Connector Definitions

GRC AC 10.0 Connector Definitions

Document HistoryDocument VersionDescription

1.10>

1.00First official release of this guide

DOCUMENT SPECIFICATION CHANGE HISTORY: (Provide the change history for this document. If revision is due to a software change, include the Release or SP number that authorized the change.)

VERSION DATE DESCRIPTION OF CHANGE AUTHOR SIGN OFF BY

Contacts:August 14Lavanya SingumahanthiAuthor:Amit BajajPuneet DhillonSuman Puthadi

8

7

ContentsIntroductionDocument History2Chapter 1Example Connector Flow Concept5Chapter 2Creating SAP Connector6Chapter 3Creating Webservice Connector7Chapter 4Creating LDAP Connector8Chapter 5Creating SPML Connector10Chapter 6Creating FILE Connector11File Connector Setup11Chapter 7Create Connectors13Chapter 8Maintain Connectors and Connection Types138.1Connection type definition138.2Define Connectors148.2.1Define SAP Connector from section Error! Reference source not found.148.2.2Define Subsequent Connectors148.3Define Connector Groups148.3.1Assign Connector Groups to Group types158.3.2Assign Connectors to Connector Groups15Chapter 9Maintain Connection Settings159.1Subscenario definition169.2Scenario-Connection type Link169.2.1Scenario Connector Link16Chapter 10Maintain Mapping for Actions and Connector Groups1710.1Maintain connector group status:1710.2Assign default connector to connector group:1710.2.1Assign Group Field mapping:1710.2.2Assign group parameter mapping:18Chapter 11Maintain Connector Settings1811.1Assign attributes to the connector1811.2Subscenario definition2011.3Scenario-Connection type Link2011.3.1Scenario Connector Link20

Example Connector Flow Concept

Integration ScenarioAutomatic MonitoringProvisioningConnector GroupsConnectors

Cross System GroupSAP

Authorization ManagementLogical Group:Systems that are logically Identical

SAP

OracleWS

Role Management

MicrosoftLDAP

SPM

FILE

Note: ERM Connector need to be defined to one and only one connector Group

Example By-passing GroupExample Connections

Creating SAP Connector1. Enter Transaction SPRO, and then click button.2. Navigate to Governance, Risk, and Control > Common Component Settings > Integration Framework > Create Connectors. 3. Click on Create icon.

4. Enter the name for the RFC Destination5. Enter Description for the connector.6. Enter the Connection Type 3.7. Save your entries.8. Under the Technical Settings tab enter the target address. The IP is usually the same as the host name9. Under the Logon & Security define the following fieldsLanguageEN

ClientEnter the Client number for the Target system

UserEnter User name for a user on target system

PasswordEnter password for the user on target system

Trust RelationshipClick the appropriate radio button. See Note

If the Connection type is Trusted no user name and password are needed. If the Connection is un-trusted then, user must provide username and password for the connection .

10. Save your entries.11. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types A.12. Double-Click Define Connectors on the left side dialogue box.13. Click on New Entries button14. Enter the data for the following fields.Target ConnectorSelect the RFC Connector created in section 1.1 from list

Connection TypeSAP

Source ConnectorNot needed (See Note)

Logical PortNot relevant

Maximum number Not relevant

15. Save your work.

Source Connector is only needed if the information transfer will be bi-directional.Logical PortOnly relevant for Webservice type connections.Maximum number used to define maximum number of background jobs. Relevant only with Automated framework.16. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connection Settings A.17. Select the Integration Scenario A.18. Select the subscenario A.19. Double-click on Scenario-Connector Link A20. Click button.21. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the connector.

Creating Webservice Connector1. Enter the name for the RFC Destination2. Enter Description for the connector.3. Enter the Connection Type as G.4. Under the Technical Settings tab enter the target address.Target HostIP or Host name of the target system

Service No.Enter the target system service no.

Path Prefix????

Enter the Proxy Information if you need to go via a proxy for your landscape.

5. Under the Logon & Security define the following fieldsLogon ProcedureClick the appropriate Radio button.

UserEnter User name for a user on target system

PasswordEnter password for the user on target system

Logon with TicketClick the appropriate radio button.

Security OptionsEnter appropriate information based on your connection

If Authentication is needed by the Target system enter the User and Password fields.22. Save your entries.23. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types A.24. Double-Click Define Connectors on the left side dialogue box.25. Click on New Entries26. Enter the data for the following fields.Target ConnectorSelect the RFC Connector created in section 1.3 from list

Connection TypeWS

Source ConnectorNot needed

Logical PortEnter the Logical Port.


27. Save your work.Source Connector is only needed if the information transfer will be bi-directional.Logical PortOnly relevant for Webservice type connections.Maximum number used to define maximum number of background jobs. Relevant only with Automated framework.

28. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connection Settings A.29. Select the Integration Scenario A.30. Select the subscenario A.31. Double-click on Scenario-Connector Link A32. Click button.33. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the connector.Creating LDAP Connector34. Enter Transaction SPRO, and then click button.35. Navigate to Governance, Risk, and Control > Common Component Settings > Integration Framework > Create Connectors. 36. Click on Create icon.

37. Enter the name for the RFC Destination

RFC destination name must be specified in capital letters .38. Enter Description39. Enter the Connection Type as T.40. Under the Technical Settings tab enter the following information.Application Type Click radio button Registered Server Program

ProgramSame as RFC Destination name

CPI-CClick radio button Default Gateway Value

Gatewaygateway with which the LDAP Connector is to register

41. Save your entries.42. Under the Technical Settings tab enter the following information.Application Type Click radio button Registered Server Program

ProgramSame as RFC Destination name

CPI-CClick radio button Default Gateway Value

Gatewaygateway with which the LDAP Connector is to register

43. Save your entries.44. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types A.45. Double-Click Define Connectors on the left side dialogue box.46. Click on New Entries button47. Enter the data for the following fields.Target ConnectorSelect the RFC Connector created in section 1.1 from list

Connection TypeSAP




48. Save your work.

Source Connector is only needed if the information transfer will be bi-directional.Logical PortOnly relevant for Webservice type connections.Maximum number used to define maximum number of background jobs. Relevant only with Automated framework.49. Enter transaction LDAP.50. Click on button.51. Click on icon to switch to change mode, then click New Entries.52. Enter the following data for the LDAP Connector:Connector NameSame as the RFC Destination defined for the LDAP connector above.

Application ServerName of the application server on which the LDAP Connector is to be started.

StatusConnector is Active

Trace LevelTrace OFF

53. Save your entries. Click to start the connector.54. Configure the LDAP Server using the following values:Server nameServer Name

Host nameHost Name

Port NumberPort number

Trace LevelTrace OFF

55. Enter transaction LDAPMAP.56. Click on icon to switch to change mode, then press F6 to get default mapping.57. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connection Settings A.58. Select the Integration Scenario A.59. Select the subscenario A.60. Double-click on Scenario-Connector Link A61. Click button.62. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the connector.

Creating SPML Connector63. Enter Transaction SPRO, and then click button.64. Navigate to Governance, Risk, and Control > Common Component Settings > Integration Framework > Create Connectors. 65. Click on Create icon.

66. Enter the name for the RFC Destination67. Enter Description for the connector.68. Enter the Connection Type G.69. Under the Technical Settings tab enter:Target HostIP or Host name of the target system

Path PrefixEnter the path to call the HTTP request handler

70. Under the Logon & Security tab if applicable enter the user name and password for the target system. 71. Save your work.72. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types A.73. Double-Click Define Connectors on the left side dialogue box.74. Double-Click Define Connectors on the left side dialogue box.75. Click on New Entries76. Enter the data for the following fields.Target ConnectorSelect the RFC Connector created in section 1.4 from list

Connection TypeSPML1




77. Save your work.78. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connection Settings A.79. Select the Integration Scenario A.80. Select the subscenario A.81. Double-click on Scenario-Connector Link A82. Click button.83. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the connector.Creating FILE Connector84. Enter Transaction SPRO, and then click button.85. Navigate to Governance, Risk, and Control > Common Component Settings > Integration Framework > Create Connectors. 86. Click on Create icon.

1. Enter the name for the RFC Destination2. Enter Description for the connector.3. Enter the Connection Type L.4. Save your work.File Connector Setup1. Enter transaction FILE.??????????????????????????????????????????????????????????????

87. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types A.88. Double-Click Define Connectors on the left side dialogue box.89. Click on New Entries90. Enter the data for the following fields.Target ConnectorSelect the RFC Connector created in section 1.5 from list

Connection TypeFILE




91. Save your work.92. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connection Settings A.93. Select the Integration Scenario A.94. Select the subscenario A.95. Double-click on Scenario-Connector Link A96. Click button.97. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the connector.98. Select the Target Connector99. Double-click Maintain file paths for logical connector.100. Enter values for the following field:File PathEnter the logical file path

File IDEnter the file ID

File TypeEnter the file type

File Sep.Enter the file separator

Create ConnectorsTo Create a connector:101. Enter Transaction SPRO, and then click button.102. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Create Connectors. 103. Click on Create icon.

21Maintain Connectors and Connection TypesUsed the maintain Connection types and connection groups.To maintain connectors:1. Enter Transaction SPRO2. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types.Connection type definitionUnder this tab user can define what the connection type is and a short text for a description of the connection type. 1. To Create a new entry click the button. 2. To edit an existing entry select the entry by clicking the button to the left of it, then click to enter change mode.3. Enter the appropriate information in the Connection Type column and Connection Type Text column, save your work.The Following is the list of Connection Types provided by SAP:BUSINESSBusiness Role Type

EPEnterprise Portal

EVTSOURCEvent Source

FILEFile system for legacy extraction

GRCRMGRC Risk Management

LDAPLdap Connectors

LOCALLocal Data Source

SAPSAP system

WSWebservice

Define ConnectorsThis allows you to define a connection type, Source Connector, Logical Port, and Max No. of BG WP for each connector created in section Create Connector 1.0 above.Define SAP Connector from section Error! Reference source not found.1. Double-Click Define Connectors on the left side dialogue box.2. Click on New Entries3. Enter the data for the following fields.Target ConnectorSelect the RFC Connector created in section Error! Reference source not found. from list

Connection TypeSAP




4. Save your work.

Source Connector is only needed if the information transfer will be bi-directional.Logical PortOnly relevant for Webservice type connections.Maximum number used to define maximum number of background jobs. Relevant only with Automated framework.Define Subsequent ConnectorsSubsequent Connectors definition is needed when a connecter needs to trigger another connection.Example: When extracting data from SAP EP, most of the actions such as create user, delete user are served by standard SPML interface. But some actions like generate password are not available with standard SPML interface therefore needs a webservice protocol. In this scenario for SAP EP, standard SPML interface would be the subsequent connector and the webservice protocol would be the first connector. To Define Subsequent Connector:1. Select the target connecter to which the subsequent connecter should succeed.2. Click New Entries.3. In the Subsequent Connector column, select the subsequent connector from the list.4. In the Con. Type column, select the type of connection.5. In the Logical Port column, enter the logical port for the connection.Define Connector GroupsUsed to define Connector Groups1. To Enter change mode and select an existing connector group or click on new entries to define a new group.2. Enter data for appropriate fields, then save your work.Conn. GroupEnter the name of the Conn. Group

Connector Group TextEnter description or scenario for the Group

Conn. TypeSelect the Connection type from the list (F4).

Assign Connector Groups to Group typesUsed to define Connector groups into Logical or Cross System Group types. You can enter change mode and edit existing or click new entries to define new group types. Choose on of the following from the dropdown menu.Automated Monitoring Framework

Logical GroupIs a connector group type which consists the systems that are logically the same. Example: Oracle financials system 1, Oracle Financials system 2, etc

Logical System Group

SAP (SDM)SAP (SDM)

SAP (SDM)SAP (SDM)

Cross System GroupIs a connector group type which consists the systems with different environmentExample:

Cross System Group

SAP (SDM)LDAP (MS)

WS (Oracle: Financials)SAP (CRM)

Assign Connectors to Connector GroupsUsed to assign connectors created in section 1 to connector Groups created in section3.3.1. Select the Connector Group you would like to add the connectors to from Define Connector Groups section.2. Double-click Assign Connectors to Connector Groups.3. Enter data for appropriate fields.Target ConnectorSelect the Connector you wish to add to this group from section above.

Connection TypeSelect from the list (F4)

Maintain Connection SettingsUsed the maintain connection settings for Connection types and connection groups.To maintain connection settings:1. Enter Transaction SPRO2. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common Component Settings > Integration Framework > Maintain Connection Settings.3. Select the Integration Scenario.

SAP Delivered Integration Scenarios. Figure: 41What is an Integration Scenario?Integration Scenarios is a component designed to work with different applications from AC 10.0. It consists of SAP delivered entries only and is also used by PC (Process Control). Within this component you can define what kind of connector you want, how you would like to maintain the connector and, how to technically deal with the connectors and connection types for each application.Subscenario definitionConsists of SAP delivered entries. This is used to classify how each and every component identifies the connector and how they want to process the connectors. The ultimate goal of the subscenario is to get the data from target connectors. Every sub-scenario has an associated class. All except Automatic Monitoring (AM) there is only one sub-scenario with same name as integration scenarios. Every sub-scenario there is a scenario connection type link. Created connection type previously (pre-delivered) or the customer created connection type.Scenario-Connection type LinkUsed to define Connection Type to Class/Interface. This are pre-delivered entries from SAP. This tells how to retrieve data from the connection typeScenario Connector LinkUsed to maintain what connection types are used and handled within the integration sub-scenario.To define a new connector within the integration scenario and sub-scenario:1. Select the subscenario2. Double-click on Scenario-Connector Link3. Click button.4. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the connector.Maintain file paths for Logical ConnectorThis is used to maintain file paths for logical connector of connection type FILE.To maintain the file paths:1. Select the Target Connector2. Double-click Maintain file paths for logical connector.3. Enter values for the following field:File PathEnter the logical file path




Maintain Mapping for Actions and Connector GroupsThis is used to set the application type and action type for connector and connector groups along with default assignment. T-code: SPRO > Governance, Risk and Compliance > Access Control > Maintain Mapping for Actions and Connector Groups.Maintain connector group status: Here you can assign the connector group, which were created in section 3, to an application type (Environment such as Oracle, SAP, LDAP, etc.). Conn. GroupEnter or the connector group from list (F4). The groups were created in the section 3.

ActiveCheck if you want to Activate the group

Appl TypeSelect Application Type from the list (F4). This is the environment such as Oracle, SAP, LDAP, etc

Assign default connector to connector group: Here you can assign the specific connector within the connector group to an action type (Ex. Role generation, provisioning,)Conn. GroupEnter the connector group the list (F4). The groups were created in the section Maintain connectors and connection types above.

ActionSelect a Connection action from the list (F4).Role GenerationRole Risk AnalysisAuthorization MaintenanceProvisioningHR Trigger

Target ConnectorEnter the specific connector from the group you want to use for this action

DefaultCheck to set as default

Assign Group Field mapping: This is used to map default values for provisioning from a target system to a field in AC.AC Field NameEnter the Field name in AC

System Field NameEnter the Target system Field name

Table NameEnter the Table name in Target system

SubtypeEnter the Subtype in Target system. Usually relevant in HR Trigger Action Connector

Example: Your objective is to have user personal number mapped as the email in AC10.0. In order to achieve this:0. You would select the target system connector0. Click on Assign Group field mapping0. AC Field Name: E_MAILSystem Field Name: PERNRTable Name: 0006Subtype: 5This would map the Department value from the target system to the Role Description field in AC 10.0Assign group parameter mapping: This is used for provisioning into systems that are SPML1.0 compliant like IDMs and SAP EP. These entries are based on the schema exposed by IDMs. 0. Example: To create a user in NW IDM, the object class that should be used is MX_PERSON. Therefore;Parameter Name: CREATE_USER:OCParameter value : MX_PERSON.OC = Object Class0. This configuration is purely administrative, who should have knowledge of SPML1.0 standards. 0. Every IDM exposes a document called Schema. Administrator has to understand the schema for each of the operations like create user, change user, assign roles, Remove roles, lock user, unlock user, delete user and PSS and the same needs to be put in SPRO.Maintain Connector SettingsThis is used to assign each connector to a specific Application type ( such as Oracle, LDAP, SAP, etc..) and Environment (Production, Test, and Development)Target ConnectorCreated in Create Connector section above

Appl TypeSelect Application Type from the list (F4). This is the environment such as Oracle, SAP, LDAP, etc

ActiveCheck to activate the connector

EnvironmentSpecify What is the system environment:ProductionTestDevelopment

Path Id

PSS

Assign attributes to the connectorThis is used to assign each connector and attribute Name and Attribute ValueAttribute NameSelect Attribute name from list (F4)Group PathOthersUser PathVersion

Attribute ValueEnter the attribute value

Subscenario definitionConsists of SAP delivered entries. This is used to classify how each and every component identifies the connector and how they want to process the connectors. The ultimate goal of the subscenario is to get the data from target connectors. Every sub-scenario has an associated class. All except Automatic Monitoring (AM) there is only one sub-scenario with same name as integration scenarios. Every sub-scenario there is a scenario connection type link. Created connection type previously (pre-delivered) or the customer created connection type.Scenario-Connection type LinkUsed to define Connection Type to Class/Interface. This are pre-delivered entries from SAP. This tells how to retrieve data from the connection typeScenario Connector LinkUsed to maintain what connection types are used and handled within the integration sub-scenario.To define a new connector within the integration scenario and sub-scenario:5. Select the subscenario6. Double-click on Scenario-Connector Link7. Click button.8. Select or Enter the name of the target connector.

The connection type and connection type text are formulated based on the entries from section 1 for the connector.Maintain file paths for Logical ConnectorThis is used to maintain file paths for logical connector of connection type FILE.To maintain the file paths:4. Select the Target Connector5. Double-click Maintain file paths for logical connector.6. Enter values for the following field:File PathEnter the logical file path




Contacts:August 14Lavanya SingumahanthiAmit BajajSuman Puthadi

Documents

Connector Definitions