Additional Blogs by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Simplified User Interface for GRC Access Control using Visual Composer

Former Member
‎08-03-2009 6:12 PM
0 Kudos

One of the challenges we faced after implementing SAP GRC 5.3 was the usability of the User Interface. The out of the box User Interface for Requesting Access to NON PRODUCTION SAP Systems and UNLOCKING User Accounts had usability issues and would not work in Safari browser.

Using Visual Composer and Open NetWeaver Web Services of GRC 5.3, a custom User Interface was built to address the usability and cross browser compatibility issues.

This is a very simple 4  step Wizard driven process to Request Access and UNLOCK user account in Non Production systems.

Folliowing Web Services were used from the NetWeaver Stack and consumed in Visual Composer:

1. SAPGRC_AC_IDM_SELECTAPPLICATION

2. SAPGRC_AC_IDM_ROLEDETAILS

3. SAPGRC_AC_IDM_SEARCHROLES

4.SAPGRC_AC_IDM_SUBMITREQUEST

5. SAPGRC_AC_IDM_REQUESTSTATUS

6. LDAP Search with User First Name or Last Name ( Custom Enterprise Service built using NetWeaver Developer Studio. 

 

 User Interface was designed to be kept simple. Using Visual Composer the front end interacts with Web Services of GRC and the Web Services provision the access in the backend SAP systems to which GRC is configured in the landscape.

1. In Step 1 of the Application User choses if he want to Request Access or Unlock his Account.

2. In Step 2 he decides if request is for himself or someone else. The App allows you to create request on behalf of some one else by searching the user in LDAP. This is by using Web Service No -6.

3. In Step 3 the Application System is chosen for which the request is needed. All the Application Systems are shown i.e NON PROD, PROD by firing a Web Service no-1 (mentioned above) to get all the systems in a GRID. The User choose a given system(one system at a time)

4. User can chose the Access Type as ROLE or Transaction. If he choses Role then he can filter on ROLE ID or Role Description. If he choses transaction code then he can filter by transaction code. Based on filter of ROLE ID or TRANSACTION CODE, the Roles are filtered by using Web Service No-3(as shown above).

5. User can add the Role from the top Grid to the bottom Grid which is his Role Basket like a shopping cart. Role Details are shown in the bottom grid using Web Service No-2.

6. In the end he submits  the request to SAP GRC system which handles the request in real time. This is by using Web Service No-4

Here is the application in action:

 

Custom UI for GRC Access Control Using Visual Composer and Web Services 

 

Please contact me if you have questions. 

 Thanks

Ashish 

5 Comments
Popular Blog Posts