Easily Configure SAP NetWeaver Portal to Access the Work Center of SAP BusinessObjects GRC 10.0

  • by Kehinde Eseyin, Security Architect
  • April 11, 2012
Learn how to configure SAP NetWeaver Portal to access the work center for SAP BusinessObjects Access Control 10.0, SAP BusinessObjects Process Control 10.0, and SAP BusinessObjects Risk Management 10.0 using single sign-on.
Key Concept
The work center of SAP BusinessObjects GRC 10.0 can be accessed via SAP NetWeaver Business Client or SAP NetWeaver Portal. SAP NetWeaver Portal plays an important role in application integration, enhanced system security, and better authorization management. It also uses single sign-on to address user authentication challenges, especially in a scenario in which users need to log on to multiple back-end systems to perform transaction processing.

A typical SAP system landscape consisting of SAP BusinessObjects GRC 10.0 is made up of different back-end systems that can be accessed via different front-end tools. These front-end tools include:

  • SAP GUI: This is used for performing customizing activities (for example, activation of Business Configuration Sets via transaction SCPR20) and administrative activities (for example, role generation via transaction PFCG) in the SAP BusinessObjects GRC ABAP back-end system.
  • SAP NetWeaver Business Client: This is used for accessing the work center for operational activities (for example, Access Request Management).
  • SAP NetWeaver Portal: This is used for accessing the work center for operational activities (for example, Access Request Management).

The work center represents a central environment that allows users to work in the system based on assigned roles in the back-end SAP BusinessObjects GRC system. The work center provides a common work environment for risk management, process control, and access control. The different components of the SAP BusinessObjects GRC 10.0 system landscape communicate with each other using standard communication protocols depending on the source and destination systems. The different communication services that are used in the SAP BusinessObjects GRC 10.0 system landscape includes:

  • Hypertext Transfer Protocol (HTTP): HTTP represents the communication interface between the GRC server and browser-based client tools such as SAP NetWeaver Business Client or SAP NetWeaver Portal
  • Remote Function Calls (RFC): RFCs provide a communication interface between SAP business applications (e.g., SAP ERP) and the SAP GRC server. Other components such as SAP BI content, GRC search, Adobe Document Services, and Nota Fiscal services rely on RFCs for interacting with the GRC server.
  • Dialog Protocol (DIAG): The DIAG protocol is used for data interaction between SAP GRC server and the SAP GUI front end
  • Web services: To establish communication between the GRC server and the SAP NetWeaver Identity Management system, Web services are used
  • Adapter: Communication between GRC Server and non-SAP enterprise applications are based on adapters

This article is intended for SAP technical consultants and system administrators responsible for setting up the SAP BusinessObjects GRC system landscape. I provide step-by-step instruction on how to configure SAP NetWeaver Portal as a front-end tool for accessing SAP BusinessObjects Access Control 10.0, SAP BusinessObjects Process Control 10.0, and SAP BusinessObjects Risk Management 10.0. Setting this up allows you to achieve better user authentication, especially in situations in which users need to perform transaction processing but must log on to multiple back-end systems to complete it. Meanwhile, you can still be sure that the applications integrate properly and are secure. In the course of this article, I will be referring to two different systems:

  • SAP NetWeaver Portal: This is the system running the SAP NetWeaver Java-based Portal solutions.
  • SAP BusinessObjects GRC ABAP system: This is the system running the SAP BusinessObjects Access Control standalone or integrated (access control, process control and risk management) solution.

The article is divided into the following subtopics:

  • Deploy the GRC_POR component and BP ERP Common Parts 1.51
  • Connect SAP NetWeaver Portal to the SAP BusinessObjects GRC 10.0 ABAP back-end system
  • Manage single sign-on (SSO) certificates
  • Manage users in SAP NetWeaver Portal
  • Access the SAP BusinessObjects GRC 10.0 work center via SAP NetWeaver Portal using SSO

At this juncture, it is important to state that the following components are prerequisites for setting up SAP NetWeaver Portal to access the SAP BusinessObjects GRC 10.0 work center:

  • SAP enhancement package 2 for SAP NetWeaver 7.0 (minimum Support Package level 06)
  • BP ERP05 Common Parts 1.51
  • GRC Portal Content (GRC_POR 1000)

Kehinde Eseyin

Kehinde Eseyin is a security architect. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.
 

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.