cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SAP GRC Critical Update for Integration with GRC12 SP19 and Above

vivek_shrivastava
SailPoint Employee
SailPoint Employee
23 0 689

Dear Valued Customer,

We want to inform you about an important update regarding our SAP GRC integration, specifically with GRC version 12 SP19 and above.

SAP has introduced significant modifications in its SAP GRC version AC 12.0 SP19 and above in inactive users and sync job processes, which has affected our SAP GRC connector functionality adversely.

We have addressed the impacts of these changes and the fixes have been rolled out to staging and production for IdentityNow customers.

 

Details about the issues and fixes

Diable Operation

  • Issue: With the upgrade of GRC from AC12 SP19 & above, you may see System attribute on account schema as INACTIVE_USER  for the aggregated accounts which are disabled only on highest priority system on SAP GRC

  • Resolution: This issue is observed due to the Repository sync job changes introduced by SAP for updating their table values. For resolution, kindly ensure the changes on GRC and source configuration as below:
    • Ensure that the Repository sync job is scheduled on your SAP GRC instance.
    • The option for ‘Disable only Master’ system has been removed from the source config. UI without impacting existing customers’ configuration. We highly recommend you to revisit your source configuration for ‘Disable’ operations. The changes have been documented in Enable and Disable Account section
    • Provide additional permissions required on the SAP Tables for GRC 12 SP19 and above for Aggregation and Disable operations. Kindly refer to our doc guide Configuration Table for SAP GRC section

 

Modify Operations

  • Issue: SAP has introduced a new process where any modifications/changes in the user profile reflect in GRC tables only after completing the Repository sync job. This has adversely affected our connector operations
  • Resolution: The following steps must be performed sequentially for a successful modify operation:
    • Configure the Attribute Sync request on the user in IdentityNow for the GRC source. To configure the attribute sync request, refer to Synchronising Attributes - SailPoint Identity Services.
    • Run the Repository Object Sync job on your GRC system
    • Execute User Aggregation on your GRC source to get the updated values of the user attributes.

 

Link to our previous blog post which includes moe details and SAP KB Articles as attachments

 

Kindly reach out to your CSM or our support team for any queries or issues.

 

Sincerely,

SAP Integrations Team

Tags (3)