Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC integration with SAP HANA - Guide

former_member229095
Explorer
‎10-19-2015 5:37 PM

1. PURPOSE

The purpose of this document is to define clear steps required to implement GRC on HANA plug in to integrate GRC 10.1 with HANALIVE DB for user provisioning.

2. SCOPE

This scope applies for Basis team who support SAP GRC on HANA configuration after will go live. This procedure applied for pre requisites, installation and post installation configuration of complete SAP GRC HANA “plug in” setup.

This document does not cover security setup that required for User provisioning on HANALIVE through SAP GRC system

3. Component details

Need at least GRC 10.1 with SAP NW 7.4 system to integrate this with HANA

SAP GRC ACCESS CONTROL        11          sap.com              SAP ACCESS CONTROL 10.1

SAP NETWEAVER            7.4          sap.com              SAP NET WEAVER 7.4

HANACLIENT SPS 8 Rev 82 Patch level 0

HANALIVE DB SPS8 Rev 82 Patch level 0

HCO_GRC_PI SP06 Patch level 0 (GRC Plugin)

4. Install SAP HANA CLIENT on GRC source system

Download required HANA client software compatible with OS where GRC installed

Software name -> IMDB_CLIENT100_82_0-10009663.SAR

Need SUDO or root user into source GRC system

Extract the HANA Client 82 version package in /software_repo/HANA_CLIENT directory

Check the extracting files

Create directory hdbclient under /user/sap/<SID> file system

Run hdbinst to install HANA client

Install the HANA Client with hdbinst command from ROOT user

Check the install files in /usr/sap/<SID>/hdbclient location


    5. Set the PATH & LD_LIBRARY_PATH variables in sapenv.sh & sapenv.csh file


Check the ENV from <sid>adm user by opening a new session

Note – Take restart / bounce of SAP GRC application


    6. Connectivity test from GRC to HANALIVE DB


          A. Check the GRC system connectivity from hdbsql prompt


          B. Check connection from GRC application level

Create connection user GRC_DBCO_PI in HANALIVE DB with below privileges (for connection test – you can use any existing user e.g. – SYSTEM)

Later you can create this user with below roles (this role will come after plugin deployment in HANALIVE DB) for permanent connection

Create DB connection through DBCO transaction code from GRC as below

7.  Deploy D e l i v e r y U n i t with Content for the SAP HANA plug-in for GRC integration with HANA

  1. Start HANA Studio and Open Modeler perspective.
  2. Add System (where HCO_GRC_PI will be deployed) in the HANA Studio by providing
  3.   Host Name, Instance Number, Description, HANA User ID and Password.
  4. Note: Use SYSTEM or Any HANA User with proper authorizations as User ID to connect to the HANA System where HCO_GRC_PI will be deployed. Mandatory, No exceptions.
  5. After System Registration is completed and Connection verified, Use "Select System" button in the Modeler perspective to select a System you just registered in the previous step.
  6. In the same Modeler Perspective Click "Import" link located under "Content" label and in the
  7.   Open dialog select "Delivery Unit" under SAP HANA Content and Click "Next" button.
  8. In the opened window Select file location as "Client" and use "Browse" button to navigate to the location where you save file with SAP HANA plug-in you downloaded from SMP.
  9. Note: You may need to use SAPCAR to extract D e l i v e r y U n i t file with extension .T G Z from the archive you downloaded from SMP.
  10. When .TGZ file is selected you will see D e l i v e r y U n i t details in the Object import simulation.
  11. Click "Finish" button to complete D e l i v e r y U n i t deployment and Object Activation process.
  12. Verify deployment by navigating in the "Modeler" perspective to "SAP HANA Systems" where you registered HANA Server.
  13. Expend from Content node, following packages sap --> grc --> pi --> a c and under ac package you should be able to see two packages ara with 16 sql objects and arq with 11 sql objects and db with 2 objects and roles with 1 object.
  14. In this point D e l i v e r y U n i t was deployed successfully.

Now go to HANA Studio and login in HLR system with modeler perspective:  Open Modeler perspective and select Delivery unit


Select HANALIVE DB system

Browse through the downloaded HCO_GRC_PI plugin software, click finish


Check the Job log once the Import is finished.


8. Install HANA Integration API to the SYSTEM catalog by using HANA Studio


In the main window of HANA Studio Click on Perspective Button and select SAP HANA Development


Go to Repositories

Select HANALIVE DB system and right click on it to choose ‘Create Repository Workspace

Give workspace name as HCO_GRC_PI and click on Finish button:

Expend from Content node, following packages sap --> grc --> pi --> ac and under ac package two packages are there - ara with 16 sql objects and arq with 11 sql objects and db with 2 objects and roles with 1 object.

In this point D e l i v e r y U n i t was deployed successfully

For each file in the ara package.

  1. Double click on first sql file in the ara package and after sql file is open in the SQL Editor.
  2. Right Click in editor window and click on "Choose Connection" and in the open window select the same HANA System you registered above.
  3. Click "Execute" or F8 to create Stored Procedure for selected HANA API in the SAP_PI_GRC Catalog.

    d. Repeat steps from a to c for rest of the sql files in the ara package.

    e. Repeat steps from a to c for all of the sql files in the arq package only in the following order / sequence.

1. All sql files what name started from is_... and ins_... in any order.

2. Two sql files that name started from Grant_... and Revoke_... in any order.

Create GRC_DBCO_PI user in HANALIVE DB system

Set permanent password - ***************

9. Configure SAP GRC 10.1 central system with HANA integration

    1. Create new user (For Example: GRC_DBCO_PI) and grant to this user role s a p . g r c . p i . a c . r o l e s : : S A P _ G R C _ P I _ A D M I N activated in the step 1.
    2. Activate new user created in the step 1.
    3. Reset new user password to the permanent password by logging with this user in the HANA Studio.
    4. Use newly created GRC_DBCO_PI user in steps above for DBCO configuration in the SAP GRC 10.1 Central system.

Create a Logical RFC – HLR for HANALIVE system:

From SPRO check the connector Display IMG -> SAP customizing Implementing Guide ->Governance, Risk & Compliance -> Common Component Settings -> Integration Framework -> Maintain Connection and Connection Types


Validate the GRC to HANA DB connection from SA38 transaction of GRC system with program -> ADBC_TEST_CONNECTION


This completes all configuration for GRC & HANA DB integration.


10. APPENDIX

We have followed SAP note -> 1869912 - SAP GRC 10.1 Plug-In SAP HANA, SAP HANA Content for all required configuration (check the latest version of the SAP note from market place).

8 Comments
Labels in this area
Popular Blog Posts