Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Creating a schema extension file

Define all the schema types you want to use to extend the connector schema in the schema extension file. The schema extension file is an XML file with a structure identical to the connector schema. It describes the definitions for table queries and BAPI calls for the new schema types. If a new schema type has the same name as an already existing schema type, the extension is ignored.

The file is divided into three main sections:

  • Table section
  • Functions section
  • Schema types section

Basically, tables, and functions required to access data for defined schema types, must be declared first. Then you can define new schema types in the schema types section. Use 'functions and tables in different schema type definitions in this case. A schema type definition must contain at least one call for an object list.

NOTE:

As of One Identity Manager version 8.2, an updated BAPI transport SAPTRANSPORT_70.ZIP is provided. This replaces the RFC_READ_TABLE SAP module with the /VIAENET/READTABLE function module. When it accesses an SAP R/3 environment, the SAP R/3 connector checks whether the /VIAENET/READTABLE function module exists and uses it.

If the function module is not available, the connector uses the RFC_READ_TABLE SAP module.

Schema extension file structure

<?xml version="1.0" encoding="utf-8" ?>
<SAP>
    <Tables>
        ...
    </Tables>
    <Functions>
        ...
    </Functions>
    <SAPExtendedSchematypes>
        ...
    </SAPExtendedSchematypes>
</SAP>
Predefined variables

You can use variables in the table and function sections. This includes system variables that are known to the /VIAENET/READTABLE function module or the SAP module RFC_READ_TABLE.

Table 15: System variable examples
Variable Description
sy-langu Currently selected login language.
sy–datum Current date.
sy-mandant Current client.

You can also use variables known to the SAP R/3 connector, for example, from the process parameter definition.

Table 16: Predefined SAP R/3connector variables
Variable Description
$Value$ Input parameter for the One Identity Manager Service call.
$Mandt$ Current client's number.
$Date$ Current date.
Detailed information about this topic

Defining tables

In the section for tables (Tables), you can select tables and columns required for accessing the data for the schema types that will be defined. The SAP R/3 connector requires a definition for each table to load the slim object list. To do this, you define exactly those columns the SAP R/3 connector requires when it loads the synchronization objects. All columns in the table are loaded when single objects are accessed.

Table 17: Table definition

Attribute

Description

Definition

Symbolic name for using the definition.

TableName

Name of the table in the SAP database.

Key

Key term for formatting the distinguished name. Multiple values can be entered in a comma delimited list.

X500

Abbreviation for the key term in the attribute Key. Multiple values can be entered in a comma delimited list.

SQL

Limiting WHERE clause.

NOTE: There are a number of restrictions for parsing SQL operators in the SAP R/3 system. Take the following rules into account to ensure correctness:

Distinct

Counts the columns that the Distinct filter applies to (as comma delimited list).

Load

Columns to load when the object list is loaded. These columns can be for can be used to format the schema type's display name (DisplayPattern) as revision counters, for example, or as input parameters in a function,

If the object list is loaded from a table but single objects from a function, all the columns used within the synchronization project mapping must be given here.

IMPORTANT: Each column, which must be additionally loaded when the object list is loaded, creates extra load for One Identity Manager. This can make synchronization much slower if there is a lot of data. Only enter columns that you really need for further object processing.

No data is required for single object access.

Advice
  • Several table definitions with different symbolic names can be defined that refer to the same table in the SAP database.

  • Key columns are always loaded. They should not, therefore, be given in the Load attribute.

  • The Load attribute only works when loading the object list. All columns of the table are always loaded for single object access.

  • The following operators are permitted in the WHERE clause:

    Table 18: Permitted operators in the SQL attribute
    Operator Function/Example
    EQ =
    NE <>
    GT >
    LT <
    GE >=
    LE <=
    BETWEEN ENDDA BETWEEN '20090101' AND '20090131'
  • A table definition can also contain a mapping block. This block is used to replace parameters that are supposed to be used in WHERE clauses but were selected with another name in the object list.

    In the example, every occurrence of the $BNAME$ variable was replaced with the current value in the USERNAME column when single objects were loaded from the RSECUSERAUTH table before SQL selection was run. The column USERNAME must be loaded into an object list beforehand.

    Table definitions with a mapping are primarily used to load single objects.

  • Predefined variables can be used as well as custom defined parameters in the WHERE clause. For more information, see Creating a schema extension file.

Example

<Tables>
    <TABLE Definition = "HRP1001-Table" TableName="HRP1001" Key="OTJID,SUBTY,BEGDA,ENDDA" X500="CN,OU,OU,OU" SQL="MANDT = sy-mandt" Load="VARYF" Distinct="OTJID,SUBTY,VARYF" />
    <TABLE Definition = "HRP1000-Table" TableName="HRP1000" Key="OTJID,LANGU,BEGDA,ENDDA" X500="CN,OU,OU,OU" SQL="MANDT = sy-mandt" Load="" Distinct="OTJID" />
    <TABLE Definition = "RSECUSERAUTH-SingleUser" TableName="RSECUSERAUTH" Key="AUTH" X500="CN" SQL="UNAME = '$BNAME$'" Load="" >
        <Mapping>
            <Data ParameterName = "$BNAME$" PropertyName = "USERNAME" />
        </Mapping>
    </TABLE>
</Tables>
Related topics

Defining functions

In the section for functions (Functions), you can describe the interfaces to BAPI functions required for accessing the data for the schema types, which will be defined.

Table 19: Function definition
Attribute Description
Definition Symbolic name for using the definition.
FunctionName Function name in the SAP R/3 system.
OutStructure Name of an SAP structure given as a return value. (Optional)
Key Key term for formatting the distinguished name. Multiple values can be entered in a comma delimited list.
X500 Abbreviation for the key term in the attribute Key. Multiple values can be entered in a comma delimited list.

In the optional mapping block, you define how the values are passed to the function call parameters. To do this, an object list must be created before the function call. The parameters for the function call can be filled from this object list's properties. In the example below, BNAME is a property, which is determined from the object list of the table USR02.

Predefined variables can be passed to the parameters. For more information, see Creating a schema extension file. Apart from that, it is possible to pass a fixed value to a function parameter. The following notation is provided for this.

<Data ParameterName = "<Name>" PropertyName = "VALUE=<fixed value>" />

Example
<Tables>
    <TABLE Definition = "USR02-Table" TableName="USR02" Key="BNAME" X500="CN" SQL="MANDT = '$MANDT$'" Load="" />
</Tables>
<Functions>
    <Function Definition = "USER GET" FunctionName="BAPI_USER_GET_DETAIL" OutStructure = "" Key ="USERNAME" X500 ="CN">
        <Mapping>
            <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
        </Mapping>
    </Function>
</Functions>
Related topics

Defining schema types

In the section for schema types (SAPExtendedSchematypes), you can define schema types that exist in the SAP schema and can be used to extend the connector schema. The identifier given in the Name attribute is used as the name. This identifier must be unique in the extended connector schema.

Table 20: Schema type definition

Attribute

Description

Bem

Internal description

Name

Name of the schema type in the extended connector schema.

DisplayPattern

Definition of a display pattern for displaying objects in the Synchronization Editor (for example, in the target system browser or defining schema classes). (Optional)

Only columns that are loaded in the table definition (Key or Load attribute) can be used.

If there is no DisplayPattern defined, the object's distinguished name is used as the display value.

NOTE: The use of multi-value columns (MVP) in the DisplayPattern is not allowed

IMPORTANT: Each column, which must be additionally loaded when the object list is loaded, creates extra load for One Identity Manager. This can make synchronization much slower if there is a lot of data. Only enter columns that you really need for further object processing.

AddRevisionTimeOffset

Specifies whether the revision counter adds the time as 23:59:00. (Optional)

You can use this attribute if the revision counter only contains a change date but no timestamp. This allows objects that were changed after the previous synchronization run but on the same day, to be included in the next synchronization run.

RevisionProperty

Name of a property contain the revision counter. (Optional)

ListObjectsDefinition

Function or table definition for calling an object list.

ReadObjectDefinition

Function or table definition for calling a single object.

InsertObjectDefinition

Function call to create the new object. (Optional)

InsertCommitDefinition

Function call that should be run after the function to create the new object. (Optional)

WriteObjectDefinition

Function call to write the object. (Optional)

WriteCommitDefinition

Function call that should be run after the function to write the new object. (Optional)

DeleteObjectDefinition

Function call to delete the object. (Optional)

DeleteCommitDefinition

Function call that should be run after the function to delete the object. (Optional)

ParentType

Context of the schema type. (Optional)

By default, the schema types are client-related (ParentType="SAPMANDANT"). If the new schema type is valid in all SAP R/3 system clients, enter ParentType with the value SAPSYSTEM.

If this attribute is not defined, the schema type is client-related.

A schema type definition must contain at least one object list call (attribute ListObjectsDefinition). In this case, you can enter a table or a function definition. To call a single object (attribute ReadObjectDefinition), the object list must have been loaded previously. The list call and single object call can refer to different tables, however the key columns for identifying single objects must either have the same name or have been mapped in the table definition for the single object call. In the example below, the single objects from table RSECUSERAUTH are determined for an object from the table USR02. The key columns for identifying the objects are USR02.BNAME and RSECUSERAUTH.UNAME. The columns have different names and are therefore mapped using the parameter $BNAME$.

If is possible to define a Properties block for declaring any number of other object properties and the types of access to them.P One single property is defined by the Property tag, which can have the following attributes.

Table 21: Property definition

Attribute

Description

Name

Name of the property. It must be unique within the schema type.

Description

Property description.

ListFunction

Function or table for calling all values.

AddFunction

Function for adding a value. (Optional)

DelFunction

Function for deleting a value. (Optional)

ReplaceFunction

Replaces the entire contents of the property. (Optional)

IsMultivalued

Specifies whether the property has multiple values. (Optional)

If the attribute is not defined, the property is not multi-valued.

Example

<Tables>
    <TABLE Definition = "USR04-Table" TableName="USR04" Key="BNAME,MANDT" X500="CN,OU" SQL="MANDT = sy-mandt" Load="" />
    <TABLE Definition = "USR02-Table" TableName="USR02" Key="BNAME" X500="CN" SQL="MANDT = sy-mandt" Load="MANDT,TRDAT" />
    <TABLE Definition = "RSECUSERAUTH-SingleUser" TableName="RSECUSERAUTH" Key="AUTH" X500="CN" SQL="UNAME = '$BNAME$'" Load="">
        <Mapping>
            <Data ParameterName = "$BNAME$" PropertyName = "BNAME" />
        </Mapping>
    </TABLE>
    <TABLE Definition = "ANLA-Table" TableName="ANLA" Key="BUKRS,ANLN1" X500="CN,OU" SQL="MANDT = sy-mandt" Load="AEDAT" />
</Tables>
<Functions>
    <Function Definition = "USER GET" FunctionName="BAPI_USER_GET_DETAIL" OutStructure = "" Key ="USERNAME" X500 ="CN">
        <Mapping>
            <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
        </Mapping>
    </Function>
    <Function Definition = "USER SET" FunctionName="BAPI_USER_CHANGE" OutStructure ="" Key ="USERNAME" X500 ="CN">
        <Mapping>
            <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
        </Mapping>
    </Function>
    <Function Definition = "USER DEL" FunctionName="BAPI_USER_DELETE" OutStructure ="" Key ="USERNAME" X500 ="CN" >
        <Mapping>
            <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
        </Mapping>
    </Function>
    <Function Definition = "USER PROFILE SET" FunctionName="BAPI_USER_PROFILES_ASSIGN" OutStructure ="" Key ="USERNAME" X500 ="CN">
        <Mapping>
            <Data ParameterName = "USERNAME" PropertyName = "BNAME" />
            <Data ParameterName = "BAPIPROF~BAPIPROF" PropertyName = "$Value$" />
        </Mapping>
    </Function>
    <Function Definition = "BWProfileDelFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_DEL" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">
        <Mapping>
            <Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" />
            <Data ParameterName = "ZHIER" PropertyName = "$VALUE$" />
        </Mapping>
    </Function>
    <Function Definition = "BWProfileAddFkt" FunctionName="/VIAENET/SAPHR_RSECUSERAUT_ADD" OutStructure ="" Key ="ZUSRNAME,ZHIER" X500 ="CN,OU">
        <Mapping>
            <Data ParameterName = "ZUSRNAME" PropertyName = "BNAME" />
            <Data ParameterName = "ZHIER" PropertyName = "$VALUE$" />
        </Mapping>
    </Function>
</Functions>
<SAPExtendedSchematypes>
    <SAPExtendedSchematype Bem = "all users" Name = "UserFunctionTable" DisplayPattern="%BNAME% (%MANDT%)" RevisionProperty="TRDAT" ListObjectsDefinition = "USR02-Table" ReadObjectDefinition ="USER GET" WriteObjectDefinition = "USER SET" DeleteObjectDefinition = "USER DEL">
        <Properties>
            <Property Name = "SAPBWP" Description="all BW profiles of the user" ListFunction="RSECUSERAUTH-SingleUser" AddFunction="BWProfileAddFkt" DelFunction="BWProfileDelFkt" ReplaceFunction="" IsMultivalued = "true" />
            <Property Name = "USERPROFILE" Description="all profiles of the user" ListFunction="USR04-Table" AddFunction="" DelFunction="" ReplaceFunction="USER PROFILE SET" IsMultivalued = "true" />
        </Properties>
    </SAPExtendedSchematype>
    <SAPExtendedSchematype Bem = "Asset, asset values" Name = "Asset_ANLA" DisplayPattern="%ANLN1% %BUKRS%" AddRevisionTimeOffset="true" RevisionProperty="AEDAT" ListObjectsDefinition = "ANLA-Table" ReadObjectDefinition = "ANLA-Table" InsertObjectDefinition = "" WriteObjectDefinition = "" DeleteObjectDefinition = "" />
</SAPExtendedSchematypes>
Explanation:

The list of UserFunctionTable schema type objects is created by using the USR02 table. Reading, writing, and deleting is done with USER-BAPI functions, which each have been declared as a Function.

The schema type has a properties block. Two properties are defined here that are neither returned through the list call's table definition nor through the single object call's function definition. A multi-value property SAPBWP is defined, whose value is taken from the RSECUSERAUTH table. The single objects are identified by the columns USR02.BNAME and RSECUSERAUTH.UNAME. BAPI calls, which are defined as functions, are used for inserting and deleting values.

The property Userprofile is an example of a multi-value property, which has values read from a table (USER04) and a Replace function. Therefore, all values that need to remain in the property must always be given when changes are made. The write function is the original USER-BAPI function for setting profiles in the user (function definition for BAPI_USER_PROFILES_ASSIGN). Single objects are identified using the USR02.BNAME and USR04.BNAME columns. There is no mapping required for the table definition because the key columns have the same name.

The Asset_ANLA schema type uses the AESAT revision counter, which only contains a change date. The connector adds a time of 23.59:00 to this revision counter (AddRevisionTimeOffset="true").

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating