Skip to Content

One of the challenges we faced after implementing SAP GRC 5.3 was the usability of the User Interface. The out of the box User Interface for Requesting Access to NON PRODUCTION SAP Systems and UNLOCKING User Accounts had usability issues and would not work in Safari browser.

Using Visual Composer and Open NetWeaver Web Services of GRC 5.3, a custom User Interface was built to address the usability and cross browser compatibility issues.

This is a very simple 4  step Wizard driven process to Request Access and UNLOCK user account in Non Production systems.

Folliowing Web Services were used from the NetWeaver Stack and consumed in Visual Composer:

1. SAPGRC_AC_IDM_SELECTAPPLICATION

2. SAPGRC_AC_IDM_ROLEDETAILS

3. SAPGRC_AC_IDM_SEARCHROLES

4.SAPGRC_AC_IDM_SUBMITREQUEST

5. SAPGRC_AC_IDM_REQUESTSTATUS

6. LDAP Search with User First Name or Last Name ( Custom Enterprise Service built using NetWeaver Developer Studio. 

 

 User Interface was designed to be kept simple. Using Visual Composer the front end interacts with Web Services of GRC and the Web Services provision the access in the backend SAP systems to which GRC is configured in the landscape.

1. In Step 1 of the Application User choses if he want to Request Access or Unlock his Account.

2. In Step 2 he decides if request is for himself or someone else. The App allows you to create request on behalf of some one else by searching the user in LDAP. This is by using Web Service No -6.

3. In Step 3 the Application System is chosen for which the request is needed. All the Application Systems are shown i.e NON PROD, PROD by firing a Web Service no-1 (mentioned above) to get all the systems in a GRID. The User choose a given system(one system at a time)

4. User can chose the Access Type as ROLE or Transaction. If he choses Role then he can filter on ROLE ID or Role Description. If he choses transaction code then he can filter by transaction code. Based on filter of ROLE ID or TRANSACTION CODE, the Roles are filtered by using Web Service No-3(as shown above).

5. User can add the Role from the top Grid to the bottom Grid which is his Role Basket like a shopping cart. Role Details are shown in the bottom grid using Web Service No-2.

6. In the end he submits  the request to SAP GRC system which handles the request in real time. This is by using Web Service No-4

Here is the application in action:

 

Custom UI for GRC Access Control Using Visual Composer and Web Services 

 

Please contact me if you have questions. 

 Thanks

Ashish 

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Vasu Pabbaraju
    Would like to know more details about the implementation.

    I have one question

    what happens to the VC model when GRC web service interface changes?

    Thx.
    Vasu.

    (0) 
    1. Ashish Singh Post author
      Sorry for late response. If the Web Service is changing we need to change the input params of the web service in the VC MOdel. I already had this scenario as I upgraded my GRC from SP6 to SP10 and the Submit Request Web Service had some changes to the input params. I had to make some adjustments/changes to the input params to Web Service call in my VC Model. Rest everything works ok. hope this helps.

      Thanks
      Ashish

      (0) 
  2. Toni Luque
    Hi!

    Firs of all, say that you have done a great job! Very user usefull 🙂

    Now I am facing a similar project and I am not being able to perform a successful invocation to the SAPGRC_AC_IDM_SELECTAPPLICATION and SAPGRC_AC_IDM_SEARCHROLES.

    Could you please provide an example for each Web Service Invocation? I know that there are a few parameters but when I test the Web Services a successful message is retreived but with no results 🙁

    Thanks in advance,
    toni

    (0) 

Leave a Reply