Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
Showing results for 
Search instead for 
Did you mean: 
Process Orchestration is Java based system and this can be integrated with GRC Access Control to use Access Request Management (ARM) functionality.

Below is the step-by-step configuration required for the integration:

Step 1 :

Required Components in Java System –

Please refer below note to get list of components to be installed in Java System

Step 2 :

Deploy the AC 12.0 web service and you will find the following in WS Navigator.

Copy shortcut. (It will be used in later stages.)

Step 3 :

Set up Access to the SPML Service on AS Java

  1. Create Technical User in PO system with Group Administrators.

  2. Create a role with Read/Write access to the SPML service: Spml_Read_Action and Spml_Write_Action and assign it to created technical user.

(Refer 1647157 - How to Set up Access to the SPML Service on AS Java - SAP ONE Support Launchpad for more information)

Step 4 :

Create a G type SM59 connector in GRC system. This will connect to the web service created in Step2 for AUTH extraction and password generation.

Step 5 :

Create a G type connector in SM59 for connecting EP’s SPML interface for PROV.

Add Technical user created in Step3 in Logon & Security tab as below.

Step 6 :

Maintain the Logical port for WS connector in tcode SOAMANAGER in GRC system

  1. Execute Tcode SOAMANAGER

  2. Click on Web Service Configuration

  3. Search for object name CO_GRAC_AD_AUTH_MGM_WEBSERVICE consumer proxy and click on it.

  4. Provide logical port name and other required details (Refer 2371225 - ESI - Logical Port configuration for Consumer Proxy in transaction SOAMANAGER [Video] - SA... for more details)

Step 7 :

Maintain Connector and Connection Types in tcode SPRO.

WS will be attached to the LPCONFIG end point (created in step 6). SPML1 logical port will be same as Target Connector.

Step 8 :

Define the EP Group (this will be used in field mapping)

Step 9 :

Attach both the connectors (WS and SPML) to AUTH scenario.Make sure that the following classes are attached to the scenario:Step 10 :

Repeat same for PROV scenario.

Step 11 :

And for ROLMG scenario

Step 12 :

Maintain Connector Settings:

Step 13 :

Maintain Mapping of Actions and Connector Groups

Default connector is the one which will make a runtime call to get the F4 for system field names in figure below.

Define the field mapping for the group applicable to all the system in that group (F4 from default connector)

Step 14 :

Synchronize EP SPML Schema

Connector is the one for SPML we earlier created. This activity updates table GRACIDMSCHEMABUF.

Step 14 :

Now sync data from EP.

This is from WS connector.


The above mentioned steps will help you in integrating PO system with GRC Access Control for Access Request Management.

Quick check: For web service configuration, check Wsnavigator status. It should not be in stopped status.

Reference Note-

2577245 - Portal Integration and configuration with SAP GRC | SAP Knowledge Base Article

1647157 - How to Set up Access to the SPML Service on AS Java - SAP ONE Support Launchpad

1607232 - GRC 10.0 Enterprise Portal Configuration and Par Files no longer supported - SAP ONE Suppo...

1762514 - Group provisioning fails for portal with error message 'Cannot find a SPML request'.


Note : Please share your feedback or thoughts in a comment below.