Implementing SAP GRC 12.0 Fiori Apps – Overview

This blog gives an overview of configuration steps required to configure and use Fiori as the front end for SAP GRC 12.0 Access control in HUB deployment scenario.

SAP GRC Fiori apps are an alternative to NWBC for accessing SAP GRC Access Control. SAP provides individual apps for the links for that you find in NWBC including dashboard reports

There are 130 apps provided for SAP GRC Access Control that give you flexibility for assigning access as required.

Another feature that SAP GRC Fiori apps provides is that they are mobile devices compatible

You will also learn to simulate as to how the apps would be displayed on mobile devices

  • SAP GRC 12.0 is implemented
  • For integrating GRC for FIORI, ensure that the addon UIGRAC01 with SP02 (minimum) is installed in the FIORI system

Pre-requsities

  • Ensure that ALL users have proper authorizations for authorization objects S_RFC and S_RFCACL (required for trusted RFC connections)

Step 1:  Setup Trusted RFC connections from Gateway system to GRC system.

  • Ensure that three (four if HTTP connection is considered) Trusted RFC connections are setup to GRC system from Fiori system

Trusted%20RFC%20Connections

  • You have to create one Trusted RFC connection from GRC system to Fiori system

Step 2: Create System Alias for GRC system in FES

  • Execute transaction /n/ui2/GW_SYS_ALIAS to create system alias for GRC system or maintain the table /IWFND/V_DFSYAL with the Tcode SM30

System%20Alias

Step 3: Maintain System Alias table

  • Verify system alias table /UI2/V_SYSALIAS for SOHGRAC system alias (SAP delivered) for GRC AC and maintain the system alias of your GRC system

System%20Alias%20List

Step 4: Map the Your System Alias to SAP system Aliases

  • Map the system alias SOHGRAC to the system alias of your GRC system in the table /UI2/V_ALIASMAP

View%20V_ALIASMAP

Step 5: Replicate the Technical Catalog from the Back-end System

Search for GRC catalog SAP_TC_GRC_AC_BE_APPS  in Fiori Launchpad designer

  • It the catalog does not exist in Fiori Launchpad Designer, execute the program /UI2/GET_APP_DESCR_REMOTE_DEV with the following selection criteria
    • SOHGRAC – system Alias
    • SAP_TC_GRC_AC_BE_APPS – SAP standard back end program for replication
    • Replication mode: Full Replication

Replication%20Program

After executing the program, you will get a summary information on the catalogs and number of apps available in the catalog for deployment

Catalog%20Replication

Step 6: Validate the Technical Catalog in the Launchpad Designer

You can validate the catalog availability in the Fiori LaunchPad Designer with transaction code /n/UI2/FLPD_CUST

Fiori%20Launchpad%20Designer

Step 7: Create Fiori Catalog page in font end system

  • Create a custom catalog with Access Request apps as per your requirement using the transaction /UI2/FLPD_CUST

Custom%20Catalog

Step 8: Create Fiori Group page in Front End System

  • Next, create group with Access Request apps that you want to give access to the users using transaction /UI2/FLPD_CUST

Custom%20Group

Step 9: Assign the Catalog and Group in PFCG role

  • Create a role in FIORI system for the GRC apps based on the catalog and group created by you in the Fiori system
    • Assign the catalog id and group id in the Fiori (FES) system

FES%20Role

Create a test user id in FES and assign the role to the user id

Step 10: Assign the WebDynpros of the GRC apps in PFCG Role in Back-End (GRC) System

  • Create a role in FIORI system for the GRC apps based on the catalog and group created by you in the GRC system (BES)
    • Assign the Webdynpro service of the apps in the Backend (BES) system
      • In PFCG Menu tab, go to Authorizations Default –> TADIR –>  WebDynpro (WDYA)

BES%20Roles

Create a test user id with the same name that you created in FES, in BES and assign the role the user id

Step 11: Validating the Configuration

Login with the test user id and execute the transaction /n/ui2/flp

Fiori%20launchpad

Click on the Group containing your Fiori apps, and then click on the tile that you want to execute (E.g. Search Requests)

Search%20Requests%20App

Click on Search button

Search%20Result

You get a list of access requests

Step 12: Simulating Mobile Display

To simulate how the app will look on mobile devices, right click on the browser and click on Inspect

Mobile%20Simulation%20-%20I

You will get into the debug mode of the browser

Mobile%20Simulation%20-%20II

Another section will open on the left side of the browser you will find Dimension Responsive pull-down option

Mobile%20Simulation%20-%20III

You have the options for selecting the mobile device to check how the app would look like on that particular device

In this example, we are simulating the app on iPad Air device

Mobile%20Simulation

  • For integrating GRC for FIORI, ensure that the addon UIGRAC01 with SP02 (minimum) is installed in the FIORI system
  • SICF services of the WebDynpros of the GRC apps should be activated
  • The App Webdynpros should be added to PFCG role in GRC system

Any feedback, thoughts and comments on this topic are welcome.

Other blogs to follow on the topic

SAP Fiori Solution for SAP Access Control