on 05-15-2013 9:58 PM
Hi,
As any one worked on to provision certain attributes to custom tables in SAP ABAP systems from IDM system.
I was able to successfully pull data from custom tables by using steps defined in this site.
http://scn.sap.com/community/netweaver-idm/blog/2012/06/12/accessing-a-abap-database-table-from-idm
Now we have a requirement to provision users to this table in SAP system based on the attributes users have.
Can some one please give steps and process which does.
Thanks,
Arun A
You can do it with javascript. Write a script to do a JCOconnection and call a BAPI. You'll probably have to write a custom one to assist you - writing directly to the table is probably not the best idea. Very surmountable though.
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Arun,
In general it is a best practice not to write directly to custom tables. This is generally because unless it is documented somewhere we do not know what pre- or post-processing is done to the data either by the application itself (Most SAP modules going through SAP GUI or a similar tool) or because there are triggers / stored procedures that are designed to work with the data when it is placed in the table (SAP IDM) Use of APIs or approved methods (To Passes in IDM) are the best ways to go.
If you feel that you must do this, test it extensively before using it even in a QA environment, and be warned that Support will most likely not be available to you should you have difficulties later on.
Good luck!
Matt
Hi Matt, the table has custom data which we are able to pull by using abap help and creating priv's based on that three fields
field1: MSKEYVALUE
FIELD2 and fields3.
Now once we have the priv's we add to roles and then the provisioning should be done from IDM to write the data based on the mskeyvalue and priv with field 2 and field 3.
The table is simple with
field
Field 1, field2 and field3
Let me know if you need more details.
Thanks.
Hi Matt, we are using the SAP Provisioning framework to create users and assign roles which is a standard one. But in this case we want to write some data to a custom table created in one of SAP system and i am able to first read the data from this custom table to identity center and created priv's based on what the table the string look like this
priv:field1:field2.
the table has uid, field1 and field 2.
Now we have to write the data to this custom table by splitting the priv and take only field1 and field 2 for provisioning uid.
so are you saying the provisioning framework can accomodate this requirement if yes where can i update the table name and the fields so it writes the data to that table.
Please let me know if you need more information.
Thanks,
Arun A
Ok in that I case I would do something like the following:
Use a to Identity Store pass to write the data to your intended MSKEYVALUE and then uses a script which builds out the privilege name from the custom table (you'll want it to use a uSelect to find the UID and fields so it comes out returning something like:
<PRIV:field1:field2>
Or you could do a similar lookup from the ID Store to just return the MSKEY of the privilege itself.
The script and its queries would look something like this:
// Main function: z_getPriv(%Z_UID%)
function z_getPriv(%Z_UID%)(Par){
//look up privilege elements from some table
var sqlQuery = "select field1, field2 from SOMETABLE where uid = ''"+Par+"''";
var sqlResult = uSelect(
sqlQuery
/*,RowSeparator*/
/*,ColumnSeparator*/
);
var PrivMSKEYquery = "select mcmskey as mskey from idmv_entry_simple where mcEntryType ='MX_PRIVILEGE' and mcMSKEYVALUE like 'MX_PRIV:WD:TAB_TODO' ";
var PrivMSKEY = uSelect(
PrivMSKEYquery
/*,RowSeparator*/
/*,ColumnSeparator*/
)
return PrivMSKEY;
}
If UID is not the same as MSKEYVALUE you'll also need to do a ID Store lookup to get the MSKEYVALUE for the UID.
This can also be done in a job, where I would do something like the following:
1. Read the custom table with UID, field1 and field 2
2. As mentioned above create a to IDS pass that would create the privilege
Hope this helps!
Hi Matt, I have already able to create the priv and uid'sin our system. Now i am trying to write back to this custom table from IDM system based on these priv's when we assign the priv to a new user and this user should be getting the priv values added in the table.
this is my requirement. Please let me know if you need more details.
Hi Matt,
thanks for all your replies, i have one more question when you are saying a database pass that can be used - this is a table which is in SAP system and i guess we may need a BAPI to write the data to these this table in SAP system and are you saying we can achieve this by using to database pass and which DB pass i can use to get this?
Thanks,
AAK.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.