Document created by Jamie Pryer Employee on Jul 1, 2020
Version 1Show Document
  • View in full screen mode

Some notes we need to take into account from Koos



1) Can you show how to setup a connection to a SAP ABAP system?
>> Connection is split in collecting data through a collector and provisioning through a connector.

For collection: for SAP this is csv file based mostly since we should not collect from the SAP DB directly
For the connection to an SAP ABAP system we the SAP Connector.

It does have limited capability.

Michel Bluteau created a new SAP connector with expanded capabilities:


2) What is needed in the SAP system for the RSA product to operate in it (e.g. BAPI imports)?

Nothing: We need 4 library files from the SAP system to import into IG&L. See Connector document.


3) Is the RSA product capable of provisioning through SAP CUA (central user administration) and direct provisioning?

Not OOTB. Seems to be possible through customizing the OOTB SAP AFX connector:



4) Is the RSA product capable of governing and provisioning to SAP cloud hosted apps, like e.g. Employee central, Ariba, S4Hana in the cloud and the Hana database?

If they support REST/SOAP then we can. There is a OOTB SAP HANA collector (I think capabilities are limited).



5) How does the RSA product manage/synchronize the SAP system content (users, roles, profiles)?
synchronization is what SAP CUA does. The “users” are accounts in IG&L and the “roles” approles. We can “sync” by setting up roles, account templates, rules etc.


6) Can the RSA product properly manage a SAP landscape with approximately 80 systems on various different versions with thousands of users and more than 100000 roles and profiles with a good performance?

Yes, the system can handle large volumes of data. See ACME performance guide. SAP landscape normally consists of different (legacy) applications with different API’s for integration.


7) How does the RSA product interact with the SAP GRC Access Control solution in terms of risk analysis (ARA)?

Yes, this can be integrated using Web services integration options in our workflows (REST/SOAP). For an example see:


8) How does the RSA product interact with the SAP GRC Access Control solution in terms of mitigation control assignments (ARQ/ARA)?

Same as above.


9) How does the risk/SoD configuration works in the RSA product for SAP specific onboarded apps?

Mention IG&L SOD capability to be used across applications. Also depends on whether or not to integrate with SAP GRC, which I think will be likely for companies with a large SAP landscape like Danfoss


10) Do the approval flows in the RSA product have a dynamic dimension (e.g. risk/sensitivity driven dynamic flow)?



11) Can all above things be provided by Capgemini SAAS managed RSA solution?

For CAP to answer.