Recently a new “Provisioning Framework for GRC” was posted on SDN to integrate SAP NetWeaver Identity Management 7.1 (IDM 7.1) and SAP Business Ojects Access Control 5.3. The announcement was made in a RIG Know How Network Call on February 17 2010 by Oliver Nocon (recording: {code:html}http://www.sdn.sap.com/irj/scn/nw-khnc{code}). A question I receive quite frequently is whether it is possible to view the detailed “Audit Information” for a request created in Access Control initiated by IDM. The SAP provided framework does not require all the Audit Information details and therefore only requests the data from SBOP Access Controls that it needs, like name, status, priority, submittedby, requestid, createdate, and requestedby. In some cases customers require additional information and this blog will show you how you can view the detailed Audit Information. At the end of this blog you will still have to build the tasks to get the Audit Information data into IDM 7.1. For example you could develop a Virtual Directory Server connector to wrap the SBOP Access Control web service, or a ToGeneric pass in Identity Center to call the SBOP Access Control web service. For this you can check the Identity Services architecture and configuration guides which can be found on SDN in the SAP NetWeaver IDM 7.1 area. As an example I assigned two privileges in IDM 7.1 for which the “Provisioning Framework for GRC” created a single request in SBOP Access Control. The request id is number 45 (figure 1):
The detailed Audit Information for request 45 is (figure 2):
Now the question is how I can see this data outside of SBOP Access Control. The answer is a web service which is provided with the later versions of SBOP Access Control. The web service is SAPGRC_AC_IDM_AUDITTRAIL. An easy way to test the web service is to go to the SAP NetWeaver AS Java start page (http://hostname:port) and click on ‘Web Services Navigator’. You will be prompted to authenticate yourself, I simply use administrator user and a list of available web services is shown. Click on SAPGRC_AC_IDM_AUDITTRAIL and on the next page click ‘test’. Now click on the operation ‘getAuditLogs’ and you will get the web service request screen in which you can enter the parameters. In my example I am looking for request id 45 (figure 3):
The detailed Audit Information for request 45 is (figure 2): Now the question is how I can see this data outside of SBOP Access Control. The answer is a web service which is provided with the later versions of SBOP Access Control. The web service is SAPGRC_AC_IDM_AUDITTRAIL. An easy way to test the web service is to go to the SAP NetWeaver AS Java start page (http://hostname:port) and click on ‘Web Services Navigator’. You will be prompted to authenticate yourself, I simply use administrator user and a list of available web services is shown. Click on SAPGRC_AC_IDM_AUDITTRAIL and on the next page click ‘test’. Now click on the operation ‘getAuditLogs’ and you will get the web service request screen in which you can enter the parameters. In my example I am looking for request id 45 (figure 3):
