Hi Experts

Currently i am working on a design of a project to Integrate IAM - SAP GRC Access Control 10.1 for SAP User provisioning & SoD Compliance Check.

Business Scenario

a . User raises SAP request in IAM and after the Manager approval in IAM request flows to GRC AC for SOD check.

b. In case of SOD violations , Access request in GRC AC flows to Role Approver for approval and then subsequently after Role Approver approval to GRC team for mitigation.

c. Once the risk is mitigated , Request flows back to IAM and the access gets provisioned to SAP Box.

I have some BUILD specific questions related to Role Management under IAM - SAP GRC AC integration and I hope to seek your answers

1. Please do let me know if it is possible to have just one repository (IAM ) for Business Role Management . Preferably in IAM and the Business & Technical roles get synced to SAP GRC BRM via a automated job. This is needed to maintain one Role repository instead of maintaining in both IAM and SAP Access Control.

2. In case of above possibility , please let know can the Role Approvers be synced from IAM to SAP GRC BRM as Role Approver approval takes place in GRC AC or do we need to maintain Role Approvers manually in SAP GRC BRM for each role.

Appreciate your help here.Do let me know in case of further details needed.

Thanks for your help in advance.

Thanks

Nitesh