test

Oracle Waveset 8.1.1 Deployment Guide

Implementing a External Policy Check Integration

Use the following guidelines to implement the external policy check integration in an environment in which you have not integrated Access Enforcer 5.2 or earlier. Before beginning this procedure, you must set up SAP Access Control as described in the “Access Control and Identity Manager” Integration chapter in the SAP GRC Access Control Configuring SAP with Release 5.3 guide, which is available from SAP. If you have previously integrated Access Enforcer, see “Migrating from Access Enforcer Version 5.1 or 5.2” in this document.

Note –

Disable the autoprovisioning feature within SAP Access Control for the external policy check integration. Otherwise, the user will be provisioned by Access Control, and not by Waveset. If you want autoprovisioning, then implement the external resource integration.

  1. Create an SAP Access Control adapter.

  2. Create an SAP connector. Be sure to configure the following parameters.

    1. Select the Configure Policy Resource check box.

    2. Select the SAP Access Control resource from the Policy Resource menu.

    3. Select the SAP Access Control application associated with this connector from the Instance ID menu.

    Repeat this step for each SAP Access Control application.

  3. Copy the following files and make any required modifications. Be sure to save the original files.

    • $WSHOME/sample/rules/SAPAccessControlRules.xml

    • $WSHOME/sample/forms/SAPAccessControlUserForm.xml

    • $WSHOME/sample/forms/SAPAccessControlCompViolForm.xml

    Then import the modified files.

  4. The SAP connector glue code contains a sample SAP Connector User Form (SAPUserForm.xml). This file contains commented code that needs to be enabled. Delete the comment marks around the Include statement near the top of the file. Then delete the comment marks around the Field that contains the FormRef to the SAP Access Control User Form. Then import this file.

  5. Configure the User Deferred Task Scanner to run periodically. The default interval is 1 hour. To obtain the risk analysis results as quickly as possible, the interval for the deferred task should be set as low as possible.