Creating a schema extension file
Define all the schema types you want to use to extend the connector schema in the schema extension file. The schema extension file is an XML file with a structure identical to the connector schema. It describes the definitions for table queries and BAPI calls for the new schema types. If a new schema type has the same name as an already existing schema type, the extension is ignored.
The file is divided into three main sections:
- Table section
- Functions section
- Schema types section
Basically, tables, and functions required to access data for defined schema types, must be declared first. Then you can define new schema types in the schema types section. Use 'functions and tables in different schema type definitions in this case. A schema type definition must contain at least one call for an object list.
NOTE:
As of One Identity Manager version 8.2, an updated BAPI transport SAPTRANSPORT_70.ZIP is provided. This uses the /VIAENET/READTABLE function module instead of the RFC_READ_TABLE SAP module. When it accesses an SAP R/3 environment, the SAP R/3 connector checks whether the /VIAENET/READTABLE function module exists and uses it.
If the function module is not available, the connector uses the RFC_READ_TABLE SAP module.
Schema extension file structure
<?xml version="1.0" encoding="utf-8" ?> |
<SAP> |
<Tables> |
... |
</Tables> |
<Functions> |
... |
</Functions> |
<SAPExtendedSchematypes> |
... |
</SAPExtendedSchematypes> |
</SAP> |
Predefined variables
You can use variables in the table and function sections. This includes system variables that are known to the /VIAENET/READTABLE function module or the SAP module RFC_READ_TABLE.
Table 14: System variable examples
sy-langu |
Currently selected login language. |
sy–datum |
Current date. |
sy-mandant |
Current client. |
You can also use variables known to the SAP R/3 connector, for example, from the process parameter definition.
Table 15: Predefined SAP R/3connector variables
$Value$ |
Input parameter for the One Identity Manager Service call. |
$Mandt$ |
Current client's number. |
$Date$ |
Current date. |
Detailed information about this topic
Defining tables
In the section for tables (Tables), you can select tables and columns required for accessing the data for the schema types that will be defined. The SAP R/3 connector requires a definition for each table to load the slim object list. To do this, you define exactly those columns the SAP R/3 connector requires when it loads the synchronization objects. All columns in the table are loaded when single objects are accessed.
Table 16: Table definition
Definition |
Symbolic name for using the definition. |
TableName |
Name of the table in the SAP database. |
Key |
Key term for formatting the distinguished name. Multiple values can be entered in a comma delimited list. |
X500 |
Abbreviation for the key term in the attribute Key. Multiple values can be entered in a comma delimited list. |
SQL |
Limiting WHERE clause.
NOTE: There are a number of restrictions for parsing SQL operators in the SAP R/3 system. Take the following rules into account to ensure correctness:
|
Distinct |
Counts the columns that the Distinct filter applies to (as comma delimited list). |
Load |
Columns to load when the object list is loaded. These columns can be for can be used to format the schema type's display name (DisplayPattern) as revision counters, for example, or as input parameters in a function,
If the object list is loaded from a table but single objects from a function, all the columns used within the synchronization project mapping must be given here.
IMPORTANT: Each column, which must be additionally loaded when the object list is loaded, creates extra load for One Identity Manager. This can make synchronization much slower if there is a lot of data. Only enter columns that you really need for further object processing.
No data is required for single object access. |
Advice
-
Several table definitions with different symbolic names can be defined that refer to the same table in the SAP database.
-
Key columns are always loaded. They should not, therefore, be given in the Load attribute.
-
The Load attribute only works when loading the object list. All columns of the table are always loaded for single object access.
-
The following operators are permitted in the WHERE clause:
Table 17: Permitted operators in the SQL attribute
EQ |
= |
NE |
<> |
GT |
> |
LT |
< |
GE |
>= |
LE |
<= |
BETWEEN |
ENDDA BETWEEN '20090101' AND '20090131' |
-
A table definition can also contain a mapping block. This block is used to replace parameters that are supposed to be used in WHERE clauses but were selected with another name in the object list.
In the example, every occurrence of the $BNAME$ variable was replaced with the current value in the USERNAME column when single objects were loaded from the RSECUSERAUTH table before SQL selection was run. The column USERNAME must be loaded into an object list beforehand.
Table definitions with a mapping are primarily used to load single objects.
-
Predefined variables can be used as well as custom defined parameters in the WHERE clause. For more information, see Creating a schema extension file.
<Tables> |
<TABLE Definition = "HRP1001-Table" TableName="HRP1001" Key="OTJID,SUBTY,BEGDA,ENDDA" X500="CN,OU,OU,OU" SQL="MANDT = sy-mandt" Load="VARYF" Distinct="OTJID,SUBTY,VARYF" /> |
<TABLE Definition = "HRP1000-Table" TableName="HRP1000" Key="OTJID,LANGU,BEGDA,ENDDA" X500="CN,OU,OU,OU" SQL="MANDT = sy-mandt" Load="" Distinct="OTJID" /> |
<TABLE Definition = "RSECUSERAUTH-SingleUser" TableName="RSECUSERAUTH" Key="AUTH" X500="CN" SQL="UNAME = '$BNAME$'" Load="" > |
<Mapping> |
<Data ParameterName = "$BNAME$" PropertyName = "USERNAME" /> |
</Mapping> |
</TABLE> |
</Tables> |
Related topics
Defining functions
In the section for functions (Functions), you can describe the interfaces to BAPI functions required for accessing the data for the schema types, which will be defined.
Table 18: Function definition
Definition |
Symbolic name for using the definition. |
FunctionName |
Function name in the SAP R/3 system. |
OutStructure |
Name of an SAP structure given as a return value. (Optional) |
Key |
Key term for formatting the distinguished name. Multiple values can be entered in a comma delimited list. |
X500 |
Abbreviation for the key term in the attribute Key. Multiple values can be entered in a comma delimited list. |
In the optional mapping block, you define how the values are passed to the function call parameters. To do this, an object list must be created before the function call. The parameters for the function call can be filled from this object list's properties. In the example below, BNAME is a property, which is determined from the object list of the table USR02.
Predefined variables can be passed to the parameters. For more information, see Creating a schema extension file. Apart from that, it is possible to pass a fixed value to a function parameter. The following notation is provided for this.
<Data ParameterName = "<Name>" PropertyName = "VALUE=<fixed value>" />
Example
<Tables> |
<TABLE Definition = "USR02-Table" TableName="USR02" Key="BNAME" X500="CN" SQL="MANDT = '$MANDT$'" Load="" /> |
</Tables> |
<Functions> |
<Function Definition = "USER GET" FunctionName="BAPI_USER_GET_DETAIL" OutStructure = "" Key ="USERNAME" X500 ="CN"> |
<Mapping> |
<Data ParameterName = "USERNAME" PropertyName = "BNAME" /> |
</Mapping> |
</Function> |
</Functions> |
Related topics
Defining schema types
In the section for schema types (SAPExtendedSchematypes), you can define schema types that exist in the SAP schema and can be used to extend the connector schema. The identifier given in the Name attribute is used as the name. This identifier must be unique in the extended connector schema.
Table 19: Schema type definition
Bem |
Internal description |
Name |
Name of the schema type in the extended connector schema. |
DisplayPattern |
Definition of a display pattern for displaying objects in the Synchronization Editor (for example, in the target system browser or defining schema classes). (Optional)
Only columns that are loaded in the table definition (Key or Load attribute) can be used.
If there is no DisplayPattern defined, the object's distinguished name is used as the display value.
NOTE: The use of multi-value columns (MVP) in the DisplayPattern is not allowed
IMPORTANT: Each column, which must be additionally loaded when the object list is loaded, creates extra load for One Identity Manager. This can make synchronization much slower if there is a lot of data. Only enter columns that you really need for further object processing. |
AddRevisionTimeOffset |
Specifies whether the revision counter adds the time as 23:59:00. (Optional)
You can use this attribute if the revision counter only contains a change date but no timestamp. This allows objects that were changed after the previous synchronization run but on the same day, to be included in the next synchronization run. |
RevisionProperty |
Name of a property contain the revision counter. (Optional) |
ListObjectsDefinition |
Function or table definition for calling an object list. |
ReadObjectDefinition |
Function or table definition for calling a single object. |
InsertObjectDefinition |
Function call to create the new object. (Optional) |
InsertCommitDefinition |
Function call that should be run after the function to create the new object. (Optional) |
WriteObjectDefinition |
Function call to write the object. (Optional) |
WriteCommitDefinition |
Function call that should be run after the function to write the new object. (Optional) |
DeleteObjectDefinition |
Function call to delete the object. (Optional) |
DeleteCommitDefinition |
Function call that should be run after the function to delete the object. (Optional) |
ParentType |
Context of the schema type. (Optional)
By default, the schema types are client-related (ParentType="SAPMANDANT"). If the new schema type is valid in all SAP R/3 system clients, enter ParentType with the value SAPSYSTEM.
If this attribute is not defined, the schema type is client-related. |
A schema type definition must contain at least one object list call (attribute ListObjectsDefinition). In this case, you can enter a table or a function definition. To call a single object (attribute ReadObjectDefinition), the object list must have been loaded previously. The list call and single object call can refer to different tables, however the key columns for identifying single objects must either have the same name or have been mapped in the table definition for the single object call. In the example below, the single objects from table RSECUSERAUTH are determined for an object from the table USR02. The key columns for identifying the objects are USR02.BNAME and RSECUSERAUTH.UNAME. The columns have different names and are therefore mapped using the parameter $BNAME$.
If is possible to define a Properties block for declaring any number of other object properties and the types of access to them.P One single property is defined by the Property tag, which can have the following attributes.
Table 20: Property definition
Name |
Name of the property. It must be unique within the schema type. |
Description |
Property description. |
ListFunction |
Function or table for calling all values. |
AddFunction |
Function for adding a value. (Optional) |
DelFunction |
Function for deleting a value. (Optional) |
ReplaceFunction |
Replaces the entire contents of the property. (Optional) |
IsMultivalued |
Specifies whether the property has multiple values. (Optional)
If the attribute is not defined, the property is not multi-valued. |
<Tables> |
<TABLE Definition = "USR04-Table" TableName="USR04" Key="BNAME,MANDT" X500="CN,OU" SQL="MANDT = sy-mandt" Load="" /> |
<TABLE Definition = "USR02-Table" TableName="USR02" Key="BNAME" X500="CN" SQL="MANDT = sy-mandt" Load="MANDT,TRDAT" /> |
<TABLE Definition = "RSECUSERAUTH-SingleUser" TableName="RSECUSERAUTH" Key="AUTH" X500="CN" SQL="UNAME = '$BNAME$'" Load=""> |
<Mapping> |
<Data ParameterName = "$BNAME$" PropertyName = "BNAME" /> |
</Mapping> |
</TABLE> |
<TABLE Definition = "ANLA-Table" TableName="ANLA" Key="BUKRS,ANLN1" X500="CN,OU" SQL="MANDT = sy-mandt" Load="AEDAT" /> |
</Tables> |
<Functions> |
<Function Definition = "USER GET" FunctionName="BAPI_USER_GET_DETAIL" OutStructure = "" Key ="USERNAME" X500 ="CN"> |
<Mapping> |
<Data ParameterName = "USERNAME" PropertyName = "BNAME" /> |
</Mapping> |
</Function> |
<Function Definition = "USER SET" FunctionName="BAPI_USER_CHANGE" OutStructure ="" Key ="USERNAME" X500 ="CN"> |
<Mapping> |
<Data ParameterName = "USERNAME" PropertyName = "BNAME" /> |
</Mapping> |
</Function> |
<Function Definition = "USER DEL" FunctionName="BAPI_USER_DELETE" OutStructure ="" Key ="USERNAME" X500 ="CN" > |
<Mapping> |
<Data ParameterName = "USERNAME" PropertyName = "BNAME" /> |
</Mapping> |
</Function> |
<Function Definition = "USER PROFILE SET" FunctionName="BAPI_USER_PROFILES_ASSIGN" OutStructure ="" Key ="USERNAME" X500 ="CN"> |
<Mapping> |
<Data ParameterName = "USERNAME" PropertyName = "BNAME" /> |
<Data ParameterName = "BAPIPROF~BAPIPROF" PropertyName = "$Value$" /> |
</Mapping> |
</Function> |
<Function Definition = "BWProfileDelFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_DEL" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU"> |
<Mapping> |
<Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" /> |
<Data ParameterName = "ZHIER" PropertyName = "$VALUE$" /> |
</Mapping> |
</Function> |
<Function Definition = "BWProfileAddFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_ADD" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU"> |
<Mapping> |
<Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" /> |
<Data ParameterName = "ZHIER" PropertyName = "$VALUE$" /> |
</Mapping> |
</Function> |
</Functions> |
<SAPExtendedSchematypes> |
<SAPExtendedSchematype Bem = "all users" Name = "UserFunctionTable" DisplayPattern="%BNAME% (%MANDT%)" RevisionProperty="TRDAT" ListObjectsDefinition = "USR02-Table" ReadObjectDefinition ="USER GET" WriteObjectDefinition = "USER SET" DeleteObjectDefinition = "USER DEL"> |
<Properties> |
<Property Name = "SAPBWP" Description="all BW profiles of the user" ListFunction="RSECUSERAUTH-SingleUser" AddFunction="BWProfileAddFkt" DelFunction="BWProfileDelFkt" ReplaceFunction="" IsMultivalued = "true" /> |
<Property Name = "USERPROFILE" Description="all profiles of the user" ListFunction="USR04-Table" AddFunction="" DelFunction="" ReplaceFunction="USER PROFILE SET" IsMultivalued = "true" /> |
</Properties> |
</SAPExtendedSchematype> |
<SAPExtendedSchematype Bem = "Asset, asset values" Name = "Asset_ANLA" DisplayPattern="%ANLN1% %BUKRS%" AddRevisionTimeOffset="true" RevisionProperty="AEDAT" ListObjectsDefinition = "ANLA-Table" ReadObjectDefinition = "ANLA-Table" InsertObjectDefinition = "" WriteObjectDefinition = "" DeleteObjectDefinition = "" /> |
</SAPExtendedSchematypes> |
Explanation:
The list of UserFunctionTable schema type objects is created by using the USR02 table. Reading, writing, and deleting is done with USER-BAPI functions, which each have been declared as a Function.
The schema type has a properties block. Two properties are defined here that are neither returned through the list call's table definition nor through the single object call's function definition. A multi-value property SAPBWP is defined, whose value is taken from the RSECUSERAUTH table. The single objects are identified by the columns USR02.BNAME and RSECUSERAUTH.UNAME. BAPI calls, which are defined as functions, are used for inserting and deleting values.
The property Userprofile is an example of a multi-value property, which has values read from a table (USER04) and a Replace function. Therefore, all values that need to remain in the property must always be given when changes are made. The write function is the original USER-BAPI function for setting profiles in the user (function definition for BAPI_USER_PROFILES_ASSIGN). Single objects are identified using the USR02.BNAME and USR04.BNAME columns. There is no mapping required for the table definition because the key columns have the same name.
The Asset_ANLA schema type uses the AESAT revision counter, which only contains a change date. The connector adds a time of 23.59:00 to this revision counter (AddRevisionTimeOffset="true").
Related topics