Hi,
I have few questions around integration with IdM and GRC Access Control(Centralized Provisioning). IdM will be the system which will provision roles to any system. GRC Access Control is only used to check for SoD Risks.
1) Do I need to create an AS ABAP Repository for GRC and also do an Initial load. I know after Importing GRC Provisioning framework, the system creates a repository GRC10 in Identity Center. I wanted to make sure if I still have to manually create a GRC Repository and then do an Initial load. There are not many end user roles in GRC system and I dont think this is necessary.
2) What should be the sequence of jobs which I should run. I have two AS ABAP systems ERP and CRM which have got the privileges. I have configured these systems in GRC using the systems names ERPCLNT110 and CRMCLNT210. In the Identity Center, against the repositories ERP and CRM, I have maintained the constant AC_APPLICATION_ID referring to ERPCLNT110 and CRMCLNT210 respectively.
Should the sequence be like this:
1) Import ERP and CRM Roles into GRC system using "Mass Role Import"
2) AC 10.0 – Initial Load – Commons
3) ERP Initial Load
4) CRM Initial Load
5) AC 10.0 – Initial Load – Centralized provisioning
3) While running the Centralized Provisioning, for the "Enrich Role Privileges" pass, do I need to modify anything. In the documentation, it says we can enable MX_ADD_MEMBER_TASK and refer it to the AS ABAP repository (ERP or CRM in my case). I am not clear with this.
Can someone please guide me.
Thanks.
Martin.