Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
former_member192837
Participant

Access Control: - Create Access Request Using Web Service in GRC10


 

 

In this blog I would like to share my experience how Web service can be tested and create Access Request from GRC system when you are integrating with IDM system.

 

Suppose you have integrated GRC10 with IDM 7.2 and wanted to submit access request from IDM to GRC. Being a GRC consultant you can test Web Service used to create Access Request from GRC side. It helps to check Web Service is working and you are able to submit request and its following MSMP workflow created in GRC10 by you. Once this is tested from GRC side it’s easier to use same inputs from IDM side and submit Access Request to GRC.

 

 

Web Service used to create access request from GRC is GRAC_USER_ACCES_WS (User Access Request Service) .

 

Follow below steps to execute Web Service.

 

Execute Tcode SE80 and double click on Repository Information System

 



 

Expand Enterprise Services under Repository Information System and double click on Service Definitions .

 



 

In Application Component enter GRC-AC and Execute.

Now you will be able to see all Web Service used for IDM- GRC Integration

Here double click on highlight Web Service GRAC_USER_ACCES_WS (User Access Request Service ) .

 

 



 

And execute GRAC_USER_ACCES_WS (User Access Request Service) from below screen

 



 

Below pop up will come. Select Generate Request Template and execute.

 

 

Below output will come. From here click on XML editor and provide required details in XML tags. And execute. This will create access request in response if you have provided all the details correct. If details are not correct then you will receive Error in response .

 



 

 

In above Web Service there are 5 Sections as below.


 

  1. CustomFieldsVal

  2. Parameter

  3. RequestHeaderData

  4. User Info

  5. Requested Line Item


 

Mandatory fields and User information are determined based on End user Personalization (EUP) in SPRO.  ReqInitSystem in Request Header data is mandatory filed and you need to provide IDM connector information in this.

 

 

Fill details in Header data , Line Item and User Info based on your configuration

 

Header DATA-

 

<RequestHeaderData>
<Reqtype>String 12</Reqtype>
<Priority>String 13</Priority>
<ReqDueDate>String 14</ReqDueDate>
<ReqInitSystem>String 15</ReqInitSystem>
<Requestorid>String 16</Requestorid>
<Email>String 17</Email>
<RequestReason>String 18</RequestReason>
<Funcarea>String 19</Funcarea>
<Bproc>String 20</Bproc>
</RequestHeaderData>


 

Line Item Details-

 

<item>
<ItemName>String 21</ItemName>
<Connector>String 22</Connector>
<ProvItemType>String 23</ProvItemType>
<ProvType>String 24</ProvType>
<AssignmentType>String 25</AssignmentType>
<ProvStatus>String 26</ProvStatus>
<ValidFrom>String 27</ValidFrom>
<ValidTo>String 28</ValidTo>
<FfOwner>String 29</FfOwner>
<Comments>String 30</Comments>
<ProvAction>String 31</ProvAction>
<RoleType>String 32</RoleType>
</item>


 

 

 

User Info

 

</item>
</UserGroup>
<UserInfo>
<item>
<Userid>String 49</Userid>
<Title>String 50</Title>
<Fname>String 51</Fname>
<Lname>String 52</Lname>
<SncName>String 53</SncName>
<UnsecSnc>String 54</UnsecSnc>
<Accno>String 55</Accno>
<UserGroup>String 56</UserGroup>
<ValidFrom>String 57</ValidFrom>
<ValidTo>String 58</ValidTo>
<Empposition>String 59</Empposition>
<Empjob>String 60</Empjob>
<Personnelno>String 61</Personnelno>
<Personnelarea>String 62</Personnelarea>
<CommMethod>String 63</CommMethod>
<Fax>String 64</Fax>
<Email>String 65</Email>
<Telnumber>String 66</Telnumber>
<Department>String 67</Department>
<Company>String 68</Company>
<Location>String 69</Location>
<Costcenter>String 70</Costcenter>
<Printer>String 71</Printer>
<Orgunit>String 72</Orgunit>
<Emptype>String 73</Emptype>
<Manager>String 74</Manager>
<ManagerEmail>String 75</ManagerEmail>
<ManagerFirstname>String 76</ManagerFirstname>
<ManagerLastname>String 77</ManagerLastname>
<StartMenu>String 78</StartMenu>
<LogonLang>String 79</LogonLang>
<DecNotation>String 80</DecNotation>
<DateFormat>String 81</DateFormat>
<Alias>String 82</Alias>
<UserType>String 83</UserType>
</item>


 

 

 

Kind Of Error / SUCCESS message you can get in response.


 

1.

 

<?xml version="1.0" encoding="utf-8" ?>


- <n0:GracIdmUsrAccsReqServicesResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">


- <MsgReturn>


  <MsgNo>4</MsgNo>


  <MsgType>ERROR</MsgType>


  <MsgStatement>Invalid request initiation system</MsgStatement>


  </MsgReturn>


  <RequestId />


  <RequestNo />


  </n0:GracIdmUsrAccsReqServicesResponse>


 

 

2.

 

<?xml version="1.0" encoding="utf-8" ?>


- <n0:GracIdmUsrAccsReqServicesResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">


- <MsgReturn>


  <   MsgNo>4</MsgNo>


  <MsgType>ERROR</MsgType>


  <MsgStatement>Invalid request type</MsgStatement>


  </MsgReturn>


  <RequestId />


  <RequestNo />


  </n0:GracIdmUsrAccsReqServicesResponse>


 

 

3.

 

<?xml version="1.0" encoding="utf-8" ?>


- <n0:GracIdmUsrAccsReqServicesResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">


- <MsgReturn>


  <MsgNo>4</MsgNo>


  <MsgType>ERROR</MsgType>


  <MsgStatement>Invalid priority type</MsgStatement>


  </MsgReturn>


  <RequestId />


  <RequestNo />


  </n0:GracIdmUsrAccsReqServicesResponse>


 

 

4.

 

<?xml version="1.0" encoding="utf-8" ?>


- <n0:GracIdmUsrAccsReqServicesResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">


- <MsgReturn>


  <MsgNo>4</MsgNo>


  <MsgType>ERROR</MsgType>


  <MsgStatement>Invalid Provision Action in line no 1</MsgStatement>


  </MsgReturn>


  <RequestId />


  <RequestNo />


  </n0:GracIdmUsrAccsReqServicesResponse>


 

 

5. When you provide al the required detail correct. SUCCESS response will be received.

 

<?xml version="1.0" encoding="utf-8" ?>


- <n0:GracIdmUsrAccsReqServicesResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">


- <MsgReturn>


  <MsgNo>0</MsgNo>


  <MsgType>SUCCESS</MsgType>


  <MsgStatement>Request created successfully</MsgStatement>


  </MsgReturn>


  <RequestId>ACCREQ/984BE1639ED01ED3A0D7D9B2BE664366</RequestId>


  <RequestNo>1000001159</RequestNo>


  </n0:GracIdmUsrAccsReqServicesResponse>


 

 

6. One strange issue I have seen. If you are creating access request with user missing with GRAC_SYS auth object then you can get “Connector not configured Error”

 

 

Same type of error message you can get in IDM- VDS logs when Access Request is submitted via IDM.

 

Hope this will help you to understand Access Request creation using Web Service and test Web Service.

 

Regards

Dilip Jaiswal

25 Comments
Labels in this area