and Risk Analysis result shows risk for that particular business role only.(Which as per my understanding is the IDM standard way based on the audit id's and pending value objects created separately for each business role)

I want to know is there any possibility to combine the business roles while creating the risk mitigation request in GRC so that the risk analysis will happen for the all the submitted roles instead of individual business roles.

Thanksℜgards,

Saurabh Sharma

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member298408
Participant
‎10-19-2021 6:17 PM
0 Kudos

Hi Saurabh,

Was your issue resolved.

We are having same issue with our IDM 8.0 integrated with GRC 12.

We are looking for ways where only one GRC request is raised for multiple business roles submitted in IDM.


Thanks!

Show replies
Show replies
normann
Advisor
Advisor
‎07-26-2018 2:04 PM
0 Kudos

Hi Saurabh,

does IdM really send business roles to AC when creating an access request? Standard does not support that yet and that's why I wonder whether this is some custom enhancement already?

If you really send business roles, you could try assigning all those business roles to a "virtual repository" (MX_REPOSITORYNAME) and setup grouping inside that repository.

Standard behaviour is IdM sending only the privileges inside the business roles to AC and as Matt already stated, this is happening in the moment when the link between BR and user is validated by dispatcher and hence you cannot really group the request over multiple roles as every BR-to-user assignment is a separate link.

Regards

Norman

Show replies
Show replies
former_member2987
Active Contributor
‎07-16-2018 1:49 PM
0 Kudos

Hi Saurabh,

As I recall the integration only looks at the request as a whole, and if any component of the request fails, it all fails, with no response given via the IDM/GRC link. The GRC link is not one of my stronger areas, so someone else might have more information or work-arounds.

I believe deepening the link has been requested from SAP before, but you should log something over at the Customer Influence site.


Regards,

Matt

Show replies
Show replies
Ask a Question