Configuration Table for SAP GRC
Insert the following data into the '/SAILPOIN/CONF' table:
This is the allowed service account to be used for accessing FM.
The name of the entity from which data is fetched. For now we can consider it as a table name.
The column allowed for fetching data.
The type of entity like table or join. This is for a future purpose.
The data type of the column that is allowed.
The data element type of the column. "Data element type" can be found using the t-code "SE11" when viewing the table details, under Fields.
The length of the column that is allowed. The "Length" can be found using the t-code "SE11" when viewing the table’s details, under Fields.
Note
Validate that the values for COLUMN_DENAME
and COLUMN_LENGTH
are correct as per your system. This can be validated through the t-code "SE11" while viewing the table details, under Fields.
Enter Se16 > Table Name: /SAILPOIN/CONF > Create Entries
The option to enter the data into the table will appear.
OR
Setup
-
Enter t-code SE38 and then create program ‘Z_CONFIGURE_SERVICEACCOUNT’ in the local object package and type as an executable program.
-
Copy and paste the script provided HERE, and activate the program.
-
For better readability of the input parameters edit the selection text from Go to > Text Element > Selection Text and update it as shown in the following image.
-
Save and then activate the program.
How it works
-
Enter t-code SE38 and then search for program ‘Z_CONFIGURE_SERVICEACCOUNT’. Select execute.
-
Enter the service account and integration module to be populated respectively.
-
Once you have entered the details correctly, select execute and you will see a success message.
Table Permissions
SERVICE_ACCOUNT |
NAME |
COLUMNNAME |
ENTITY_TYPE |
COLUMN_DTYPE |
COLUMN_DENAME |
COLUMN_LENGTH |
---|---|---|---|---|---|---|
<your-service-account-name> |
GRACPROFILE |
AC_REF_ROLE_ID |
TABLE |
C |
GRFN_GUID |
32 |
<your-service-account-name> |
GRACPROFILE |
CONNECTOR |
TABLE |
C |
GRFN_CONNECTORID |
32 |
<your-service-account-name> |
GRACPROFILE |
PROFILE |
TABLE |
C |
GRAC_PROFILE |
20 |
<your-service-account-name> |
GRACRLCOMPRL |
CHILD_ROLEID |
TABLE |
C |
GRFN_GUID |
32 |
<your-service-account-name> |
GRACRLCOMPRL |
COMP_ROLEID |
TABLE |
C |
GRFN_GUID |
32 |
<your-service-account-name> |
GRACRLCONN |
AC_REF_ROLE_ID |
TABLE |
C |
GRFN_GUID |
32 |
<your-service-account-name> |
GRACRLCONN |
CONNECTOR |
TABLE |
C |
RFCDEST |
32 |
<your-service-account-name> |
GRACRLCONN |
ROLE_ID |
TABLE |
C |
GRFN_GUID |
32 |
<your-service-account-name> |
GRACRLCONN |
ROLE_NAME |
TABLE |
C |
GRAC_ROLE_NAME |
300 |
<your-service-account-name> |
GRACRLCUARELAT |
ROLEID1 |
TABLE |
C |
GRAC_ROLEID |
32 |
<your-service-account-name> |
GRACRLCUARELAT |
ROLEID2 |
TABLE |
C |
GRAC_ROLEID |
32 |
<your-service-account-name> |
GRACROLE |
BPROC |
TABLE |
C |
GRAC_BPROC |
10 |
<your-service-account-name> |
GRACROLE |
BSUBPROC |
TABLE |
C |
GRAC_BSUBPROC |
10 |
<your-service-account-name> |
GRACROLE |
CONNECTOR_GRP |
TABLE |
C |
GRFN_CONNECTORGRP |
10 |
<your-service-account-name> |
GRACROLE |
ROLEID |
TABLE |
C |
GRAC_ROLEID |
32 |
<your-service-account-name> |
GRACROLE |
ROLE_NAME |
TABLE |
C |
GRAC_ROLE_NAME |
300 |
<your-service-account-name> |
GRACROLE |
ROLE_STATUS |
TABLE |
C |
GRAC_ROLE_STATUS |
3 |
<your-service-account-name> |
GRACROLE |
ROLE_TYPE |
TABLE |
C |
GRAC_ROLE_TYPE |
3 |
<your-service-account-name> |
GRACROLERELAT |
RELAT_TYPE |
TABLE |
C |
GRAC_RL_RELAT_TYPE |
4 |
<your-service-account-name> |
GRACROLERELAT |
ROLEID1 |
TABLE |
C |
GRAC_ROLEID |
32 |
<your-service-account-name> |
GRACROLERELAT |
ROLEID2 |
TABLE |
C |
GRAC_ROLEID |
32 |
<your-service-account-name> |
GRACUSER |
CONNECTOR |
TABLE |
C |
GRFN_CONNECTORID |
32 |
<your-service-account-name> |
GRACUSER |
DEPARTMENT |
TABLE |
C |
GRAC_DEPARTMENT |
100 |
<your-service-account-name> |
GRACUSER |
|
TABLE |
C |
AD_SMTPADR |
241 |
<your-service-account-name> |
GRACUSER |
FIRST_NAME |
TABLE |
C |
GRAC_USER_NAME |
50 |
<your-service-account-name> |
GRACUSER |
LAST_NAME |
TABLE |
C |
GRAC_USER_NAME |
50 |
<your-service-account-name> |
GRACUSER |
MANAGER_ID |
TABLE |
C |
GRAC_USER |
50 |
<your-service-account-name> |
GRACUSER |
PHONE |
TABLE |
C |
GRAC_PHONE_NUMBER |
20 |
<your-service-account-name> |
GRACUSER |
USER_ID |
TABLE |
C |
GRAC_USER |
50 |
<your-service-account-name> |
GRACUSERCONN |
CONNECTOR |
TABLE |
C |
RFCDEST |
32 |
<your-service-account-name> |
GRACUSERCONN |
INACTIVE |
TABLE |
C |
BOOLEAN |
1 |
<your-service-account-name> |
GRACUSERCONN |
USER_GROUP |
TABLE |
C |
GRAC_USER_GRP |
50 |
<your-service-account-name> |
GRACUSERCONN |
USER_ID |
TABLE |
C |
GRAC_USER |
50 |
<your-service-account-name> |
GRACUSERCONN |
USER_TYPE |
TABLE |
C |
XUUSTYP |
1 |
<your-service-account-name> |
GRACUSERCONN |
VALID_FROM |
TABLE |
C |
GRAC_VALID_FROM |
8 |
<your-service-account-name> |
GRACUSERCONN |
VALID_TO |
TABLE |
D |
GRAC_VALID_TO |
8 |
<your-service-account-name> |
GRACUSERPROFILE |
CONNECTOR |
TABLE |
C |
GRFN_CONNECTORID |
32 |
<your-service-account-name> |
GRACUSERPROFILE |
PROFILE |
TABLE |
C |
GRAC_PROFILE |
20 |
<your-service-account-name> |
GRACUSERPROFILE |
USER_ID |
TABLE |
C |
GRAC_USER |
50 |
<your-service-account-name> |
GRACUSERROLE |
BUS_ROLEID |
TABLE |
C |
GRFN_GUID |
32 |
<your-service-account-name> |
GRACUSERROLE |
CONNECTOR |
TABLE |
C |
GRFN_CONNECTORID |
32 |
<your-service-account-name> |
GRACUSERROLE |
ROLE_ID |
TABLE |
C |
GRFN_GUID |
32 |
<your-service-account-name> |
GRACUSERROLE |
USER_ID |
TABLE |
C |
GRAC_USER |
50 |
<your-service-account-name> |
GRACUSERROLE |
VALID_FROM |
TABLE |
|
GRFN_TIMESTAMP |
15 |
<your-service-account-name> |
GRACUSERROLE |
VALID_TO |
TABLE |
|
GRFN_TIMESTAMP |
15 |
<your-service-account-name> |
USRSYSACT |
SUBSYSTEM |
TABLE |
C |
RFCRCVSYS |
10 |
<your-service-account-name> |
USRSYSACT |
AGR_NAME |
TABLE |
C |
F_AGR_NAME |
30 |
<your-service-account-name> |
USRSYSACT |
COL_AGR |
TABLE |
C |
XUFLAG |
4 |
<your-service-account-name> |
CVERS |
COMPONENT |
TABLE |
C |
DLVUNIT |
30 |
<your-service-account-name> |
CVERS |
RELEASE |
TABLE |
C |
SAPRELEASE |
10 |
<your-service-account-name> |
CVERS |
EXTRELEASE |
TABLE |
C |
SAPPATCHLV |
10 |
<your-service-account-name> |
PRDVERS |
NAME |
TABLE |
C |
BORM_NAME |
30 |
<your-service-account-name> |
PRDVERS |
VERSION |
TABLE |
C |
BORM_VERS |
30 |
<your-service-account-name> |
PRDVERS |
VENDOR |
TABLE |
C |
BORM_VEND |
30 |
Additional Table Permissions for GRC AC12 SP19 and above versions
Note
For SAP GRC AC12 SP19 and above versions, the following additional permissions for the GRACUSERSOURCE table are required.
SERVICE_ACCOUNT |
NAME |
COLUMNNAME |
ENTITY_TYPE |
COLUMN_DTYPE |
COLUMN_DENAME |
COLUMN_LENGTH |
---|---|---|---|---|---|---|
<your-service-account-name> |
GRACUSERSOURCE |
CONNECTOR |
TABLE |
C |
GRFN_CONNECTORID |
32 |
<your-service-account-name> |
GRACUSERSOURCE |
DATA_SOURCE_TYPE |
TABLE |
N |
GRAC_DATA_SOURCE |
2 |
<your-service-account-name> |
GRACUSERSOURCE |
SEQUENCE |
TABLE |
N |
GRAC_SEQUENCE |
4 |