on 11-05-2010 12:27 PM
Hi all,
I'm testing the SAPGRC_AC_IDM Web Services but unfortunately with no success.
Specifically the Web Services:
SAPGRC_AC_IDM_SELECTAPPLICATION
SAPGRC_AC_IDM_SEARCHROLES
For the first one, there is no mandatory field. The invocation is well performed, but with no results. I have checked the RAR Portal and the configuration is ok at the Systems Connectors configuration.
With the SearchRoles one occurs a similar problem. The invocation is done well but with no results. In this case, there are two mandatory fields (Application, AccessType)
In the Application Field I introduce the System Name configured at the RAR Connector Configuration and for the AccessType I have tried with Roles, Role, but It doesn't work anyway.
I have read the GRC Access Control Configuration Guide and the documentation is quite poor for the Web Services, also tried to look for documentation of these Web Service on the ES Workplace, but there is no documentation.
Has anyone of you performed a successful invocation of IDM Web Services?
Thanks in advance,
Toni
Hi Toni,
All these web services are associated with CUP. You need to configure CUP for these web services to show you any result.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alpesh,
I understand that CUP installation and configuration is necessary to call
the provisioning Web Services, like SAPGRC_AC_IDM_SUBMITREQUEST or SAPGRC_AC_IDM_RISKANALYSIS. Generally, all the Web Services that requires
a user provisioning action.
But for the Web Services SAPGRC_AC_IDM_SELECTAPPLICATION and SAPGRC_AC_IDM_SEARCHROLES there is no action required from CUP, it is
performed by GRC Access Control. The systems and roles are imported on AC
not in CUP (or on an IDM system if you want).
Are you really sure about the necessity of CUP configuration to run these
two Web Services?
At the SAP GRC Access Control 5.3 Configuration Guide I don't see anything
about this restriction.
Thanks a lot,
toni
Hi,
I am 100% sure that the SAPGRC_AC_IDM_SELECTAPPLICATION and SAPGRC_AC_IDM_SEARCHROLES require CUP. These webservices look at the CUP database and will retrun you the result. AC 5.3 is just collection of RAR, CUP, SPM and ERM. AC 5.3 still requires you to configure all the modules separately.
If you still don't believe me, create one role and one conector in CUP and then call the above web services.
Regards,
Alpesh
Hello Alpesh!
I believe you, but for me it is hard to think that using just the RAR Module without CUP is it possible to import roles and implement the SoD Matrix according to the Roles.
Do you know if there is any table that mantain the role list? I have been querying the RAR tables with no success.
Thanks a lot!!
toni
Hi Frank,
Just trying to find the best method to retreive the role list and role description from GRC. In my case just RAR Module is installed and configured. The systems and roles have been imported to RAR.
Once realized that it is imposible to use the SAPGRC_AC_IDM_* Web Services will have to query RAR tables to get the role list.
Best regards,
toni
We are having the same issue when testing SAPGRC_AC_IDM_SEARCHROLES in web service navigator. Do you know what the inputs are required on the wsbn screen.in addition to the tcode.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.