cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP ECC to trigger GRC access request with 0 approvers

harshada_sawant
Explorer

on ‎12-12-2018 9:26 PM

0 Kudos

I've unique requirement around access provisioning for default set of roles based on custom logic built in ECC (6.x)(table with users-company code - status etc.,). I want to know if there are any web services available that can trigger GRC (10.1) request through ECC system? if So can you provide details?

Do note that we want this provisioning to be done automatically without having someone to raise access request.

Let me know if you need more info around the requirement. Appreciate your help.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

madhusap
Active Contributor
‎12-19-2018 3:34 AM
0 Kudos

Hi Sawant,

You can use the method "Submit Request' in class CL_GRAC_IDM_INBOUND_SERVICES for creating an access request in GRC. Only thing is you have to pass the request header and lineitem details like User ID, Request Type, Request Reason, Role and System details, Validity dates, Prov Actions and then the request gets created in GRC. You can ask your ABAPer to check on this as this can address your requirement.

Regards,

Madhu

Show replies
Show replies
Colleen
Advisor
Advisor
‎12-12-2018 10:13 PM
0 Kudos

I don't have a solution for you but perhaps try reading up on HR Triggers and how those requests are automatically created in GRC. From there, you might be able to identify the API and trigger to build your own logical to look at your custom solution.

Also, maybe look at default roles in Access Control to see if any of that standard functionality might be able to meet your requirements instead of a custom table. You may still have challenge of how to trigger the creation of the request.

Show replies
Show replies
harshada_sawant
Explorer
‎12-13-2018 8:04 PM
0 Kudos

Thank you for reply, Colleen.

We did do some research on standard functionality of default roles but that doesn't fit our requirement. We need a logic to collect the users based on company code and status of application (could be like if user has access to system A roles then user should NOT get this role assigned in system B, otherwise trigger the GRC request through ECC for system B access). This need custom table as data will be collected based on various outputs. this custom table will be stored in ECC (I suggested to have it in GRC but they do not want to have any data or MD in GRC system)

This will be task for ABAP team and seems to be doable at the moment.

The challenging part is trigger from ECC to GRC (Not sure if anyone has done it in the past for any unique reason). I am not sure if there are any standard web services available for this. Also am not sure if customization in web services would help triggering GRC request through ECC.

Ask a Question