Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/06/2023 08:56 PM - edited 04/02/2024 11:06 AM
USE-CASE / FLOW:
1. Setup of Service Account in SAPPI/SAP GRC. (Read & Write)
2. SAP GRC Web Services are accessible from Saviynt System (enabled SC 2.0 client as required)
3. SAP GRC webservices enabled for accessing via a Service account
4. A callback is set at the SAP GRC side, where the overall status of the access request is passed on to Saviynt as soon as provisioning is finished. Make sure “EXIT_FROM_GRC=TRUE is configured in GRC
5. SC2.0 or connectivity between Saviynt and Customer is set up. Saviynt application should be able to access the SAP GRC system
Configuration:
Parameters | Details |
Connection Type | SOAP |
CONNECTIONJSON | { "authentications":{ "login":{ "properties":{ "SOAP_ENDPOINT":"https://xxxxx:1443/XISOAPAdapter/MessageServlet?senderParty =&senderService=BC_SAVIYNT&receiverParty=&receiverService=&interface=INTERFACENAME &interfaceNamespace=urn:Kxxxxxx.com:GRC:userAccess", "USERNAME":"USERID", "PASSWORD":"PASSWORD"
} }, "ticketlogin":{ "properties":{ "SOAP_ENDPOINT":"https:// xxxxx:1443/XISOAPAdapter/MessageServlet?senderParty=&senderService=INTERFACENAME &receiverParty=&receiverService=&interface=SI_SAVIYNT_STATUS_OUT&interfaceNamespace=urn:Kxxxxxx.com: GRC:UsrReqStatus", "USERNAME":"USERID", "PASSWORD":"PASSWORD" } } } } |
CREATEACCOUNTJSON | [ { "CONNECTION": "login", "REQUESTXML": "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\"><soapenv:Header> </soapenv:Header> <soapenv:Body> <urn:GracIdmUsrAccsReqServices> <RequestHeaderData> <Reqtype>001</Reqtype> <Priority>011</Priority> <ReqInitSystem>QTEST100</ReqInitSystem> <Requestorid>${manager.systemUserName}</Requestorid> <Email>${requestor.email}</Email> <ReqDueDate>${new Date().plus(10).format('yyyyMMdd')}</ReqDueDate><RequestReason>test</RequestReason><Funcarea></Funcarea><Bproc></Bproc></RequestHeaderData><RequestedLineItem>${String rolesStr = '';String startDate=new Date().format('yyyyMMdd');String bprocVal=bproc?.substring(bproc?.indexOf('-')+1,bproc?.length());String endDate='20991231';String empType=user?.employeeclass;int size = entitlementSet?.size();int i = 0;for (String ent : entitlementSet){String tempEnt = ent.indexOf('&') > 0 ? ent.substring(0, ent.indexOf('&') + 1).toUpperCase().concat('amp;').concat(ent.substring(ent.indexOf('&')+1).toUpperCase()) : ent.toUpperCase(); rolesStr=rolesStr+'<item> <Emptype>'+empType+'</Emptype> <Connector></Connector> <ProvType></ProvType> <AssignmentType></AssignmentType> <ProvStatus></ProvStatus> <FfOwner></FfOwner> <Comments></Comments> <ProvItemType>ROL</ProvItemType> <ItemName>'+tempEnt+'</ItemName><ValidFrom>'+startDate+'</ValidFrom><ValidTo>'+endDate+'</ValidTo><ProvAction>006</ProvAction><RoleType>BUS</RoleType></item>';i++;if(i == size){return rolesStr;}}}</RequestedLineItem> <UserGroup>${String groups = '';List lstItemName = ['QTEST','QTEST100','QTEST110','QTEST120'];String groupSelected=userGroup?.toUpperCase();int size = lstItemName.size();int i = 0;for (String ItemId : lstItemName){groups=groups+'<item><UserGroup>'+groupSelected+'</UserGroup><UserGroupDesc>'+groupSelected+'-'+ItemId+'</UserGroupDesc></item>';i++;if(i == size){return groups;}}}</UserGroup> <UserInfo> <item> <Userid>${task.accountName}</Userid> <Title> </Title> <SncName>p:CN=${task.accountName}@CustomerName.com </SncName> <Fname>${user.firstname}</Fname> <Lname>${user.lastname}</Lname> <Email>${user.email}</Email> <Manager>${manager.systemUserName}</Manager> <Accno></Accno> <UserGroup></UserGroup> <ValidFrom></ValidFrom> <ValidTo></ValidTo> <Empposition></Empposition> <Empjob></Empjob><Personnelno> </Personnelno><Personnelarea></Personnelarea><CommMethod></CommMethod><Fax></Fax><Telnumber></Telnumber><Department></Department><Company></Company><Location></Location><Costcenter></Costcenter><Printer></Printer><Orgunit></Orgunit><Emptype></Emptype><ManagerEmail></ManagerEmail><ManagerFirstname></ManagerFirstname><ManagerLastname></ManagerLastname><StartMenu></StartMenu><LogonLang></LogonLang><DecNotation></DecNotation><DateFormat></DateFormat><Alias></Alias><UserType></UserType><Function></Function></item></UserInfo></urn:GracIdmUsrAccsReqServices></soapenv:Body></soapenv:Envelope>", "RESPONSEMAPPING": { "task.provisioningcomments": "Body.GracIdmUsrAccsReqServicesResponse.MsgReturn.MsgStatement", "TASK.TICKETID": "Body.GracIdmUsrAccsReqServicesResponse.RequestNo", "SUCCESSMSG": "Body.GracIdmUsrAccsReqServicesResponse.MsgReturn.MsgType" }, "SUCCESSCRITERIA": "SUCCESSMSG=SUCCESS", "REQUESTPARAMS": { "Content-Type": "text/xml;charset=UTF-8", "SOAPAction ": "urn:sap-com:document:sap:soap:functions:mc-style:GRAC_USER_ACCES_WS:GracIdmUsrAccsReqServicesRequest" } } ] |
DELETEACCOUNTJSON | [ { "CONNECTION": "login", "REQUESTXML": "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\"><soapenv:Header></soapenv:Header><soapenv:Body><urn:GracIdmUsrAccsReqServices><CustomFieldsVal><item><Fieldname></Fieldname><Value></Value></item><item><Fieldname></Fieldname><Value></Value></item></CustomFieldsVal><Language>String 5</Language><Parameter><item><Parameter></Parameter><ParameterValue></ParameterValue><ParameterDesc></ParameterDesc></item><item><Parameter></Parameter><ParameterValue></ParameterValue><ParameterDesc></ParameterDesc></item></Parameter><RequestHeaderData><Reqtype>003</Reqtype><Priority>011</Priority><ReqDueDate>${new Date().plus(10).format('yyyyMMdd')}</ReqDueDate><ReqInitSystem>QTEST100</ReqInitSystem><Requestorid>${manager.systemUserName}</Requestorid><Email>${requestor.email}</Email><RequestReason>New User Demo</RequestReason><Funcarea></Funcarea><Bproc></Bproc></RequestHeaderData><RequestedLineItem>${String rolesStr = '';List lstItemName = ['QTEST100','QTEST110','QTEST'];int size = lstItemName.size();int i = 0;for (String ItemId : lstItemName){rolesStr=rolesStr+'<item><ItemName>'+ItemId+'</ItemName><Connector>'+ItemId+'</Connector><ProvItemType>SYS</ProvItemType><ProvType></ProvType><AssignmentType></AssignmentType><ProvStatus></ProvStatus><ValidFrom></ValidFrom><ValidTo></ValidTo><FfOwner></FfOwner><Comments></Comments><ProvAction>003</ProvAction><RoleType></RoleType></item>';i++;if(i == size){return rolesStr;}}}</RequestedLineItem><UserGroup><item><UserGroup></UserGroup><UserGroupDesc></UserGroupDesc></item><item><UserGroup></UserGroup><UserGroupDesc></UserGroupDesc></item></UserGroup><UserInfo><item><Userid>${task.accountName}</Userid><Title></Title><Fname>${user.firstname}</Fname><Lname>${user.lastname}</Lname><SncName></SncName><UnsecSnc></UnsecSnc><Accno></Accno><UserGroup></UserGroup><ValidFrom></ValidFrom><ValidTo></ValidTo><Empposition></Empposition><Empjob></Empjob><Personnelno></Personnelno><Personnelarea></Personnelarea><CommMethod></CommMethod><Fax></Fax><Email>${user.email}</Email><Telnumber></Telnumber><Department></Department><Company></Company><Location></Location><Costcenter></Costcenter><Printer></Printer><Orgunit></Orgunit><Emptype></Emptype><Manager>${manager.systemUserName}</Manager><ManagerEmail>${manager.email}</ManagerEmail><ManagerFirstname>${manager.firstname}</ManagerFirstname><ManagerLastname>${manager.lastname}</ManagerLastname><StartMenu></StartMenu><LogonLang></LogonLang><DecNotation></DecNotation><DateFormat></DateFormat><Alias></Alias><UserType></UserType><Function></Function></item></UserInfo></urn:GracIdmUsrAccsReqServices></soapenv:Body></soapenv:Envelope>", "RESPONSEMAPPING": { "TASK.TICKETID": "Body.GracIdmUsrAccsReqServicesResponse.RequestNo", "user.customproperty50": "Body.GracIdmUsrAccsReqServicesResponse.RequestNo" }, "REQUESTPARAMS": { "Content-Type": "text/xml;charset=UTF-8", "SOAPAction ": "urn:sap-com:document:sap:soap:functions:mc-style:GRAC_USER_ACCES_WS:GracIdmUsrAccsReqServicesRequest" } } ] |
DISABLEACCOUNTJSON | [{"CONNECTION":"login","REQUESTXML":"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\"><soapenv:Header></soapenv:Header><soapenv:Body><urn:GracIdmUsrAccsReqServices><CustomFieldsVal><item><Fieldname></Fieldname><Value></Value></item><item><Fieldname></Fieldname><Value></Value></item></CustomFieldsVal><Language>String 5</Language><Parameter><item><Parameter></Parameter><ParameterValue></ParameterValue><ParameterDesc></ParameterDesc></item><item><Parameter></Parameter><ParameterValue></ParameterValue><ParameterDesc></ParameterDesc></item></Parameter><RequestHeaderData><Reqtype>004</Reqtype><Priority>011</Priority><ReqDueDate>${new Date().plus(10).format('yyyyMMdd')}</ReqDueDate><ReqInitSystem>QTEST100</ReqInitSystem><Requestorid>${manager.systemUserName}</Requestorid><Email>${requestor.email}</Email><RequestReason>New User Demo</RequestReason><Funcarea></Funcarea><Bproc></Bproc></RequestHeaderData><RequestedLineItem>${String rolesStr = '';List lstItemName = ['QTEST100','QTEST110','QTEST'];int size = lstItemName.size();int i = 0;for (String ItemId : lstItemName){rolesStr=rolesStr+'<item><ItemName>'+ItemId+'</ItemName><Connector>'+ItemId+'</Connector><ProvItemType>SYS</ProvItemType><ProvType></ProvType><AssignmentType></AssignmentType><ProvStatus></ProvStatus><ValidFrom></ValidFrom><ValidTo></ValidTo><FfOwner></FfOwner><Comments></Comments><ProvAction>004</ProvAction><RoleType></RoleType></item>';i++;if(i == size){return rolesStr;}}}</RequestedLineItem><UserGroup><item><UserGroup></UserGroup><UserGroupDesc></UserGroupDesc></item><item><UserGroup></UserGroup><UserGroupDesc></UserGroupDesc></item></UserGroup><UserInfo><item><Userid>${task.accountName}</Userid><Title></Title><Fname>${user.firstname}</Fname><Lname>${user.lastname}</Lname><SncName></SncName><UnsecSnc></UnsecSnc><Accno></Accno><UserGroup></UserGroup><ValidFrom></ValidFrom><ValidTo></ValidTo><Empposition></Empposition><Empjob></Empjob><Personnelno></Personnelno><Personnelarea></Personnelarea><CommMethod></CommMethod><Fax></Fax><Email>${user.email}</Email><Telnumber></Telnumber><Department></Department><Company></Company><Location></Location><Costcenter></Costcenter><Printer></Printer><Orgunit></Orgunit><Emptype></Emptype><Manager>${manager.systemUserName}</Manager><ManagerEmail>${manager.email}</ManagerEmail><ManagerFirstname>${manager.firstname}</ManagerFirstname><ManagerLastname>${manager.lastname}</ManagerLastname><StartMenu></StartMenu><LogonLang></LogonLang><DecNotation></DecNotation><DateFormat></DateFormat><Alias></Alias><UserType></UserType><Function></Function></item></UserInfo></urn:GracIdmUsrAccsReqServices></soapenv:Body></soapenv:Envelope>","RESPONSEMAPPING":{"TASK.TICKETID":"Body.GracIdmUsrAccsReqServicesResponse.RequestNo","user.customproperty50":"Body.GracIdmUsrAccsReqServicesResponse.RequestNo"},"REQUESTPARAMS":{"Content-Type":"text/xml;charset=UTF-8","SOAPAction ": "urn:sap-com:document:sap:soap:functions:mc-style:GRAC_USER_ACCES_WS:GracIdmUsrAccsReqServicesRequest"}}] |
ENABLEACCOUNTJSON | [{"CONNECTION":"login","REQUESTXML":"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\"><soapenv:Header></soapenv:Header><soapenv:Body><urn:GracIdmUsrAccsReqServices><CustomFieldsVal><item><Fieldname></Fieldname><Value></Value></item><item><Fieldname></Fieldname><Value></Value></item></CustomFieldsVal><Language>String 5</Language><Parameter><item><Parameter></Parameter><ParameterValue></ParameterValue><ParameterDesc></ParameterDesc></item><item><Parameter></Parameter><ParameterValue></ParameterValue><ParameterDesc></ParameterDesc></item></Parameter><RequestHeaderData><Reqtype>005</Reqtype><Priority>011</Priority><ReqDueDate>${new Date().plus(10).format('yyyyMMdd')}</ReqDueDate><ReqInitSystem>QTEST100</ReqInitSystem><Requestorid>${manager.systemUserName}</Requestorid><Email>${requestor.email}</Email><RequestReason>New User Demo</RequestReason><Funcarea></Funcarea><Bproc></Bproc></RequestHeaderData><RequestedLineItem>${String rolesStr = '';List lstItemName = ['QTEST100','QTEST110','QTEST'];int size = lstItemName.size();int i = 0;for (String ItemId : lstItemName){rolesStr=rolesStr+'<item><ItemName>'+ItemId+'</ItemName><Connector>'+ItemId+'</Connector><ProvItemType>SYS</ProvItemType><ProvType></ProvType><AssignmentType></AssignmentType><ProvStatus></ProvStatus><ValidFrom></ValidFrom><ValidTo></ValidTo><FfOwner></FfOwner><Comments></Comments><ProvAction>005</ProvAction><RoleType></RoleType></item>';i++;if(i == size){return rolesStr;}}}</RequestedLineItem><UserGroup><item><UserGroup></UserGroup><UserGroupDesc></UserGroupDesc></item><item><UserGroup></UserGroup><UserGroupDesc></UserGroupDesc></item></UserGroup><UserInfo><item><Userid>${task.accountName}</Userid><Title></Title><Fname>${user.firstname}</Fname><Lname>${user.lastname}</Lname><SncName></SncName><UnsecSnc></UnsecSnc><Accno></Accno><UserGroup></UserGroup><ValidFrom></ValidFrom><ValidTo></ValidTo><Empposition></Empposition><Empjob></Empjob><Personnelno></Personnelno><Personnelarea></Personnelarea><CommMethod></CommMethod><Fax></Fax><Email>${user.email}</Email><Telnumber></Telnumber><Department></Department><Company></Company><Location></Location><Costcenter></Costcenter><Printer></Printer><Orgunit></Orgunit><Emptype></Emptype><Manager>${manager.systemUserName}</Manager><ManagerEmail>${manager.email}</ManagerEmail><ManagerFirstname>${manager.firstname}</ManagerFirstname><ManagerLastname>${manager.lastname}</ManagerLastname><StartMenu></StartMenu><LogonLang></LogonLang><DecNotation></DecNotation><DateFormat></DateFormat><Alias></Alias><UserType></UserType><Function></Function></item></UserInfo></urn:GracIdmUsrAccsReqServices></soapenv:Body></soapenv:Envelope>","RESPONSEMAPPING":{"TASK.TICKETID":"Body.GracIdmUsrAccsReqServicesResponse.RequestNo","user.customproperty50":"Body.GracIdmUsrAccsReqServicesResponse.RequestNo"},"REQUESTPARAMS":{"Content-Type":"text/xml;charset=UTF-8","SOAPAction ": "urn:sap-com:document:sap:soap:functions:mc-style:GRAC_USER_ACCES_WS:GracIdmUsrAccsReqServicesRequest"}}] |
GRANTACCESSJSON | [{"CONNECTION":"login","REQUESTXML":"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\"><soapenv:Header></soapenv:Header><soapenv:Body><urn:GracIdmUsrAccsReqServices><RequestHeaderData><Reqtype>002</Reqtype><Priority>011</Priority><ReqInitSystem>QTEST</ReqInitSystem><Requestorid>${manager.systemUserName}</Requestorid><Email>${requestor.email}</Email><ReqDueDate>${new Date().plus(10).format('yyyyMMdd')}</ReqDueDate><RequestReason>test</RequestReason><Funcarea></Funcarea><Bproc></Bproc></RequestHeaderData><RequestedLineItem>${String rolesStr = '';String startDate=new Date().format('yyyyMMdd');String bprocVal=bproc?.substring(bproc?.indexOf('-')+1,bproc?.length());String endDate='20991231';String empType=user?.employeeclass;int size = entitlementSet?.size();int i = 0;for (String ent : entitlementSet){String tempEnt = ent.indexOf('&') > 0 ? ent.substring(0, ent.indexOf('&') + 1).toUpperCase().concat('amp;').concat(ent.substring(ent.indexOf('&')+1).toUpperCase()) : ent.toUpperCase(); rolesStr=rolesStr+'<item><Emptype>'+empType+'</Emptype><Connector></Connector><ProvType></ProvType><AssignmentType></AssignmentType><ProvStatus></ProvStatus><FfOwner></FfOwner><Comments></Comments><ProvItemType>ROL</ProvItemType><ItemName>'+tempEnt+'</ItemName><ValidFrom>'+startDate+'</ValidFrom><ValidTo>'+endDate+'</ValidTo><ProvAction>006</ProvAction><RoleType>BUS</RoleType></item>';i++;if(i == size){return rolesStr;}}}</RequestedLineItem><UserGroup>${String groups = '';List lstItemName = ['QTEST','QTEST100','QTEST110','QTEST120'];String groupSelected=userGroup?.toUpperCase();int size = lstItemName.size();int i = 0;for (String ItemId : lstItemName){groups=groups+'<item><UserGroup>'+groupSelected+'</UserGroup><UserGroupDesc>'+groupSelected+'-'+ItemId+'</UserGroupDesc></item>';i++;if(i == size){return groups;}}}</UserGroup><UserInfo><item><Userid>${task.accountName}</Userid><Title ></Title><SncName>p:CN=${task.accountName}@CUSTOMER.COM</SncName><Fname>${user.firstname}</Fname><Lname>${user.lastname}</Lname><Email>${user.email}</Email><Manager>${manager.systemUserName}</Manager><Accno></Accno><UserGroup></UserGroup><ValidFrom></ValidFrom><ValidTo></ValidTo><Empposition></Empposition><Empjob></Empjob><Personnelno></Personnelno><Personnelarea></Personnelarea><CommMethod></CommMethod><Fax></Fax><Telnumber></Telnumber><Department></Department><Company></Company><Location></Location><Costcenter></Costcenter><Printer></Printer><Orgunit></Orgunit><Emptype></Emptype><ManagerEmail></ManagerEmail><ManagerFirstname></ManagerFirstname><ManagerLastname></ManagerLastname><StartMenu></StartMenu><LogonLang></LogonLang><DecNotation></DecNotation><DateFormat></DateFormat><Alias></Alias><UserType></UserType><Function></Function></item></UserInfo></urn:GracIdmUsrAccsReqServices></soapenv:Body></soapenv:Envelope>","RESPONSEMAPPING":{"task.provisioningcomments": "Body.GracIdmUsrAccsReqServicesResponse.MsgReturn.MsgStatement","TASK.TICKETID":"Body.GracIdmUsrAccsReqServicesResponse.RequestNo","SUCCESSMSG" : "Body.GracIdmUsrAccsReqServicesResponse.MsgReturn.MsgType"},"SUCCESSCRITERIA" : "SUCCESSMSG=SUCCESS","REQUESTPARAMS":{"Content-Type":"text/xml;charset=UTF-8","SOAPAction ": "urn:sap-com:document:sap:soap:functions:mc-style:GRAC_USER_ACCES_WS:GracIdmUsrAccsReqServicesRequest"}}] |
REVOKEACCESSJSON | [{"CONNECTION":"login","REQUESTXML":"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\"><soapenv:Header></soapenv:Header><soapenv:Body><urn:GracIdmUsrAccsReqServices><RequestHeaderData><Reqtype>002</Reqtype><Priority>011</Priority><ReqInitSystem>QTEST</ReqInitSystem><Requestorid>${manager.systemUserName}</Requestorid><Email>${requestor.email}</Email><ReqDueDate></ReqDueDate><RequestReason>demo</RequestReason></RequestHeaderData><RequestedLineItem>${String rolesStr = '';String startDate=new Date().format('yyyyMMdd');String bprocVal='';String endDate=new Date().plus(10).format('yyyyMMdd');String empType=user?.employeeclass;int size = entitlementSet?.size();int i = 0;for (String ent : entitlementSet){rolesStr=rolesStr+'<item><Emptype>'+empType+'</Emptype><Connector></Connector><ProvItemType>ROL</ProvItemType><Funcarea>Fixed Assets</Funcarea><Bproc></Bproc><ItemName>'+ent.toUpperCase()+'</ItemName><ValidFrom></ValidFrom><ValidTo></ValidTo><ProvAction>009</ProvAction><RoleType>BUS</RoleType></item>';i++;if(i == size){return rolesStr;}}}</RequestedLineItem><UserInfo><item><Userid>${task.accountName}</Userid><Fname>${user.firstname}</Fname><Lname>${user.lastname}</Lname><SncName>p:CN=${task.accountName}@CUSTOMER.COM</SncName><Email>${user.email}</Email><Manager>${manager.systemUserName}</Manager></item></UserInfo></urn:GracIdmUsrAccsReqServices></soapenv:Body></soapenv:Envelope>","RESPONSEMAPPING":{"TASK.TICKETID":"Body.GracIdmUsrAccsReqServicesResponse.RequestNo","user.customproperty50":"Body.GracIdmUsrAccsReqServicesResponse.RequestNo"},"REQUESTPARAMS":{"Content-Type":"text/xml;charset=UTF-8","SOAPAction ": "urn:sap-com:document:sap:soap:functions:mc-style:GRAC_USER_ACCES_WS:GracIdmUsrAccsReqServicesRequest"}}] |
TICKETSTATUSJSON | [ { "CONNECTION": "ticketlogin", "REQUESTXML": "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\"><soapenv:Header></soapenv:Header><soapenv:Body><urn:GracIdmRequestStatServices><Language>EN</Language><ReqNo>${TICKETID}</ReqNo></urn:GracIdmRequestStatServices></soapenv:Body></soapenv:Envelope>", "CLOSETICKETSTATUS": "OK,COMPLETED", "REJECTEDTICKETSTATUS": "ABORTED,FAILED", "RESPONSEMAPPING": { "TICKETSTATUS": "Body.GracIdmRequestStatServicesResponse.ReqStatus.Reqstatus" }, "REQUESTPARAMS": { "Content-Type": "text/xml;charset=UTF-8", "SOAPAction": "urn:sap-com:document:sap:soap:functions:mc-style:GRAC_REQUEST_STATUS_WS:GracIdmRequestStatServicesRequest", "Authorization": "Basic xxxxxxxxxxxxxxxxxxxxxxxxxx==" } } ] |
COMBINEDCREATEREQUEST | TRUE |
Access Request Web Service WSDL
We trying to configure the External Risks Evaluation and Access Provisioning Using SAP GRC
In the connection JSON, SOAP_ENDPOINT for Access Request and Request status are provided as below:
"SOAP_ENDPOINT": "https://IPADDRESSS:1443/XISOAPAdapter/MessageServlet?senderParty\n\n=&senderService=BC_SAVIYNT&receiverParty=&receiverService=&interface=INTERFACENAME\n\n&interfaceNamespace=urn:Kxxxxxx.com:GRC:userAccess"
"SOAP_ENDPOINT": "https://IPADDRESSS:1443/XISOAPAdapter/MessageServlet?senderParty=&senderService=INTERFACENAME\n\n&receiverParty=&receiverService=&interface=SI_SAVIYNT_STATUS_OUT&interfaceNamespace=urn:Kxxxxxx.com:\n\nGRC:UsrReqStatus"
We tried using SOAP_ENDPOINT url as below, however test connection not successful.
https://<host:port>/sap/bc/srt/rfc/sap/grac_user_acces_ws/100/grac_user_access_ws/grac_user_access_ws
Does only "https://IPADDRESSS:1443/XISOAPAdapter/MessageServlet?senderParty\n\n=&senderService=BC_SAVIYNT&receiverParty=&receiverService=&interface=INTERFACENAME\n\n&interfaceNamespace=urn:Kxxxxxx.com:GRC:userAccess",
XISOAPAdapter type of urls should be used?
@Sonam_Chikorde, Yes, You have to use "XISOAPAdapter" in the url, As mentioned in above connection json.
@sudeshjaiswal, Thank you for the updates.
Hi Sudeshjaiswal, thx nice share it help us a lot. Just fyi doesn't have to be XISOAdapter in the url, as long as the GRC webservice url can be hit and get success response from postman then it's possible, it run success on my connection using sap-client in url (without XISOAdapter as in the sample).
Thx
Hello @SeShoSama,
Thank you for confirming. This information will be useful for others too.
Hello @sudeshjaiswal
We are using Saviynt as Ticketing System to SAP GRC for SoD validation and hence connecting to SAP GRC using SOAP connector. There is requirement to send user's termination date to 'valid to' field of user detail in SAP GRC. To accomodate this requirement we are utilizing ${user.termDate} in Create Account and Update Account payload of SAP GRC connector. However it is observed that upon new account ticket creation in GRC, 'valid to' field is populated with a default 99991231 value, and not with the termination date selected in the user profile of Saviynt.
Please recommend a solution/binding value to pass the term date to GRC.
Hello @shruanand24,
Can you please check on the SAP GRC end, what payload is been recieved on the target end?
Is ${user.termDate} value is been passed as per the saviynt in the payload been sent to target?
Or You can try to set the termdate in one of the customproperty and try it.(Just for your test).
Thanks
Hello @sudeshjaiswal
In this set up, how are the SAP GRC roles imported into EIC? There is no SOAP webservice on the GRC side that we can call to extract roles and role data.
Hi @sudeshjaiswal - Can you please elaborate on how can the existing grc role assignments to users can be pulled from this SOAP connector? Also.. pulling all sap grc roles into EIC? Thank you.
Hi @asp,
You can achieve this scenario by configuring the SAP ECC Connector and import all the user to role mapping and all the granular role information from SAP GRC.
Thanks,