Chat now with support
Chat with Support

Identity Manager 9.2.1 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Table accesses not performed correctly

Sometimes the SAP R/3 connector does not perform tables accesses correctly, which causes issues. For example, the leading digits of percentage values with more than five digits (including decimal places) are truncated and replaced by *.

Probable reason

Error in the way the RFC_READ_TABLE function module works.

Solution
  • Import the current SAPTRANSPORT_70.ZIP transport into the SAP R/3 system you want to synchronize.

    As of One Identity Manager version 8.2, an updated BAPI transport SAPTRANSPORT_70.ZIP is provided. This uses the /VIAENET/READTABLE function module instead of the RFC_READ_TABLE SAP module. When it accesses an SAP R/3 environment, the SAP R/3 connector checks whether the /VIAENET/READTABLE function module exists and uses it.

    If the function module is not available, the connector uses the RFC_READ_TABLE SAP module.

The synchronization log records whether the /VIAENET/READTABLE function module is used.

Related topics

Configuration parameters for managing an SAP R/3 environment

The following configuration parameters are available in One Identity Manager after the module has been installed.

Table 74: Configuration parameter

Configuration parameters

Description

TargetSystem | SAPR3

SAP is supported. The parameter is a precompiler dependent configuration parameter. Changes to the parameter require recompiling the database.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

TargetSystem | SAPR3 | Accounts

Default values should be used for SAP user accounts.

TargetSystem | SAPR3 | Accounts | CalculateLicence

Parameter for controlling the calculation of SAP system measurement for SAP user accounts.

TargetSystem | SAPR3 | Accounts | Datfm

Specifies the default date format for SAP user accounts.

TargetSystem | SAPR3 | Accounts | Dcpfm

Specifies the default decimal point format for SAP user accounts.

TargetSystem | SAPR3 | Accounts | ExtID_Type

Specifies the default type for external identification of SAP user accounts.

TargetSystem | SAPR3 | Accounts | Fax_Group

Specifies the default fax group for SAP user accounts.

TargetSystem | SAPR3 | Accounts | Guiflag

Specifies whether secure communication is permitted for SAP user accounts.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword

Specifies whether a random password is generated when a new user account is added. The password must contain at least those character sets that are defined in the password policy.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword |
SendTo

This configuration parameter specifies to which identity the email with the random generated password should be sent (manager cost center/department/location/business role, identity’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the "TargetSystem | SAPR3 | DefaultAddress" configuration parameter.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword |
SendTo | MailTemplateAccountName

Mail template name that is sent to supply users with the login credentials for the user account. The Identity - new user account created mail template is used.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword |
SendTo | MailTemplatePassword

Mail template name that is sent to supply users with the initial password. The Identity - initial password for new user account mail template is used.

TargetSystem | SAPR3 | Accounts | Langu_p

Specifies default language key for SAP users.

TargetSystem | SAPR3 | Accounts | Langup_iso

Specifies default language (ISO 639).

TargetSystem | SAPR3 | Accounts | MailTemplateDefaultValues

Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Identity - new user account with default properties created mail template is used.

TargetSystem | SAPR3 | Accounts | Spda

Specifies default setting for printer parameter 3 (delete after print).

TargetSystem | SAPR3 | Accounts | Spdb

Specifies default setting for printer parameter 3 (print immediately).

TargetSystem | SAPR3 | Accounts | Splg

Specifies the default printer (print parameter 1).

TargetSystem | SAPR3 | Accounts | TargetSystemID

Specifies default target system identification for mapping external users.

TargetSystem | SAPR3 | Accounts | Time_zone

Specifies the default time zone value for the SAP user account’s address.

TargetSystem | SAPR3 | Accounts | Tzone

Specifies the default value for the time zone.

TargetSystem | SAPR3 | Accounts | Ustyp

Specifies the default user type for SAP user accounts.

TargetSystem | SAPR3 | AutoCreateDepartment

This configuration parameter specifies whether departments are automatically created when user accounts are modified or synchronized.

TargetSystem | SAPR3 | AutoFillSAPUserMandant

Specifies whether SAP roles and SAP profiles can be inherited by the user accounts in a Central User Administration if the user accounts do not have access permission for the clients that these roles and profile belong to.

If the configuration parameter is set, access permission is granted when inheritance is calculated (entry in the SAPUserMandant table) and the roles and profiles are assigned to the user accounts. If the configuration parameter is not set, these roles and profiles are not inherited (default).

TargetSystem | SAPR3 | DefaultAddress

Default email address (recipient) for messages about actions in the target system.

TargetSystem | SAPR3 | KeepRedundantProfiles

This configuration parameter regulates behavior for handling single role and profile assignments to users.

If the parameter is set, the user's single roles or profiles, which are already part of the user's composite roles, are retained.

If the parameter is not set, the user's single roles or profiles, which are already part of the user's composite roles, are removed (default).

TargetSystem | SAPR3 | MaxFullsyncDuration

Specifies the maximum runtime for synchronization.

TargetSystem | SAPR3 | PersonAutoDefault

Mode for automatic identity assignment for user accounts added to the database outside synchronization.

TargetSystem | SAPR3 | PersonAutoDisabledAccounts

Specifies whether identities are automatically assigned to disabled user accounts. User accounts are not given an account definition.

TargetSystem | SAPR3 | PersonAutoFullsync

Mode for automatic identity assignment for user accounts that are added to or updated in the database by synchronization.

TargetSystem | SAPR3 | ValidDateHandling

This configuration parameter is for handling validity periods in SAP role and structural profile assignments to SAP user accounts.

TargetSystem | SAPR3 | ValidDateHandling |
DoNotUsePWODate

This configuration parameter specifies whether the validity period is taken from the request and copied to the SAP role and structural profile assignments to SAP user accounts. If the configuration parameter is set, the Valid from and Valid until dates are not copies from the request to the assignments.

TargetSystem | SAPR3 | ValidDateHandling |
ReuseInheritedDate

Controls reuse of existing SAP role and structural profile assignments to SAP user accounts.

If this configuration parameter is set, existing assignments are reused if the same assignment is created by different means of inheritance and the validity period matches.

TargetSystem | SAPR3 | ValidDateHandling |
ReuseInheritedDate | UseTodayForInheritedValidFrom

This configuration parameter specifies whether the Valid from data of indirect SAP role and structural profile assignments to SAP user accounts is set to <today> or to 1900-01-01.

Default project templates for synchronizing an SAP R/3 environment

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

Detailed information about this topic

Project template for client without CUA

Use the SAP R/3 synchronization (base administration) project template to synchronize clients that are not connected to a central user administration. The project template uses mappings for the following schema types.

Table 75: Mapping SAP R/3 schema types to tables in the One Identity Manager schema.
Schema type in the target system Table in the One Identity Manager Schema
Company SAPCompany
GROUP SAPGrp
LICENSETYPE SAPLicence
LicenceExtension SAPLicenceExtension
LoginLanguage SAPLoginLanguages
CLIENT SAPMandant
Parameters SAPParameter
Printer SAPPrinter
PROFILE SAPProfile
ProfileInProfile SAPProfileInSAPProfile
ProfileInRole SAPProfileInSAPRole
PROFITCENTER SAPProfitCenter
ROLE SAPRole
RoleInRole SAPRoleInSAPRole
STARTMENUE SAPStartMenu
SAPTSAD3T SAPTitle
USER SAPUser
UserComFax SAPComFax
UserComPhone SAPComPhone
UserComSMTP SAPComSMTP
SAPCOMMTYPE SAPCommType
UserExtId SAPUserExtId
UserHasParameter SAPUserHasParameter
UserInGroup SAPUserInSAPGrp
UserInProfile SAPUserInSAPProfile
UserInRole SAPUserInSAPRole
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating