Professional Documents
Culture Documents
Copyright Notice
The information in this document is provided for informational purposes only, is subject to change without
notice, and should not be construed as a commitment by Greenlight Technologies, Inc. Greenlight
Technologies, Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in
this book.
Except as permitted by license, no part of this document may be reproduced, stored in a retrieval system,
or transmitted, in any form or by any means – electronic, mechanical, recording, or otherwise – without
the prior written permission of Greenlight Technologies, Inc.
Printed in the U.S.A.
CAUTION
This document contains proprietary, confidential information that is the exclusive property of Greenlight
Technologies, Inc. If you do not have a valid contract with Greenlight Technologies for the use of this
document, or have not signed a non-disclosure agreement with Greenlight Technologies, then you
received this document in an unauthorized manner and are not legally entitled to possess or read it.
Use, duplication, and disclosure are subject to restrictions stated in your contract with Greenlight
Technologies, Inc. Use, duplication, and disclosure by the Government are subject to restrictions for
commercial software and shall be deemed to be Restricted Rights software under Federal Law.
Revision History
Approvals
Table of Contents
Objective................................................................................................................................... 5
Overview ................................................................................................................................... 5
Services Details for ServiceNow ITSM, SailPoint IdentityIQ with SAP Access Control
v5.3,10.0,10.1,12 .................................................................................................................... 5
Prerequisites .......................................................................................................................... 16
Appendix ................................................................................................................................ 17
List of Acronyms ............................................................................................................................17
Related Documents .......................................................................................................................18
Objective
This document provides the technical details of all the available GL Services to integrate ITSM/ IDM
solutions with SAP GRC using Greenlight Enterprise Integration System, an EBCP service.
Overview
Greenlight EIS, the integration insight and controls automation engine provides integration to business
applications that collects and correlates all relevant user access data including application identities,
groups, roles, profiles, specific authorizations and specific activities/actions within applications. The
platform then normalizes disparate application security models, breaking down policy silos, to provide
a unified view of user access risks and transactional activities across multiple applications and business
processes.
Greenlight EIS transforms cryptic security information into actionable analytics, providing business
users with information that is in a context they can understand, is relevant to users they manage and
processes that they oversee, has the continuous controls automation to understand where risks are
occurring and the insight to know how to properly respond to conditions that introduce risk to the
organization.
EIS also provides integration services between Non-ABAP, Non-SAP applications and SAP GRC. The
services are also extended to IDM solutions to seamlessly integrate with the compliance capabilities
from SAP GRC.
SelectApplication
Type Name Mandatory Sample Data
String systemType N PROD
String applicationType N
String Locale N EN
SystemSelectionResult
Type Name
com.greenlight.wrappers.output.ArrayOfSystemDatas systems
com.greenlight.wrappers.output.ServiceStatusDTO status
ArrayOfSystemDatas
com.greenlight.wrappers.output.SystemData[ ] systemData
SystemData
java.lang.String Description
java.lang.String systemCategory
java.lang.String systemId
java.lang.String systemType
ServiceStatusDTO
java.lang.String msgCode
java.lang.String msgDesc
java.lang.String msgType
SearchRole
Type Name Mandatory Sample Data
String Application N SAPIDES18
String accessType N ROLES
String businessProcess N
String subProcess N
String Role N
String roleDesc N
String functionalArea N
String Company N
String transactionCode N
String userId N
String Locale N EN
int hitCount N 10
ArrayofRolesDTO1
com.greenlight.wrappers.output.RolesDTO[] rolesDTO
RolesDTO
java.lang.String Application
java.lang.String leadOwner
java.lang.String roleDescription
java.lang.String roleName
java.lang.String roleType
java.lang.String validFrom
java.lang.String validTo
ServiceStatusDTO
java.lang.String msgCode
java.lang.String msgDesc
java.lang.String msgType
RoleDetails
Type Name Mandatory Sample Data
String roleName N Z_TRUST
String System N SAPIDES18
String Locale N EN
RoleDetailsResult
Type Name
java.lang.String businessProcess
java.lang.String businessProcessDesc
com.greenlight.wrappers.output.CompanyResultDTO[] companyResultDTO
java.lang.String criticalLevel
java.lang.String detailDesc
facmpRoleApproverResultDT
com.greenlight.wrappers.output.FACMPRoleApproverResultDTO[] O
com.greenlight.wrappers.output.FunctionalAreaResultDTO[] functionalAreaResultDTO
java.lang.String lastReaffirmDate
java.lang.String reaffirmPeriod
com.greenlight.wrappers.output.RoleApproverResultDTO[] roleApprResultDTO
java.lang.String roleDesc
java.lang.String roleName
java.lang.String roleType
com.greenlight.wrappers.output.ServiceStatusDTO status
java.lang.String subProcess
java.lang.String subProcessDesc
com.greenlight.wrappers.output.SystemResultDTO[] systemResultDTO
com.greenlight.wrappers.output.TCodeResultDTO[] transactionCodeResultDTO
CompanyResultDTO
java.lang.String company
FACMPRoleApproverResultDTO
java.lang.String company
java.lang.String companyId
java.lang.String funcArea
java.lang.String functionalArea
com.greenlight.wrappers.output.RoleApprResultDTO[] roleAprv
RoleApprResultDTO
java.lang.String alternateApprover
java.lang.String roleApprover
FunctionalAreaResultDTO
java.lang.String functionalArea
RoleApproverResultDTO
java.lang.String roleAltApproverId
java.lang.String roleAltApproverName
int roleAltApproverType
java.lang.String roleApproverId
java.lang.String roleApproverName
int roleApproverType
java.lang.String roleProfName
ServiceStatusDTO
java.lang.String msgCode
java.lang.String msgDesc
java.lang.String msgType
SystemResultDTO
java.lang.String actualDate
java.lang.String Client
int Days
int months
java.lang.String roleStatus
java.lang.String sysId
java.lang.String system
java.lang.String validityType
int Years
TCodeResultDTO
java.lang.String riskId
java.lang.String roleDesc
java.lang.String Tcode
java.lang.String tcodeDesc
RequestDetailsData
Type Name
com.greenlight.wrappers.input.RequestDetailsData requestDetails
RequestDetailsData
Type Name Mandatory Sample Data
java.lang.String application Y SAPIDES18
java.lang.String company N
com.greenlight.wrappers.input.CustomFieldsDTO[] customField Y
java.lang.String department N
java.lang.String emailAddress Y mandar.deshmukh@greenlightcorp.net
java.lang.String employeeType N
java.lang.String firstName Y Mandar
java.lang.String functionalArea N
java.lang.String lastName Y Deshmukh
java.lang.String Locale N EN
java.lang.String location N
java.lang.String managerTelephone N
java.lang.String mgrEmailAddress N
java.lang.String mgrFirstName N
java.lang.String mgrId N
java.lang.String mgrLastName N
java.lang.String priority Y HI
java.lang.String requestReason N
java.lang.String requestType Y LASERFOCUS
java.lang.String requestorEmailAddress Y mandar.deshmukh@greenlightcorp.net
java.lang.String requestorFirstName Y Mandar
java.lang.String requestorId Y SAPUSER
java.lang.String requestorLastName Y Deshmukh
java.lang.String requestorTelephone N
com.greenlight.wrappers.input.RoleData[] Roles Y
java.lang.String sNCName N
java.lang.String telephone N
java.lang.Boolean unsecureLogon N FALSE
java.lang.String userId Y
java.util.Calendar validFrom N 2011-08-19T04:30:28.844Z
java.util.Calendar validTo N
RequestSubmissionResult
Type Name
java.lang.String requestNo
com.greenlight.wrappers.output.ServiceStatusDTO Status
ServiceStatusDTO
java.lang.String msgCode
java.lang.String msgDesc
java.lang.String msgType
Description: This operation provides the risk details (if any exists) for the specified request.
RADetails
Type Name Mandatory Sample Data
String requestId Y1 123
String Userid Y1
String sysKey[] Y SAPIDES18
String locale N EN
RiskAnalysisResults
Type Name
com.greenlight.wrappers.output.TCodeDetailsPO[] criticalTCodes
com.greenlight.wrappers.output.RiskDetailsPO[] riskDetailPOs
com.greenlight.wrappers.output.ServiceStatusDTO resultDTO
TCodeDetailsPO
java.lang.String roleDesc
java.lang.String system
java.lang.String tcodeDesc
java.lang.String tcodeId
RiskDetailsPO
java.lang.String[] orgRuleDetails
java.lang.String risk
java.lang.String riskDesc
java.lang.String riskLevel
java.lang.String system
com.greenlight.wrappers.output.TCodeDetailsPO[] tCodePOs
java.lang.String violationCount
ServiceStatusDTO
java.lang.String msgCode
java.lang.String msgDesc
java.lang.String msgType
Description: This operation provides the details of the status of the request.
It provides details on the action taken by various users on the request like Submitted,
Approved /
Rejected along with the user details taking the action.
It also provides the last / current status of the request.
AuditTrailInput
Type Name Mandatory Sample Data
String requestId N 123
String userFirstName N
String userLastName N
String fromDate N
String toDate N 2011-08-18T06:26:21.384Z
String action N
String locale N EN
AuditLogResult
Type Name
com.greenlight.wrappers.output.ArrayOfAuditLogDTO1 auditLogDTO
com.greenlight.wrappers.output.ServiceStatusDTO status
ArrayOfAuditLogDTO1
com.greenlight.wrappers.output.AuditLogDTO[] auditLogDTO
AuditLogDTO
java.util.Calendar createDate
java.lang.String logDetails
java.lang.String priority
com.greenlight.wrappers.output.RequestHistoryDTO[] requestHst
java.lang.String requestId
java.lang.String requestedBy
java.lang.String status
java.lang.String submittedBy
RequestHistoryDTO
java.util.Calendar actionDate
java.lang.String actionValue
com.greenlight.wrappers.output.RequestHistoryDTO[] childDTOs
java.lang.String dependentId
java.lang.String description
java.lang.String displayString
java.lang.String id
java.lang.String path
java.lang.String reqNo
java.lang.String stage
java.lang.String userId
ServiceStatusDTO
java.lang.String msgCode
java.lang.String msgDesc
java.lang.String msgType
Description: This operation gives the current status of the specified request.
ResquestStatus
Type Name Mandatory Sample Data
String requestId N 123
String language N EN
RequestStatusDTO
Type Name
java.lang.String dueDate
java.lang.String msgCode
java.lang.String msgDesc
java.lang.String msgType
java.lang.String requestNumber
java.lang.String stage
java.lang.String status
java.lang.String userName
Greenlight EBCP refers to Integrated Risk Management. It comprises of the following new modules:
SOD Module
Using the SOD Module customers will be able to ‘pro-actively’ identity user(s) having risky access, and
update users' access such that users no longer have risky access. If a user won’t have access to perform
any risky transaction then we have eliminated the risk pro-actively.
Operating Environment
Identity Master
• Export from HR Source e.g. AD, Workday, SAP HR, SuccessFactors. Refer to section 3.2
Related Documents
• Notes about the file:
o CSV UTF-8 format
o Must contain header
Note: If the customer does not have any Identity provider then Greenlight can install Keycloak for SAML
authentication.
Business Risks
• Business Risks in Greenlight EBCP format. Refer to section 3.2 Related Documents
Prerequisites
Prerequisite 1
Description
Request Details
Response
Prerequisite 2
Description
Request Details
Response
Prerequisite 3
Description
Request Details
Response
Prerequisite 4
Description
Request Details
Response
Prerequisite 5
Description
Request Details
Response
Appendix
List of Acronyms
Term Description
Related Documents
• SOD rule-sets
Greenlight-IRM_Rule
Set.xls