Sap Grc Online Training
The Integration for SAP GRC Access Control extends the IBM Security Identity Manager SAP NetWeaver Adapter.
In addition to the provisioning capabilities of the SAP NetWeaver Adapter, this integration sends access requests to Access Control for Separation of Duties (SoD) checks. The GRC Control result allows a decision to be
made on whether to provision the account.
The provisioning step can be performed by either the NetWeaver Adapter or by Access Control.The integration contains components that enable IBM Security Manager to
integrate with SAP GRC Access 5.3, 10.0, or both.
This integration can also invoke the Risk Analysis web service on role assignments during an access request. It also enables rejected accounts and role assignments to be removed from the access request that was sent to the Adapter.
The integration uses two profiles. The first profile contains NetWeaver account and service attributes only. This profile does not enable a connection with GRC Access. The second profile contains an extended set of account and service attributes for interaction between SAP GRC Access (version 5.3 or 10.0) and SAP NetWeaver.
This interaction enables IBM Security Identity Manager to coordinate the account compliance checking process in GRC Access Control with the NetWeaver account provisioning process.
This profile effectively enables a single account provisioning request to perform two tasks:
1. Submission of an access request to GRC Access from IBM Security
Identity Manager.
2. Submission of an account provisioning request to SAP from IBM Security Identity Manager, depending whether an approval or rejection is granted for the IBM Security Identity Manager request.
A high level of control is obtained over the provisioning process by configuring workflow extensions for Access Control.
The workflow extensions allow Add, Modify,Suspend, Restore, and Delete requests to be sent to GRC Access Control. SoD compliance checks are then performed in Control before provisioning the account in SAP. The risk analysis and remediation features of SAP GRC Compliant Provisioning can be used to:
1)Modify the request
2) Submit an approval
3) Submit a rejection
4) Cancel the request
In IBM Security Identity Manager workflow, there are two possible modes to configure each type of request. These modes are referred to as Non-blocking mode and Blocking mode
In Non-blocking mode, Control takes control of account
provisioning on the target system. Following submission of an access request to SAP GRC Access, IBM Security workflow continues execution and does not wait for the result of the request in SAP GRC Control. This mode passes the responsibility of provisioning the account in SAP NetWeaver to Access.
In addition to the provisioning capabilities of the SAP NetWeaver Adapter, this integration sends access requests to Access Control for Separation of Duties (SoD) checks. The GRC Control result allows a decision to be
made on whether to provision the account.
The provisioning step can be performed by either the NetWeaver Adapter or by Access Control.The integration contains components that enable IBM Security Manager to
integrate with SAP GRC Access 5.3, 10.0, or both.
This integration can also invoke the Risk Analysis web service on role assignments during an access request. It also enables rejected accounts and role assignments to be removed from the access request that was sent to the Adapter.
The integration uses two profiles. The first profile contains NetWeaver account and service attributes only. This profile does not enable a connection with GRC Access. The second profile contains an extended set of account and service attributes for interaction between SAP GRC Access (version 5.3 or 10.0) and SAP NetWeaver.
This interaction enables IBM Security Identity Manager to coordinate the account compliance checking process in GRC Access Control with the NetWeaver account provisioning process.
This profile effectively enables a single account provisioning request to perform two tasks:
1. Submission of an access request to GRC Access from IBM Security
Identity Manager.
2. Submission of an account provisioning request to SAP from IBM Security Identity Manager, depending whether an approval or rejection is granted for the IBM Security Identity Manager request.
A high level of control is obtained over the provisioning process by configuring workflow extensions for Access Control.
The workflow extensions allow Add, Modify,Suspend, Restore, and Delete requests to be sent to GRC Access Control. SoD compliance checks are then performed in Control before provisioning the account in SAP. The risk analysis and remediation features of SAP GRC Compliant Provisioning can be used to:
1)Modify the request
2) Submit an approval
3) Submit a rejection
4) Cancel the request
In IBM Security Identity Manager workflow, there are two possible modes to configure each type of request. These modes are referred to as Non-blocking mode and Blocking mode
In Non-blocking mode, Control takes control of account
provisioning on the target system. Following submission of an access request to SAP GRC Access, IBM Security workflow continues execution and does not wait for the result of the request in SAP GRC Control. This mode passes the responsibility of provisioning the account in SAP NetWeaver to Access.
Source...