Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 Environments Setting up SAP R/3 Synchronization Base Data for Managing SAP R/3 SAP Systems SAP Clients SAP User Accounts SAP Groups, SAP Roles and SAP Profiles SAP Products Providing System Measurement Data Reports about SAP Systems Appendix: Configuration Parameters for Managing an SAP R/3 Environment Appendix: Default Project Templates for Synchronizing an SAP R/3 Environment Appendix: Referenced SAP R/3 Tables and BAPI Calls Appendix: Example of a Schema Extension File

Configuring a Schema Extension File

Define all the schema types you want to use to extend the connector schema in the schema extension file. The schema extension file is an XML file with a structure identical to the connector schema. It describes the definitions for table queries and BAPI calls for the new schema types. If a new schema type has the same name as an already existing schema type, the extension is ignored.

The file is divided into three main sections:

  • Table section
  • Functions section
  • SchemaClosed types section

Basically, tables and functions required to access data for defined schema types, must be declared first. Then, after this, you can define new schema types in the schema types section. You can use functions and tables in different schema type definitions in this case. A schema type definition must contain at least one call for an object list.

Schema Extension File Structure

<?xml version="1.0" encoding="utf-8" ?>

<SAP>

<Tables>

...

</Tables>

<Functions>

...

</Functions>

<SAPExtendedSchematypes>

...

</SAPExtendedSchematypes>

</SAP>

Predefined Variables

You can use variables in the table and function sections. These can be all the system variables known to the SAP module RFC_READ_TABLE.

Table 17: System Variable Examples
Variable Description
sy-langu Currently selected login language.
sy–datum Current date.
sy-mandant Current client.

You can also use variables known to the SAP R/3 connector, for example, from the process parameter definition.

Table 18: Predefined SAP R/3Connector Variables
Variable Description
$Value$ Input parameter for the One Identity Manager Service call.
$Mandt$ Current client's number.
$Date$ Current date.
Detailed information about this topic

Defining Tables

In the section for tables (Tables), you can select tables and columns required for accessing the data for the schema types, which will be defined. The SAP R/3 connector requires a definition for each table to load the slim object list. To do this, you define exactly those columns the SAP R/3 connector required when it loaded the synchronization objects. All columns in the table are loaded when single objects are accessed.

Table 19: Table definition

Attribute

Description

Definition

Symbolic name for using the definition.

TableName

Name of the table in the SAP database.

Key

Key term for formatting the distinguished name. Multiple values can be entered in a comma delimited list.

X500

Abbreviation for the key term in the attribute Key. Multiple values can be entered in a comma delimited list.

SQL

Limiting WHERE clause.

NOTE: There are a number of restrictions for parsing SQL operators in the SAP R/3 system. Take the following rules into account to ensure correctness:

Distinct

Counts the columns that the Distinct filter applies to (as comma delimited list).

Load

Columns to load when the object list is loaded. These columns can be for can be used to format the schema type's display name (DisplayPattern) as revision counters, for example, or as input parameters in a function,

If the object list is loaded from a table but single objects from a function, all the columns used within the synchronization project mapping must be given here.

IMPORTANT: Each column, which must be additionally loaded when the object list is loaded, creates extra load for One Identity Manager. This can make synchronization much slower if there is a lot of data. Only enter columns that you really need for further object processing.

No data is required for single object access.

Advice
  • Several table definitions with different symbolic names can be defined that refer to the same table in the SAP database.
  • Key columns are always loaded. They should not, therefore, be given in the Load attribute.
  • The Load attribute only works when loading the object list. All columns of the table are always loaded for When single object access
  • The following operators are valid in the WHERE clause:
    Table 20: Permitted operators in the SQL attribute
    Operator Function/Example
    EQ =
    NE <>
    GT >
    LT <
    GE >=
    LE <=
    BETWEEN ENDDA BETWEEN '20090101' AND '20090131'
  • A table definition can also contain a mapping block. This block is used to replace parameters that are supposed to be used in WHERE clauses but were selected with another name in the object list.

    In the example, every occurrence of the variable $BNAME$ was replaced with the value in the column USERNAME when single objects were loaded from the table RSECUSERAUTH before SQL selection was run. The column USERNAME must be loaded into an object list beforehand.

    Table definitions with a mapping are used primarily to load single objects.

  • Predefined variables can be used as well as custom defined parameters in the WHERE clause. For more information, see Configuring a Schema Extension File.
Example:

<Tables>

<TABLE Definition = "HRP1001-Table" TableName="HRP1001" Key="OTJID,SUBTY,BEGDA,ENDDA" X500="CN,OU,OU,OU" SQL="MANDT = sy-mandt" Load="VARYF" Distinct="OTJID,SUBTY,VARYF" />

<TABLE Definition = "HRP1000-Table" TableName="HRP1000" Key="OTJID,LANGU,BEGDA,ENDDA" X500="CN,OU,OU,OU" SQL="MANDT = sy-mandt" Load="" Distinct="OTJID" />

<TABLE Definition = "RSECUSERAUTH-SingleUser" TableName="RSECUSERAUTH" Key="AUTH" X500="CN" SQL="UNAME = '$BNAME$'" Load="" >

<MappingClosed>

<Data ParameterName = "$BNAME$" PropertyName = "USERNAME" />

</Mapping>

</TABLE>

</Tables>

Defining Functions

In the section for functions (Functions), you can describe the interfaces to BAPI functions required for accessing the data for the schema types, which will be defined.

Table 21: Function definition
Attribute Description
Definition Symbolic name for using the definition.
FunctionName Function name in the SAP R/3 system.
OutStructure Name of a SAP structure given as a return value. (Optional)
Key Key term for formatting the distinguished name. Multiple values can be entered in a comma delimited list.
X500 Abbreviation for the key term in the attribute Key. Multiple values can be entered in a comma delimited list.

In the optional mapping block, you define how the values are passed to the function call parameters. To do this, an object list must be created before the function call. The parameters for the function call can be filled from this object list's properties. In the example below, BNAME is a property, which is determined from the object list of the table USR02.

Predefined variables can be passed to the parameters. For more information, see Configuring a Schema Extension File. Apart from that, it is possible to pass a fixed value to a function parameter. The following notation is provided for this.

<Data ParameterName = "<Name>" PropertyName = "VALUE=<fixed value>" />

Example:

<Tables>

<TABLE Definition = "USR02-Table" TableName="USR02" Key="BNAME" X500="CN" SQL="MANDT = '$MANDT$'" Load="" />

</Tables>

<Functions>

<Function Definition = "USER GET" FunctionName="BAPI_USER_GET_DETAIL" OutStructure = "" Key ="USERNAME" X500 ="CN">

<MappingClosed>

<Data ParameterName = "USERNAME" PropertyName = "BNAME" />

</Mapping>

</Function>

</Functions>

Related Topics

Defining Schema Types

In the section for schema types (SAPExtendedSchematypes), you can define schema types that exist in the SAP schema and can be used to extend the connector schema. The identifier given in the attribute Name is used as the name. This identifier must be unique in the extended connector schema.

Table 22: Schema typeClosed definition
Attribute Description
Bem Internal description
Name Name of the schema type in the extended connector schema.
DisplayPattern Definition of a display pattern for displaying objects in the Synchronization EditorClosed (for example, in the target system browser or defining schema classes). (Optional) Only columns that are loaded in the table definition (attribute Key or Load) can be used.

IMPORTANT: Each column, which must be additionally loaded when the object list is loaded, creates extra load for One Identity Manager. This can make synchronization much slower if there is a lot of data. Only enter columns that you really need for further object processing.
RevisionProperty Name of a property contain the revision counter. (Optional)
ListObjectsDefinition Function or table definition for calling an object list.
ReadObjectDefinition Function or table definition for calling a single object.
WriteObjectDefinition Function definition for writing an object. (Optional)
DeleteObjectDefinition Function definition for deleting an object. (Optional)
ParentType Context of the schema type. (Optional)

By default, the schema types are client related (ParentType="SAPMANDANT"). If the new schema type is valid in all SAP R/3 system clients, enter the ParentType with the value "SAPSYSTEM".

If this attribute is not defined, the schema type is client related.

A schema type definition must contain at least one object list call (attribute ListObjectsDefinition). In this case, you can enter a table or a function definition. To call a single object (attribute ReadObjectDefinition), the object list must have been loaded previously. The list call and single object call can refer to different tables, however the key columns for identifying single objects must either have the same name or have been mapped in the table definition for the single object call. In the example below, the single objects from table RSECUSERAUTH are determined for an object from the table USR02. The key columns for identifying the objects are USR02.BNAME and RSECUSERAUTH.UNAME. The columns have different names and are therefore mapped using the parameter $BNAME$.

If is possible to define a Properties block for declaring any number of other object properties and the types of access to them.P One single property is defined by the Property tag, which can have the following attributes.

Table 23: Property Definition
Attribute Description
Name Name of the property. It must be unique within the schema type.
Description Property description.
ListFunction Function or table for calling all values.
AddFunction Function for adding a value. (Optional)
DelFunction Function for deleting a value. (Optional)
ReplaceFunction Replaces the entire contents of the property. (Optional)
IsMultivalued Specifies whether the property has multiple values. (Optional)

If this attribute is not defined, the property is not mult-value.

Example:

<Tables>

<TABLE Definition = "USR04-Table" TableName="USR04" Key="BNAME,MANDT" X500="CN,OU" SQL="MANDT = sy-mandt" Load="" />

<TABLE Definition = "USR02-Table" TableName="USR02" Key="BNAME" X500="CN" SQL="MANDT = sy-mandt" Load="MANDT,TRDAT" />

<TABLE Definition = "RSECUSERAUTH-SingleUser" TableName="RSECUSERAUTH" Key="AUTH" X500="CN" SQL="UNAME = '$BNAME$'" Load="" >

<MappingClosed>

<Data ParameterName = "$BNAME$" PropertyName = "BNAME" />

</Mapping>

</TABLE>

</Tables>

<Functions>

<Function Definition = "USER GET" FunctionName="BAPI_USER_GET_DETAIL" OutStructure = "" Key ="USERNAME" X500 ="CN">

<Mapping>

<Data ParameterName = "USERNAME" PropertyName = "BNAME" />

</Mapping>

</Function>

<Function Definition = "USER SET" FunctionName="BAPI_USER_CHANGE" OutStructure ="" Key ="USERNAME" X500 ="CN">

<Mapping>

<Data ParameterName = "USERNAME" PropertyName = "BNAME" />

</Mapping>

</Function>

<Function Definition = "USER DEL" FunctionName="BAPI_USER_DELETE" OutStructure ="" Key ="USERNAME" X500 ="CN" >

<Mapping>

<Data ParameterName = "USERNAME" PropertyName = "BNAME" />

</Mapping>

</Function>

<Function Definition = "USER PROFILE SET" FunctionName="BAPI_USER_PROFILES_ASSIGN" OutStructure ="" Key ="USERNAME" X500 ="CN">

<Mapping>

<Data ParameterName = "USERNAME" PropertyName = "BNAME" />

<Data ParameterName = "BAPIPROF~BAPIPROF" PropertyName = "$Value$" />

</Mapping>

</Function>

<Function Definition = "BWProfileDelFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_DEL" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">

<Mapping>

<Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" />

<Data ParameterName = "ZHIER" PropertyName = "$VALUE$" />

</Mapping>

</Function>

<Function Definition = "BWProfileAddFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_ADD" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">

<Mapping>

<Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" />

<Data ParameterName = "ZHIER" PropertyName = "$VALUE$" />

</Mapping>

</Function>

</Functions>

<SAPExtendedSchematypes>

<SAPExtendedSchematype Bem = "all users" Name = "UserFunctionTable" DisplayPattern="%BNAME% (%MANDT%)" RevisionProperty="TRDAT" ListObjectsDefinition = "USR02-Table" ReadObjectDefinition ="USER GET" WriteObjectDefinition = "USER SET" DeleteObjectDefinition = "USER DEL">

<Properties>

<Property Name = "SAPBWP" Description="all the user's BW profiles" ListFunction="RSECUSERAUTH-SingleUser" AddFunction="BWProfileAddFkt" DelFunction="BWProfileDelFkt" ReplaceFunction="" IsMultivalued = "true" />

<Property Name = "USERPROFILE" Description="all the user's profiles" ListFunction="USR04-Table" AddFunction="" DelFunction="" ReplaceFunction="USER PROFILE SET" IsMultivalued = "true" />

</Properties>

</SAPExtendedSchematype>

</SAPExtendedSchematypes>

Explanation:

The list of schema type objects UserFunctionTable is created by using the table USR02. Reading, writing and deleting is done with USER-BAPI functions, which each have been declared as a Function.

The schema type has a properties block. Two properties are defined here that are neither returned through the list call's table definition nor through the single object call's function definition. A multi-value property SAPBWP is defined, whose value is taken from the table RSECUSERAUTH. The single objects are identified by the columns USR02.BNAME and RSECUSERAUTH.UNAME. BAPI calls, which are defined as functions, are used for inserting and deleting values.

The property Userprofile is an example of a multi-value property, which has values read from a table (USER04) and a Replace function. Therefore, all values that need to remain in the property must always be given when changes are made. The write function is the original USER-BAPI function for setting profiles in the user (function definition for BAPI_USER_PROFILES_ASSIGN). Single objects are identified using the columns USR02.BNAME and USR04.BNAME. There is no mapping required for the table definition because the key columns have the same name.

Related Documents