Page tree
Skip to end of metadata
Go to start of metadata

Purpose

The purpose of this document is to provide only basic input data & its backgrounds for creating test data to GRAC_USER_ACCES_WS (User Access Request Service) web-service.

Overview

Prerequisite: To review this document, it is expected to have an implementation knowledge on GRC Access Control application and with basic knowledge to querying database tables.

There are mainly 5 tags (<REQUESTHEADER>, <REQUESTEDLINEITEM>, <USERINFO>,<PARAMETER> and  <USERGROUP>) involved in this web service. The below content in this document covers some important sub-tags of each main tags referenced above.

At end of this document we have provided, how to test web-service “GRAC_USER_ACCES_WS” and also provided SAMPLE* test data which is based on our local system configuration for your references to get a basic idea.

FYI: Please review the default “End user personalization” settings from tcode SPRO for mandatory fields.

SAMPLE* - The data were based on local system configuration, this might be different from your system configurations.

Note: At present design, only ASCII based characters are supported in this web service. Features such as  images or attachments not supported at present.

REQUESTHEADER Tag

 

<ReqType> - 3 digit number based on table GRACREQTYPE and from column REQTYPE

<Priority> - 3 digit number based on table GRACPRIORITY and from column PRIORITY for only process-type= SAP_GRAC_ACCESS_REQUEST

<ReqInitSystem> – Provide valid connector id which has scenario assigned with “PROV”. For more details please refer tcode SPRO for connector details.

<Requestorid> – Valid requestor’s userid from configured data source systems for more details please refer tcode SPRO for Data Source details.

<Email> – Valid requestor’s email assigned to the userid provided in <Requestorid>

<RequestReason> – String based input with meaningful description

<Funcarea> - String based value based on table GRACFUNCTAREA and from column FUNAREA

<Bproc> - String based value based on table GRACBPROC and from column BPROC

 REQUESTEDLINEITEM Tag

<ItemName> – Provide the Role name/id (no description allowed). Please make sure the role id exists in GRC system.

<Connector> – Provide the connector id. Review tcode SPRO for details of existing Connector ids

<ProvItemType> - 3 characters based on values ROL, PRF, SYS, and FFI. For more details refer class cl_grac_access_request_util=>get_domain_value_range with structure GRAC_LINE_ITEM_ACTION

<ProvAction> - This depends on <ProvItemType> if its value is ROL then <ProvAction> will be 006, 009,010

If <ProvItemType> is SYS then <ProvAction> will be 001, 002, 003, 004, 005, 022, 023, 024, and 025

FYI-  Descriptions of each provisioning action are 006=Assign, 009=Remove,010=retain/change date, 001 = Create User,002 = Change User,003 = Delete User,004 = Lock User,005 = Unlock User,022 = Create & ,Lock User,023 = Change & Lock User,024 = Change & Unlock,025 = Retain User

<ValidFrom> - Provide valid from date based on system date format

<ValidTo> - Provide valid to date based on system date format

<RoleType> – 3 character based on table GRACROLETYPE and from column ROLE_TYPE (SIN, BUS etc.,)(note- This tag is mandatory when <ProvItemType>=ROL

USERINFO Tag

 

<userid> - Valid userid if exists already in configured data source system or provide valid new userid if request for new users

<Fname> ASCII character based text value

<Lname> ASCII character based text value

<Email> valid email address for the corresponding user provided in <userid>

<Manager> Valid userid exists in configured data sources system

<ManagerEmail> valid email address for the corresponding user provided in < Manager >

<ManagerFirstname> Valid userid first name exists in configured data sources system.

<ManagerLastname> Valid userid last name exists in configured data sources system.

<ValidFrom> Valid date format based on system level & should not be greater than <ValidTo>

<ValidTo> > Valid date format based on system level & should be greater/equal to <ValidFrom>

PARAMETER Tag

For <parameter> the values were collected based on Function Module (FM) “/grcpi/gria_usr_default_value ” with input for flagid = UP and iv_param_name = <provide existing value or use the wildcard character>

For <parameterValue> the values were collected based on Function Module (FM) “/grcpi/gria_usr_default_value ” with input for flagid = UP and iv_param_desc = <provide existing value or use the wildcard character>

USERGROUP Tag

For <UserGroup>, the values were collected based on Function Module (FM) “/grcpi/gria_usr_default_value” with input for flagid = UG and iv_param_name = <provide existing value or use the wildcard character>

For <usergroupdesc> the values were collected based on Function Module (FM) “/grcpi/gria_usr_default_value ” with input for flagid = UG and iv_param_desc = <provide existing value or use the wildcard character>

SAMPLE Input Content for Web Service

<n0:GracIdmUsrAccsReqServices xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">
 <RequestHeaderData>
  <Reqtype>001</Reqtype>
  <Priority>011</Priority> <!-- Value based on customer’s config. -->
  <ReqInitSystem>GN1CLNT200</ReqInitSystem> <!--Value based on customer’s config.-->
  <Requestorid>ValidRequestorId</Requestorid><!-- Provide valid requestorid -->
  <Email>requestorEmail@xyz1.com</Email><!-- Provide valid requestor email -->
  <Funcarea>HR</Funcarea> <!-- Value based on customer’s config. -->
 </RequestHeaderData>


 <RequestedLineItem>
   <item>
   <ItemName>SAPI18N</ItemName> <!-- Value based on customer’s config. -->
   <Connector>GN1CLNT200</Connector><!-- Value based on customer’s config. -->
   <ProvItemType>ROL</ProvItemType>
   <ProvType></ProvType> <!-- No validation for on this tag -->
   <ValidFrom>20160215</ValidFrom> <!-- Provide valid from date -->
   <ValidTo>99991231</ValidTo> <!-- Provide valid to date -->
   <ProvAction>006</ProvAction> <!-- Refer above explanation on this value -->
   <RoleType>SIN</RoleType> <!-- Refer above explanation on this value -->
  </item>
 <item>
   <ItemName>SP11_VIK_BUSINESS_01</ItemName> <!-- Value based on customer’s config. -->
   <Connector>PRD</Connector> <!-- Value based on customer’s config. -->
   <ProvItemType>ROL</ProvItemType>
   <ProvType>String 36</ProvType> <!-- No validation for on this tag -->
   <AssignmentType>String 37</AssignmentType> <!-- No validation for on this tag -->
   <ProvStatus>String 38</ProvStatus> <!-- No validation for on this tag -->
 <ValidFrom>20160215</ValidFrom> <!-- Provide valid from date -->
   <ValidTo>99991231</ValidTo><!-- Provide valid to date -->
   <ProvAction>006</ProvAction> <!-- Refer above explanation on this value -->
   <RoleType>BUS</RoleType> <!-- Refer above explanation on this value -->
  </item>
<item>
   <ItemName>GP7CLNT600</ItemName> <!-- Value based on customer’s config. -->
   <Connector>GP7CLNT600</Connector><!-- Value based on customer’s config. -->
   <ProvItemType>SYS</ProvItemType> <!-- Refer above explanation on this value -->
   <ProvType>String 36</ProvType> <!-- No validation for on this tag -->
   <AssignmentType>String 37</AssignmentType> <!-- No validation for on this tag -->
   <ProvStatus>String 38</ProvStatus> <!-- No validation for on this tag -->
   <ValidFrom>20160215</ValidFrom> <!-- Provide valid from date -->
   <ValidTo>99991231</ValidTo> <!-- Provide valid to date -->
   <ProvAction>001</ProvAction> <!-- Refer above explanation on this value -->
   <RoleType></RoleType> <!-- No validation for on this tag -->
</item>
 </RequestedLineItem>


 <UserGroup>
  <item>
   <UserGroup>DEVELOPER</UserGroup> <!-- Value based on customer’s config. -->
   <UserGroupDesc>DEVELOPER</UserGroupDesc> <!-- Value based on customer’s config. -->
  </item>
 </UserGroup>


 <UserInfo>
  <item>
   <Userid>9812646</Userid>
   <Fname>TEST</Fname>
   <Lname>TESTFNAME</Lname>
   <SncName>TESTLNAME</SncName>
   <UserGroup>String 92</UserGroup>
   <Email>user@sap.com</Email>
   <Emptype>001</Emptype> <!-- Value based on customer’s config. -->
   <Manager>manager23</Manager> <!-- Provide valid Manager Id -->
   <ManagerEmail>Manager@sap.com</ManagerEmail>
   <ManagerFirstname>ManagerFN</ManagerFirstname>
   <ManagerLastname>managerLN</ManagerLastname>
  </item>
 </UserInfo>
</n0:GracIdmUsrAccsReqServices>

Testing Web Service Steps

Execute transaction SE80 and select Package GRAC_DIRECTORY_SERVICES

Navigate to Enterprise ServicesàService Definitions

Select web service GRAC_USER_ACCESS_WS. In menu option click “Service Definition” and click “Test” or short key F8

In the below screen you can go with default options and click execute button

In next screen, select the XML Editor icon

Select all content

Delete the selected content

From the WIKI page, copy the sample file content and paste it here. Now, click the execute button.

NOTE:- Please update the input data based on your GRC configurations, the sample file content is just for example and may not work 100% on your environment.

Web service result along with request # will be shown as below screen 

Related Content

Related Documents

Related Notes Size

 

  • No labels