The purpose of this document is to define clear steps required to implement GRC on HANA plug in to integrate GRC 10.1 with HANALIVE DB for user provisioning.
This scope applies for Basis team who support SAP GRC on HANA configuration after will go live. This procedure applied for pre requisites, installation and post installation configuration of complete SAP GRC HANA “plug in” setup.
This document does not cover security setup that required for User provisioning on HANALIVE through SAP GRC system
Need at least GRC 10.1 with SAP NW 7.4 system to integrate this with HANA
SAP GRC ACCESS CONTROL 11 sap.com SAP ACCESS CONTROL 10.1
SAP NETWEAVER 7.4 sap.com SAP NET WEAVER 7.4
HANACLIENT SPS 8 Rev 82 Patch level 0
HANALIVE DB SPS8 Rev 82 Patch level 0
HCO_GRC_PI SP06 Patch level 0 (GRC Plugin)
Download required HANA client software compatible with OS where GRC installed
Software name -> IMDB_CLIENT100_82_0-10009663.SAR
Need SUDO or root user into source GRC system
Extract the HANA Client 82 version package in /software_repo/HANA_CLIENT directory
Check the extracting files
Create directory hdbclient under /user/sap/<SID> file system
Run hdbinst to install HANA client
Install the HANA Client with hdbinst command from ROOT user
Check the install files in /usr/sap/<SID>/hdbclient location
5. Set the PATH & LD_LIBRARY_PATH variables in sapenv.sh & sapenv.csh file
Check the ENV from <sid>adm user by opening a new session
Note – Take restart / bounce of SAP GRC application
A. Check the GRC system connectivity from hdbsql prompt
B. Check connection from GRC application level
Create connection user GRC_DBCO_PI in HANALIVE DB with below privileges (for connection test – you can use any existing user e.g. – SYSTEM)
Later you can create this user with below roles (this role will come after plugin deployment in HANALIVE DB) for permanent connection
Create DB connection through DBCO transaction code from GRC as below
Now go to HANA Studio and login in HLR system with modeler perspective: Open Modeler perspective and select Delivery unit
Select HANALIVE DB system
Browse through the downloaded HCO_GRC_PI plugin software, click finish
Check the Job log once the Import is finished.
In the main window of HANA Studio Click on Perspective Button and select SAP HANA Development
Go to Repositories
Select HANALIVE DB system and right click on it to choose ‘Create Repository Workspace’
Give workspace name as HCO_GRC_PI and click on Finish button:
Expend from Content node, following packages sap --> grc --> pi --> ac and under ac package two packages are there - ara with 16 sql objects and arq with 11 sql objects and db with 2 objects and roles with 1 object.
In this point D e l i v e r y U n i t was deployed successfully
For each file in the ara package.
d. Repeat steps from a to c for rest of the sql files in the ara package.
e. Repeat steps from a to c for all of the sql files in the arq package only in the following order / sequence.
1. All sql files what name started from is_... and ins_... in any order.
2. Two sql files that name started from Grant_... and Revoke_... in any order.
Create GRC_DBCO_PI user in HANALIVE DB system
Set permanent password - ***************
Create a Logical RFC – HLR for HANALIVE system:
From SPRO check the connector Display IMG -> SAP customizing Implementing Guide ->Governance, Risk & Compliance -> Common Component Settings -> Integration Framework -> Maintain Connection and Connection Types
Validate the GRC to HANA DB connection from SA38 transaction of GRC system with program -> ADBC_TEST_CONNECTION
This completes all configuration for GRC & HANA DB integration.
We have followed SAP note -> 1869912 - SAP GRC 10.1 Plug-In SAP HANA, SAP HANA Content for all required configuration (check the latest version of the SAP note from market place).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
9 | |
7 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |