GRC AC 10.0 Connector Definitions

Contacts: August 14
Lavanya Singumahanthi Author:

Amit Bajaj Puneet Dhillon
Suman Puthadi

GRC AC 10.0 Connector Definitions

2

Document History
Document Version Description
1.10 << Summary of changes in this version >>
1.00 First official release of this guide

DOCUMENT SPECI FI CATI ON CHANGE HI STORY: (Provide the change history for
this document. If revision is due to a software change, include the Release or SP number that authorized the
change.)
VERSION DATE DESCRIPTION OF CHANGE AUTHOR
SI GN OFF
BY

3

CONTENTS
Introduction
Document History ................................................................................................................................................................... 2
Chapter 1 Example Connector Flow Concept ................................................................................................................. 5
Chapter 2 Creating SAP Connector ................................................................................................................................ 6
Chapter 3 Creating Webservice Connector .................................................................................................................... 8
Chapter 4 Creating LDAP Connector .............................................................................................................................. 9
Chapter 5 Creating SPML Connector ........................................................................................................................... 11
Chapter 6 Creating FILE Connector .............................................................................................................................. 12
File Connector Setup ............................................................................................................................................................. 12
Chapter 7 Create Connectors ....................................................................................................................................... 14
Chapter 8 Maintain Connectors and Connection Types .............................................................................................. 14
8.1 Connection type definition ...................................................................................................................................... 14
8.2 Define Connectors ................................................................................................................................................... 15
8.2.1 Define SAP Connector from section Error! Reference source not found. ............................................................... 15
8.2.2 Define Subsequent Connectors ............................................................................................................................... 15
8.3 Define Connector Groups ........................................................................................................................................ 15
8.3.1 Assign Connector Groups to Group types ................................................................................................................ 16
8.3.2 Assign Connectors to Connector Groups ................................................................................................................. 16
Chapter 9 Maintain Connection Settings ..................................................................................................................... 16
9.1 Subscenario definition ............................................................................................................................................. 17
9.2 Scenario-Connection type Link ................................................................................................................................ 17
9.2.1 Scenario Connector Link .......................................................................................................................................... 17
Chapter 10 Maintain Mapping for Actions and Connector Groups ............................................................................... 18
10.1 Maintain connector group status: ........................................................................................................................... 18
10.2 Assign default connector to connector group: ........................................................................................................ 18
10.2.1 Assign Group Field mapping: ................................................................................................................................... 18
10.2.2 Assign group parameter mapping: .......................................................................................................................... 19
Chapter 11 Maintain Connector Settings ...................................................................................................................... 19
11.1 Assign attributes to the connector .......................................................................................................................... 19
11.2 Subscenario definition ............................................................................................................................................. 21
11.3 Scenario-Connection type Link ................................................................................................................................ 21
4

11.3.1 Scenario Connector Link .......................................................................................................................................... 21

5

1 Example Connector Flow Concept

Cross System Group
SAP
SAP
Oracle
WS
Microsoft
LDAP
FILE
Logical Group:
Systems that are
logically Identical

Automatic
Monitoring
Authorization
Management
Provisioning
Role
Management
SPM
Integration Scenario
Connectors Connector Groups
Note: ERM Connector need to be
defined to one and only one connector
Group

Example By-passing Group
Example Connections
6

2 Creating SAP Connector
1. Enter Transaction SPRO, and then click button.
2. Navigate to Governance, Risk, and Control > Common Component Settings > Integration Framework > Create
Connectors.
3. Click on Create icon.

4. Enter the name for the RFC Destination
5. Enter Description for the connector.
6. Enter the Connection Type 3.
7. Save your entries.
8. Under the Technical Settings tab enter the target address.
The IP is usually the same as the host name
9. Under the Logon & Security define the following fields
Language EN
Client Enter the Client number for the Target system
User Enter User name for a user on target system
Password Enter password for the user on target system
Trust Relationship Click the appropriate radio button. See Note

If the Connection type is Trusted no user name and password are needed. If the Connection is un-trusted
then, user must provide username and password for the connection .

11. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration
Framework > Maintain Connectors and Connection Types
A
.
12. Double-Click Define Connectors on the left side dialogue box.
13. Click on New Entries button
14. Enter the data for the following fields.
Target Connector Select the RFC Connector created in section 2 from list
Connection Type SAP
Source Connector Not needed (See Note)
Logical Port Not relevant
Maximum number Not relevant
7

15. Save your work.

Source Connector is only needed if the information transfer will be bi-directional.
Logical Port Only relevant for Webservice type connections.
Maximum number used to define maximum number of background jobs. Relevant only with Automated
framework.
Framework > Maintain Connection Settings
A
.
17. Select the Integration Scenario
A
.
18. Select the subscenario
A
.
19. Double-click on Scenario-Connector Link
A

20. Click button.
21. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the
connector.

8

3 Creating Webservice Connector
3. Enter the Connection Type as G.
4. Under the Technical Settings tab enter the target address.
Target Host IP or Host name of the target system
Service No. Enter the target system service no.
Path Prefix ????

Enter the Proxy Information if you need to go via a proxy for your landscape.

5. Under the Logon & Security define the following fields
Logon Procedure Click the appropriate Radio button.
User Enter User name for a user on target system
Password Enter password for the user on target system
Logon with Ticket Click the appropriate radio button.
Security Options Enter appropriate information based on your
connection

If Authentication is needed by the Target system enter the User and Password fields.
A
.
25. Click on New Entries
Target Connector Select the RFC Connector created in section Error! Reference
source not found. from list
Connection Type WS
Source Connector Not needed
Logical Port Enter the Logical Port.
27. Save your work.

Maximum number used to define maximum number of background jobs. Relevant only with
Automated framework.
A
.
A
.
A
.
A

32. Click button.

9

connector.
4 Creating LDAP Connector
Connectors.


RFC destination name must be specified in capital letters .
38. Enter Description
39. Enter the Connection Type as T.
40. Under the Technical Settings tab enter the following information.
Application Type Click radio button Registered Server Program
Program Same as RFC Destination name
CPI-C Click radio button Default Gateway Value
Gateway gateway with which the LDAP Connector is to register
42. Under the Technical Settings tab enter the following information.
Application Type Click radio button Registered Server Program
Program Same as RFC Destination name
CPI-C Click radio button Default Gateway Value
Gateway gateway with which the LDAP Connector is to register
A
.
46. Click on New Entries button
Connection Type SAP
10

48. Save your work.

framework.
49. Enter transaction LDAP.
50. Click on button.
51. Click on icon to switch to change mode, then click New Entries.
52. Enter the following data for the LDAP Connector:
Connector Name Same as the RFC Destination defined for the LDAP connector above.
Application Server Name of the application server on which the LDAP Connector is to be
started.
Status Connector is Active
Trace Level Trace OFF
53. Save your entries. Click to start the connector.
54. Configure the LDAP Server using the following values:
Server name Server Name
Host name Host Name
Port Number Port number
Trace Level Trace OFF
55. Enter transaction LDAPMAP.
56. Click on icon to switch to change mode, then press F6 to get default mapping.
A
.
A
.
A
.
A

61. Click button.

connector.

11

5 Creating SPML Connector
Connectors.

68. Enter the Connection Type G.
69. Under the Technical Settings tab enter:
Target Host IP or Host name of the target system
Path Prefix Enter the path to call the HTTP request handler
70. Under the Logon & Security tab if applicable enter the user name and password for the target system.
71. Save your work.
A
.
Connection Type SPML1
77. Save your work.
A
.
A
.
A
.
A

82. Click button.

connector.
12

6 Creating FILE Connector
Connectors.

3. Enter the Connection Type L.
4. Save your work.
6.1 File Connector Setup
1. Enter transaction FILE.
??????????????????????????????????????????????????????????????

A
.
Connection Type FILE
91. Save your work.
A
.
A
.
A
.
A

96. Click button.

13

connector.
98. Select the Target Connector
99. Double-click Maintain file paths for logical connector.
100. Enter values for the following field:
File Path Enter the logical file path
File ID Enter the file ID
File Type Enter the file type
File Sep. Enter the file separator

14

7 Create Connectors
To Create a connector:
Framework > Create Connectors.

7-1
8 Maintain Connectors and Connection Types
Used the maintain Connection types and connection groups.
To maintain connectors:
1. Enter Transaction SPRO
Framework > Maintain Connectors and Connection Types.
8.1 Connection type definition
Under this tab user can define what the connection type is and a short text for a description of the connection type.
1. To Create a new entry click the button.
2. To edit an existing entry select the entry by clicking the button to the left of it, then click to enter change mode.
3. Enter the appropriate information in the Connection Type column and Connection Type Text column, save your work.
The Following is the list of Connection Types provided by SAP:
BUSINESS Business Role Type
EP Enterprise Portal
EVTSOURC Event Source
FILE File system for legacy extraction
GRCRM GRC Risk Management
LDAP Ldap Connectors
LOCAL Local Data Source
SAP SAP system
WS Webservice

15

8.2 Define Connectors
This allows you to define a connection type, Source Connector, Logical Port, and Max No. of BG WP for each
connector created in section Create Connector 1.0 above.
8.2.1 Define SAP Connector from section 2
Connection Type SAP
4. Save your work.

framework.
8.2.2 Define Subsequent Connectors
Subsequent Connectors definition is needed when a connecter needs to trigger another connection.
Example: When extracting data from SAP EP, most of the actions such as create user, delete user are served by
standard SPML interface. But some actions like generate password are not available with standard SPML interface
therefore needs a webservice protocol. In this scenario for SAP EP, standard SPML interface would be the
subsequent connector and the webservice protocol would be the first connector.
To Define Subsequent Connector:
1. Select the target connecter to which the subsequent connecter should succeed.
2. Click New Entries.
3. In the Subsequent Connector column, select the subsequent connector from the list.
4. In the Con. Type column, select the type of connection.
5. In the Logical Port column, enter the logical port for the connection.
8.3 Define Connector Groups
Used to define Connector Groups
1. To Enter change mode and select an existing connector group or click on new entries to define a new
group.
2. Enter data for appropriate fields, then save your work.
Conn. Group Enter the name of the Conn. Group
Connector Group Text Enter description or scenario for the Group
Conn. Type Select the Connection type from the list (F4).

8.3.1 Assign Connector Groups to Group types
Used to define Connector groups into Logical or Cross System Group types. You can enter change mode and edit
existing or click new entries to define new group types. Choose on of the following from the dropdown menu.
16

Automated Monitoring Framework
Logical Group Is a connector group type which consists the systems that
are logically the same.
Example: Oracle financials system 1, Oracle Financials
system 2, etc

Logical System Group
SAP (SDM) SAP (SDM)
SAP (SDM) SAP (SDM)
Cross System Group Is a connector group type which consists the systems with
different environment
Example:

Cross System Group
SAP (SDM) LDAP (MS)
WS (Oracle: Financials) SAP (CRM)

8.3.2 Assign Connectors to Connector Groups
Used to assign connectors created in section 1 to connector Groups created in section8.3.
1. Select the Connector Group you would like to add the connectors to from Define Connector Groups section.
2. Double-click Assign Connectors to Connector Groups.
3. Enter data for appropriate fields.
Target Connector Select the Connector you wish to add to this group from section above.
Connection Type Select from the list (F4)

9 Maintain Connection Settings
Used the maintain connection settings for Connection types and connection groups.
To maintain connection settings:
1. Enter Transaction SPRO
Framework > Maintain Connection Settings.
3. Select the Integration Scenario.
17

SAP Delivered Integration Scenarios. Figure: 9-1
What is an Integration Scenario?
Integration Scenarios is a component designed to work with different applications from AC 10.0. It consists of SAP
delivered entries only and is also used by PC (Process Control). Within this component you can define what kind of
connector you want, how you would like to maintain the connector and, how to technically deal with the
connectors and connection types for each application.
9.1 Subscenario definition
Consists of SAP delivered entries. This is used to classify how each and every component identifies the connector
and how they want to process the connectors. The ultimate goal of the subscenario is to get the data from target
connectors.
Every sub-scenario has an associated class.
All except Automatic Monitoring (AM) there is only one sub-scenario with same name as integration scenarios.
Every sub-scenario there is a scenario connection type link.
o Created connection type previously (pre-delivered) or the customer created connection type.
9.2 Scenario-Connection type Link
Used to define Connection Type to Class/Interface. This are pre-delivered entries from SAP. This tells how to
retrieve data from the connection type
9.2.1 Scenario Connector Link
Used to maintain what connection types are used and handled within the integration sub-scenario.
To define a new connector within the integration scenario and sub-scenario:
3. Click button.

connector.
18

9.2.1.1 Maintain file paths for Logical Connector
This is used to maintain file paths for logical connector of connection type FILE.
To maintain the file paths:

10 Maintain Mapping for Actions and Connector Groups
This is used to set the application type and action type for connector and connector groups along with default
assignment.
T-code: SPRO > Governance, Risk and Compliance > Access Control > Maintain Mapping for Actions and Connector
Groups.
10.1 Maintain connector group status:
Here you can assign the connector group, which were created in section 8, to an application type (Environment
such as Oracle, SAP, LDAP, etc.).
Conn. Group Enter or the connector group from list (F4). The groups were created in the section 8.
Active Check if you want to Activate the group
Appl Type Select Application Type from the list (F4). This is the environment such as Oracle, SAP, LDAP,
etc

10.2 Assign default connector to connector group:
Here you can assign the specific connector within the connector group to an action type (Ex. Role generation,
provisioning,)
Conn. Group Enter the connector group the list (F4). The groups were created in the section
Maintain connectors and connection types above.
Action Select a Connection action from the list (F4).
Role Generation
Role Risk Analysis
Authorization Maintenance
Provisioning
HR Trigger
Target Connector Enter the specific connector from the group you want to use for this action
Default Check to set as default

10.2.1 Assign Group Field mapping:
This is used to map default values for provisioning from a target system to a field in AC.
19

AC Field Name Enter the Field name in AC
System Field Name Enter the Target system Field name
Table Name Enter the Table name in Target system
Subtype Enter the Subtype in Target system. Usually relevant in HR Trigger Action
Connector

Example: Your objective is to have user personal number mapped as the email in AC10.0. In order to achieve this:
You would select the target system connector
Click on Assign Group field mapping
AC Field Name: E_MAIL
System Field Name: PERNR
Table Name: 0006
Subtype: 5
This would map the Department value from the target system to the Role Description field in AC 10.0
10.2.2 Assign group parameter mapping:
This is used for provisioning into systems that are SPML1.0 compliant like IDMs and SAP EP. These entries are
based on the schema exposed by IDMs.
Example: To create a user in NW IDM, the object class that should be used is MX_PERSON. Therefore;
Parameter Name: CREATE_USER:OC
Parameter value : MX_PERSON.
OC = Object Class
This configuration is purely administrative, who should have knowledge of SPML1.0 standards.
Every IDM exposes a document called Schema. Administrator has to understand the schema for each
of the operations like create user, change user, assign roles, Remove roles, lock user, unlock user,
delete user and PSS and the same needs to be put in SPRO.
11 Maintain Connector Settings
This is used to assign each connector to a specific Application type ( such as Oracle, LDAP, SAP, etc..) and
Environment (Production, Test, and Development)
Target Connector Created in Create Connector section above
Appl Type Select Application Type from the list (F4). This is the environment such as Oracle,
SAP, LDAP, etc
Active Check to activate the connector
Environment Specify What is the system environment:
Production
Test
Development
Path Id
PSS

11.1 Assign attributes to the connector
This is used to assign each connector and attribute Name and Attribute Value
20

Attribute Name Select Attribute name from list (F4)
Group Path
Others
User Path
Version
Attribute Value Enter the attribute value

21

11.2 Subscenario definition
Consists of SAP delivered entries. This is used to classify how each and every component identifies the connector
and how they want to process the connectors. The ultimate goal of the subscenario is to get the data from target
connectors.
Every sub-scenario has an associated class.
All except Automatic Monitoring (AM) there is only one sub-scenario with same name as integration scenarios.
Every sub-scenario there is a scenario connection type link.
o Created connection type previously (pre-delivered) or the customer created connection type.
11.3 Scenario-Connection type Link
Used to define Connection Type to Class/Interface. This are pre-delivered entries from SAP. This tells how to
retrieve data from the connection type
11.3.1 Scenario Connector Link
Used to maintain what connection types are used and handled within the integration sub-scenario.
To define a new connector within the integration scenario and sub-scenario:
7. Click button.

connector.
11.3.1.1 Maintain file paths for Logical Connector
This is used to maintain file paths for logical connector of connection type FILE.
To maintain the file paths:

GRC AC 10.0 Connector Definitions

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GRC AC 10.0 Connector Definitions

Uploaded by

Copyright:

Available Formats

Contacts: August 14

Lavanya Singumahanthi Author:

You might also like