Chat now with support
Chat with Support

We are currently experiencing a OneLogin Outage within the US region, please consult https://www.onelogin.com/status for further details.

Identity Manager 9.1.2 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Project template for the CUA central system

Use the SAP R/3 synchronization (base administration) project template to synchronize a central user administration central system. The project template uses mappings for the following schema types.

Table 78: Mapping SAP R/3 schema types to tables in the One Identity Manager schema.
Schema type in the target system Table in the One Identity Manager Schema
ALE SAPMandant
CLIENT SAPMandant
Company SAPCompany
GROUP SAPGrp
LICENSETYPE SAPLicence
LicenceExtension SAPLicenceExtension
LoginLanguage SAPLoginLanguages
Parameters SAPParameter
Printer SAPPrinter
CUAProfile SAPProfile
ProfileInProfile SAPProfileInSAPProfile
ProfileInRole SAPProfileInSAPRole
PROFITCENTER SAPProfitCenter
CUARole SAPRole
RoleInRole SAPRoleInSAPRole
STARTMENUE SAPStartMenu
SAPTSAD3T SAPTitle
USER SAPUser
UserComFax SAPComFax
UserComPhone SAPComPhone
UserComSMTP SAPComSMTP
UserExtId SAPUserExtId
UserHasLicense SAPUserHasLicence
UserHasParameter SAPUserHasParameter
UserInGroup SAPUserInSAPGrp
UserInMandant SAPUserInSAPMandant
UserInCUAProfile SAPUserInSAPProfile
UserInCUARole SAPUserInSAPRole

Project template for CUA subsystems

Use the SAP R/3 (CUAClosed subsystem) project template to synchronize central user administration child systems that are not in the same SAP system. The project template uses mappings for the following schema types.

Table 79: Mapping SAP R/3 schema types to tables in the One Identity Manager schema.
Schema type in the target system Table in the One Identity Manager Schema
LICENSETYPE SAPLicence
LicenceExtension SAPLicenceExtension
LoginLanguage SAPLoginLanguages
CLIENT SAPMandant

Referenced SAP R/3 table and BAPI calls

The following overview provides information about all the tables in an SAP R/3 system referenced during synchronization and the BAPI calls that are run.

Table 80: Referenced tables and BAPIs
Tables BAPI Calls
  • ADR2

  • ADR3

  • ADR6

  • ADRP

  • AGR_1016

  • AGR_AGRS

  • AGR_DEFINE

  • AGR_USERS

  • ANLA

  • ANLZ

  • AUTHX

  • CSKS

  • CSKT

  • DD02L

  • DD03L

  • DD03M

  • DD04L

  • DD04T

  • DD07L

  • HRP1000

  • HRP1001

  • PA0000

  • PA0001

  • PA0002

  • PA0007

  • PA0016

  • PA0034

  • PA0041

  • PA0105

  • PA0709

  • RSECUSERAUTH

  • RSECTXT

  • SEC_POLICY_CUST

  • SEC_POLICY_RT

  • T000

  • T001

  • T001P

  • T002

  • T591S

  • T500P

  • T548T

  • T77PR

  • T77UA

  • TACT

  • TACTT

  • TACTZ

  • TMENU01

  • TMENU01T

  • TMENU01R

  • TOBJ

  • TOBJT

  • TOBCT

  • TPARA

  • TSAD3

  • TSAD3T

  • TSAC

  • TSACT

  • TSP03

  • TSTC

  • TSTCT

  • TTREE

  • TTREET

  • TUPLT

  • TUTYP

  • TUTYPA

  • TUTYPPL

  • TUZUS

  • USGRP_USER

  • USGRPT

  • USL04

  • USLA04

  • USOBHASH

  • USOBT_C

  • USOBX_C

  • USR01

  • USR02

  • USR05

  • USR06

  • USR06SYS

  • USR10

  • USR11

  • USR12

  • USR21

  • USREFUS

  • USREXTID

  • USRSTAMP

  • USRSYSACTT

  • USRSYSPRF

  • USRSYSPRFT

  • UST04

  • UST10C

  • UST10S

  • UST12

  • USVART

  • USZBVLNDSC

  • USZBVLNDRC

  • USZBVSYS

  • V_USCOMPA

  • BAPI_USER_CREATE1

  • BAPI_USER_GET_DETAIL

  • BAPI_USER_CHANGE

  • BAPI_USER_DELETE

  • BAPI_USER_LOCK

  • BAPI_USER_UNLOCK

  • BAPI_USER_ACTGROUPS_ASSIGN

  • BAPI_USER_ACTGROUPS_DELETE

  • BAPI_USER_PROFILES_ASSIGN

  • BAPI_USER_PROFILES_DELETE

  • BAPI_USER_LOCACTGROUPS_READ

  • BAPI_USER_LOCACTGROUPS_DELETE

  • BAPI_USER_LOCPROFILES_READ

  • BAPI_USER_LOCPROFILES_DELETE

  • BAPI_USER_SYSTEM_ASSIGN

  • SUSR_USER_CHANGE_PASSWORD_RFC

  • BAPI_USER_LOCPROFILES_ASSIGN

  • BAPI_USER_LOCACTGROUPS_ASSIGN

  • RFC_READ_TABLE or /VIAENET/READTABLE

Example of a schema extension file

<?xml version="1.0" encoding="utf-8" ?>
<SAP>
    <Functions>
        <Function Definition = "USER GET" FunctionName="BAPI_USER_GET_DETAIL" OutStructure = "" Key ="USERNAME" X500 ="CN">
            <Mapping>
                <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
            </Mapping>
        </Function>
        <Function Definition = "USER SET" FunctionName="BAPI_USER_CHANGE" OutStructure ="" Key ="USERNAME" X500 ="CN">
            <Mapping>
                <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
            </Mapping>
        </Function>
        <Function Definition = "USER DEL" FunctionName="BAPI_USER_DELETE" OutStructure ="" Key ="USERNAME" X500 ="CN">
            <Mapping>
                <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
            </Mapping>
        </Function>
        <Function Definition = "USER PROFILE SET" FunctionName="BAPI_USER_PROFILES_ASSIGN" OutStructure ="" Key ="USERNAME" X500 ="CN">
            <Mapping>
                <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
                <Data ParameterName = "BAPIPROF~BAPIPROF" PropertyName = "$Value$" />
            </Mapping>
        </Function>
        <Function Definition = "BWProfileAdd" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_ADD" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">
            <Mapping>
                <Data ParameterName = "ZUSRNAME" PropertyName = "UNAME" />
                <Data ParameterName = "ZHIER" PropertyName = "AUTH" />
            </Mapping>
        </Function>
        <Function Definition = "BWProfileDel" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_DEL" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">
            <Mapping>
                <Data ParameterName = "ZUSRNAME" PropertyName = "UNAME" />
                <Data ParameterName = "ZHIER" PropertyName = "AUTH" />
            </Mapping>
        </Function>
        <Function Definition = "BWProfileDelFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_DEL" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">
            <Mapping>
                <Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" />
                <Data ParameterName = "ZHIER" PropertyName = "$VALUE$" />
            </Mapping>
        </Function>
        <Function Definition = "BWProfileAddFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_ADD" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">
            <Mapping>
                <Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" />
                <Data ParameterName = "ZHIER" PropertyName = "$VALUE$" />
            </Mapping>
        </Function>
    </Functions>
    <Tables>
        <TABLE Definition = "TUZUS-Table" TableName="TUZUS" Key="SONDERVERS" X500="CN" SQL="LANGU = sy-langu" Load="SONDERVERS,TEXTSVERS" />
        <TABLE Definition = "USR05-Table" TableName="USR05" Key="BNAME,PARID" X500="CN,OU" SQL="MANDT = '$MANDT$'" Load="BNAME,PARID,PARVA">
            <Mapping>
                <Data ParameterName = "$BNAME$" PropertyName = "BNAME" />
                <Data ParameterName = "$PARID$" PropertyName = "PARID" />
            </Mapping>
        </TABLE>
        <TABLE Definition = "USR04-Table" TableName="USR04" Key="BNAME,MANDT" X500="CN,OU" SQL="MANDT = sy-mandt" Load="" />
        <TABLE Definition = "RSECUSERAUTH-Table" TableName="RSECUSERAUTH" Key="UNAME,AUTH" X500="CN,OU" SQL="" Load="" />
        <TABLE Definition = "RSECUSERAUTH-SingleUser" TableName="RSECUSERAUTH" Key="AUTH" X500="CN" SQL="UNAME = '$BNAME$'" Load="">
            <Mapping>
                <Data ParameterName = "$BNAME$" PropertyName = "BNAME" />
            </Mapping>
        </TABLE>
    </Tables>
    <SAPExtendedSchematypes>
        <SAPExtendedSchematype Bem = "M:N, add/del - function" Name = "BWUserInBWP" DisplayPattern="%UNAME% - %AUTH%" ListObjectsDefinition = "RSECUSERAUTH-Table" ReadObjectDefinition = "RSECUSERAUTH-Table" InsertObjectDefinition = "BWProfileAdd" DeleteObjectDefinition = "BWProfileDel" />
        <SAPExtendedSchematype Bem = "simple read only table" Name = "LicenceExtension" DisplayPattern="%SONDERVERS%" ListObjectsDefinition = "TUZUS-Table" ReadObjectDefinition ="TUZUS-Table" InsertObjectDefinition = "" WriteObjectDefinition = "" DeleteObjectDefinition = "" ParentType = "SAPSYSTEM" />
        <SAPExtendedSchematype Bem = "Test" Name = "USERFunctionTable" DisplayPattern="%BNAME% (%MANDT%)" ListObjectsDefinition = "USR05-Table" ReadObjectDefinition ="USER GET" WriteObjectDefinition = "USER SET" DeleteObjectDefinition = "USER DEL" >
            <Properties>
                <Property Name = "SAPBWP" Description="all BW profiles of the user" ListFunction="RSECUSERAUTH-SingleUser" AddFunction="BWProfileAddFkt" DelFunction="BWProfileDelFkt" ReplaceFunction="" IsMultivalued = "true" />
                <Property Name = "USERPROFILE" Description="all profiles of the user" ListFunction="USR04-Table" AddFunction="" DelFunction="" ReplaceFunction="USER PROFILE SET" IsMultivalued = "true" />
            </Properties>
        </SAPExtendedSchematype>
    </SAPExtendedSchematypes>
</SAP>
Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating