SAP has partnered with IBM and Sun on web services to connect their respective identity management and regulatory compliance products.

SAP built about a dozen such web services for SAP GRC (governance, risk and compliance) Access Control, to connect it with IBM Tivoli Identity Manager and Sun Java System Identity Manager.

IBM and Sun's identity manager software interacts with human resources and other systems to create user accounts providing access to financial information, email, ERP or other applications, when organisations take on new employees.

The SAP GRC Access Control makes sure those user accounts comply with regulations by ensuring proper segregation of duties, which is key for accounting and guarding against fraud and mistakes. The new web services, which are free add-ons to GRC Access Control customers, allow the IBM and Sun identity managers to call the GRC system to find out whether new access rights for an employee introduce potential risk.

"If there is a risk, the whole process stops," said Axel Streichardt, director of SAP's governance, risk and compliance business unit.

"SAP customers now can incorporate [segregation of duties] checking from SAP into their Tivoli Identity Manager user life-cycle management work-flows prior to provisioning entitlements that would result in ... violations," Joe Anthony, IBM Tivoli program director for identity management, said in a news release. "Testing for [segregation of duties] violations after they have been established is reactive."

GRC Access Control is part of SAP's NetWeaver platform. The new web services, available now, were announced this week at SAP TechEd '07 in Las Vegas.