SAP GRC 12.0 INTEGRATION WITH SAP HAND DB
AGENDA
- Objective
- SAP GRC Integration with SAP HANA & Provisioning configuration
- HANA User Provisioning using GRC 12.0
- Risk Analysis for HANA DB Authorization
- User Level
- Role Level
- Supported Functionality
- Advantage of SAP HANA-GRC Integration
- Q&A
OBJECTIVE
- How to perform the SAP HANA user provisioning using SAP GRC Access Control 12.0
- How to Run the SOD risk analysis for the HANA system using SAP GRC Access Control 12.0
- Benefit for the integration of GRC system with HANA
Component Details for integration: GRC
For integration of GRC Access Control with HANA, we need at least GRC 12.0 with SAP NW 7.4 system.
| Product | Release | Vendor | Short Description of Product Version |
| SAP GRC ACCESS CONTROL | 11 | sap.com | SAP ACCESS CONTROL 12.0 |
| SAP NETWEAVER | 7.4 | sap.com | SAP NET WEAVER 7.4 |
Component Details for integration: SAP HANA
| Component | Service pack | Patch Level |
| HANACLIENT | SPS 8 Rev 82 | 0 |
| HANALIVE DB | SPS8 Rev 82 | 0 |
| HCO_GRC_PI (GRC plug in) | SP06 | 0 |
- Maintain HANA Database Connection: Execute the Transaction code DBCO in GRC system and create the DB connection to HANA Plug-in system via system account
- Maintain Connection: Execute the Transaction code SM59 OR SPRO ->
Common component settings -> Integration Framework -> Create connectors –
>Logical connections
3. Maintain Connectors and Connection Types: SPRO -> GRC-> Integration
Framework ->Common Component Settings -> Maintain Connectors and
Connection Types
- Maintain Connector Settings: SPRO -> GRC-> Integration Framework –
>Common Component Settings -> Maintain Connection Settings
- Maintain Configuration Settings: Define the following configuration Settings for HANA plug-in Connectors
▶ 1022 – Connectors for which object Id’s may be maintained
▶ 1046 – Extended Objects enabled connectors
- Maintain Connector Settings: SPRO-> GRC -> Access Control -> Maintain Connector Settings
Link the HANA Connector to Application type SAP HANA (017)
- Synchronization Job: SPRO-> GRC -> Access Control -> Synchronization Job
Execute following job in background
- Authorization Sync
- Repository Object Sync
- Role Import: Execute the role import functionality to import all the HANA roles and Analytical Privileges.
This is the prerequisite for provisioning the user via Access Request
Example : HANA User Provisioning via Access request.
Both HANA roles and Analytical Privileges can be assigned to user
Request number 20 created and submitted
Log File for Access request: 20
User A88888 Created and HANA role and Analytic Privilege assigned
HANA Risk Analysis
- We can do the risk analysis for User and Role level
Benefits of HANA GRC Integration
- SAP HANA user provisioning to use SAP HANA-based applications.
- Access to assignment of users on SAP HANA (Analytical Privileges and Roles)
- Perform risk analysis for SAP HANA-based authorizations to avoid SoD conflicts
- Using GRC 12.0 on HANA platform will help immensely mainly for ARA (access risk analysis)
- SAP Access Control 12.0 has been enhanced and expanded. It now comes with a common standard ABAP platform leveraging SAP NetWeaver 7.40 SP 02 that provides the option to run on the SAP HANA database
- The best advantage of running GRC applications is, Reporting will be faster so would be the outputs
Appendix : References
- SAP Note: 1597627 – SAP HANA connection
- SAP Note: 1869912 SAP GRC 12.0 Plug in SAP HANA
Q&A
