Data provisioning
Provisioning configuration
This section describes the configuration of the provisioning for the Omada SAP Connectivity with SAP Framework 6.0.
| Setting | Description |
|---|---|
| Method for accounts | Select the method for the provisioning of accounts and password reset. In case of SAP select Omada Provisioning Service. |
| Method for assignments | Select the method for the provisioning of assignments. In case of SAP select Omada Provisioning Service. |
| Provisioning connector | Select SAP Connectivity Framework 6.0. |
| Use default configuration | Select this to use the default configuration for a selected connector. Enabling this option will overwrite any existing configuration |
Connector settings
| Setting | Description |
|---|---|
| Client | Specify the client number from SAP to which to connect. |
| Host name | Type the Fully Qualified Domain Name of a valid host name. You must include the port number of the application server to make the setting valid. |
| User name | Type the user name of the administrative user used to access the service. |
| Password | Type the password for the administrative user. Each time you make a change to any of the settings in the Connector settings dialog box, you must type your password again. |
| Initial password | (optional, required in production password scenarios) Provide a password that will be used as an initial password for newly created users. |
| Test connection | Enable this setting to test the specified connection details. |
Web service settings
| Setting | Description |
|---|---|
| Connect using SSL | Enable this setting to enable the use of a secure HTTPS connection via Secure Sockets Layer (SSL). |
| Skip certificate check | Select this to ignore any certificate check while connecting using SSL |
| Setting/string | Default value |
|---|---|
| User get single service | user_single_get |
| User get single binding | user_single_get |
| User create service | user_create |
| User create binding | user_create |
| User modify service | user_modify |
| User modify binding | user_modify |
| User delete service | user_remove |
| User delete binding | user_remove |
| User password change service | user_change_password |
| User password change binding | user_change_password |
| Role assignment service | role_assignments |
| Role assignment binding | role_assignments |
| Profile assignment service | profile_assignments |
| Profile assignment binding | profile_assignments |
Data model
Following objects are supported in this data model for SAP connectivity.
SapUser60
The connector supports all properties from the Web services on the SapUser60 object. Supported operations: Create, Update, and Delete. Below is a list of main properties on the User object. Properties on structs are specified by the [name of the struct property].[propertyname], for example ADDRESS.PERS_NO.
| Property | Type | Description |
|---|---|---|
| SYSID* | stringType | The system to which the user belongs. |
| MANDT* | stringType | The mandate for which the user belongs. |
| USERNAME* | stringType | The name of the user. |
| LOCK | stringType | Select to lock the user or not to lock the user. The value can be True or False. |
| LOGONDATA.GLTGV | stringType | |
| LOGONDATA.GLTGB | stringType | |
| LOGONDATA.USTYP | stringType | A, B, C, L, S for Dialog, System, Communications Data, Reference, Service. |
| LOGONDATA.CLASS | stringType | |
| LOGONDATA.TZONE | stringType | |
| LOGONDATA.LTIME | stringType | |
| LOGONDATA.TRDAT | stringType | |
| LOGONDATA.BCODE | stringType | |
| LOGONDATA.CODVN | stringType | |
| LOGONDATA.PASSCODE | stringType | |
| LOGONDATA.CODVC | stringType | |
| LOGONDATA.BCDA1 | stringType | |
| LOGONDATA.UFLAG | stringType | |
| LOGONDATA.LOCNT | stringType | |
| LOGONDATA.ANAME | stringType | |
| LOGONDATA.ERDAT | stringType | |
| ADDRESS.PERS_NO | stringType | |
| ADDRESS.ADDR_NO | stringType | |
| ADDRESS.TITLE_P | stringType | Title. |
| ADDRESS.FIRSTNAME** | stringType | The first name of user. |
| ADDRESS.LASTNAME** | stringType | The last name of user. |
| ADDRESS.BIRTH_NAME | stringType | |
| ADDRESS.MIDDLENAME | stringType | The middle name of user. |
| ADDRESS.SECONDNAME | stringType | |
| ADDRESS.FULLNAME | stringType | |
| ADDRESS.NICKNAME | stringType | |
| ADDRESS.INITIALS | stringType | |
| ADDRESS.DEPARTMENT | stringType | The name of the department. |
| ADDRESS.FUNCTION | stringType | The user’s function. |
| ADDRESS.TITLE | stringType | The user’s title, for example, Mr or Ms. This field may be required on some systems. |
| ADDRESS.TITLE_ACA1 | stringType | Academic title. |
| ADDRESS.TITLE_ACA2 | stringType | |
| ADDRESS.PREFIX1 | stringType | |
| ADDRESS.PREFIX2 | stringType | |
| ADDRESS.TITLE_SPPL | stringType | |
| ADDRESS.NAME | stringType | |
| PASSWORD.BAPIPWD | secureStringType | The password for the user. The connector expects a clear-text string. The OPS service performs the necessary decryption. |
| PASSWORD.INITIAL | booleanType | If the password is an initial password, the user is prompted to change the password on first logon. |
| PASSWORD.PRODUCTION | booleanType | Select if the password is a production password for none-dialog users. |
| DEFAULTS.STCOD | stringType | |
| DEFAULTS.SPLD | stringType | |
| DEFAULTS.SPLG | stringType | |
| DEFAULTS.SPDB | stringType | |
| DEFAULTS.SPDA | stringType | |
| DEFAULTS.DATFM | stringType | |
| DEFAULTS.DCPFM | stringType | |
| DEFAULTS.LANGU | stringType | |
| DEFAULTS.CATTKENNZ | stringType | |
| DEFAULTS.KOSTL | stringType | |
| DEFAULTS.START_MENU | stringType | |
| DEFAULTS.TIMEFM | stringType | |
| ADDRESS.NAMEFORMAT | stringType | |
| ADDRESS.NAMCOUNTRY | stringType | |
| ADDRESS.LANGU_P | stringType | |
| ADDRESS.LANGUP_ISO | stringType | |
| ADDRESS.SORT1_P | stringType | |
| ADDRESS.SORT2_P | stringType | |
| ADDRESS.BUILDING_P | stringType | |
| ADDRESS.FLOOR_P | stringType | |
| ADDRESS.ROOM_NO_P | stringType | |
| ADDRESS.INITS_SIG | stringType | |
| ADDRESS.INHOUSE_ML | stringType | |
| ADDRESS.COMM_TYPE | stringType | |
| ADDRESS.NAME_2 | stringType | |
| ADDRESS.NAME_3 | stringType | |
| ADDRESS.NAME_4 | stringType | |
| ADDRESS.C_O_NAME | stringType | |
| ADDRESS.CITY | stringType | |
| ADDRESS.DISTRICT | stringType | |
| ADDRESS.CITY_NO | stringType | |
| ADDRESS.DISTRCT_NO | stringType | |
| ADDRESS.CHCKSTATUS | stringType | |
| ADDRESS.POSTL_COD1 | stringType | |
| ADDRESS.POSTL_COD2 | stringType | |
| ADDRESS.POSTL_COD3 | stringType | |
| ADDRESS.PO_BOX_CIT | stringType | |
| ADDRESS.PBOXCIT_NO | stringType | |
| ADDRESS.DELIV_DIS | stringType | |
| ADDRESS.TRANSPZONE | stringType | |
| ADDRESS.STREET | stringType | |
| ADDRESS.STREET_NO | stringType | |
| ADDRESS.STR_ABBR | stringType | |
| ADDRESS.HOUSE_NO | stringType | |
| ADDRESS.HOUSE_NO2 | stringType | |
| ADDRESS.STR_SUPPL1 | stringType | |
| ADDRESS.STR_SUPPL2 | stringType | |
| ADDRESS.STR_SUPPL3 | stringType | |
| ADDRESS.LOCATION | stringType | |
| ADDRESS.BUILDING | stringType | |
| ADDRESS.FLOOR | stringType | |
| ADDRESS.ROOM_NO | stringType | |
| ADDRESS.COUNTRY | stringType | |
| ADDRESS.COUNTRYISO | stringType | |
| ADDRESS.LANGU | stringType | |
| ADDRESS.LANGU_ISO | stringType | |
| ADDRESS.REGION | stringType | |
| ADDRESS.SORT1 | stringType | |
| ADDRESS.SORT2 | stringType | |
| ADDRESS.TIME_ZONE | stringType | |
| ADDRESS.TAXJURCODE | stringType | |
| ADDRESS.ADR_NOTES | stringType | |
| ADDRESS.TEL1_NUMBR | stringType | |
| ADDRESS.TEL1_EXT | stringType | |
| ADDRESS.FAX_NUMBER | stringType | |
| ADDRESS.FAX_EXTENS | stringType | |
| ADDRESS.E_MAIL | stringType | |
| ADDRESS.BUILD_LONG | stringType | |
| ADDRESS.REGIOGROUP | stringType | |
| ADDRESS.HOME_CITY | stringType | |
| ADDRESS.HOMECITYNO | stringType | |
| ADDRESS.PCODE1_EXT | stringType | |
| ADDRESS.PCODE2_EXT | stringType | |
| ADDRESS.PCODE3_EXT | stringType | |
| ADDRESS.PO_W_O_NO | stringType | |
| ADDRESS.PO_BOX_REG | stringType | |
| ADDRESS.POBOX_CTRY | stringType | |
| ADDRESS.PO_CTRYIS | stringType | |
| ADDRESS.HOUSE_NO3 | stringType | |
| ADDRESS.LANGU_CR_P | stringType | |
| ADDRESS.LANGUCPISO | stringType | |
| COMPANY.COMPANY | stringType | |
| SNC.GUIFLAG | stringType | |
| SNC.PNAME | stringType | |
| ALIAS.USERALIAS | stringType | |
| UCLASS.LIC_TYPE | stringType | |
| UCLASS.SPEC_VERS | stringType | |
| UCLASS.COUNTRY_SURCHARGE | stringType | |
| UCLASS.SUBSTITUTE_FROM | stringType | |
| UCLASS.SUBSTITUTE_UNTIL | stringType | |
| UCLASS.SYSID | stringType | |
| UCLASS.CLIENT | stringType | |
| UCLASS.BNAME_CHARGEABLE | stringType | |
| PARAMETER | stringType | Multivalued property. |
| ACTIVITYGROUPS | stringType | Multivalued property. |
| ADDTEL | stringType | Multivalued property. |
| ADDSMTP | stringType | Multivalued property. |
| ADDRML | stringType | Multivalued property. |
| ADDX400 | stringType | Multivalued property. |
| ADDRFC | stringType | Multivalued property. |
| ADDPRT | stringType | Multivalued property. |
| ADDSSF | stringType | Multivalued property. |
| ADDURI | stringType | Multivalued property. |
| ADDPAG | stringType | Multivalued property. |
| ADDCOMREM | stringType | Multivalued property. |
| PARAMETER1 | stringType | Multivalued property. |
| UCLASSSYS | stringType | Multivalued property. |
| EXTIDHEAD | stringType | Multivalued property. |
| EXTIDPART | stringType | Multivalued property. |
Properties marked with * are required. Properties marked with ** are required on Create actions.
SapRoleAssignment60
The SapRoleAssignment60 object is used to add, remove, or update an assignment between a User and a Role.
| Property | Type | Description |
|---|---|---|
| USERNAME* | stringType | The name of user for which to add, remove or update a role assignment. |
| ROLE* | stringName | The name of the role to add, remove or update for the user. |
| VALIDFROM* | stringType | The start date of the validity period for the Role assignment. The date must be specified in the following format: YYYY-MM-DD |
| VALIDTO* | stringType | The end date of the validity period for the Role assignment. Specify the format this way: YYYY-MM-DD |
Properties marked with * are required.
SapProfileAssignment60
The SapProfileAssignment60 object is used to add or remove an assignment between a User and a Profile.
| Property | Type | Description |
|---|---|---|
| USERNAME* | stringType | The name of the user for which to add or remove a profile assignment. |
| PROFILE* | stringName | The name of the profile to add or remove for the user. |
Properties marked with * are required.
SapPasswordChange60
The SapPasswordChange60 object is used to change (update) passwords on existing users.
| Property | Type | Description |
|---|---|---|
| USERNAME* | stringType | The name of user for which to add or remove a profile assignment. |
| PASSWORD.BAPIPWD* | secureStringType | The password for the user. The connector expects a clear-text string. The OPS service creates the necessary decryption. |
| PASSWORD.INITIAL | booleanType | If the password is an initial password, the user is prompted to change the password on first logon. |
| PASSWORD.PRODUCTION | booleanType | If the password is a production password, you must set PASSWORD.INITIAL to False. |
Properties marked with * are required.
note
The parameters listed in the tables above are not all the available parameters but only the commonly used ones. You can extend the objects with additional parameters if required.
Task mappings
Omada SAP Connectivity uses the following mappings:
| Parameter | Description |
|---|---|
| ROPE Account to SAP User 6.0 | Contains mappings of Role and Policy Engine accounts to SAP users |
| ROPE Assignment to SAP Role Assignments 6.0 | Contains mappings of Role and Policy Engine assignments to SAP Role assignments |
| ROPE Assignment to SAP Profile Assignments 6.0 | Contains mappings of Role and Policy Engine assignments to SAP Profile assignments |
User mapping overview
For your convenience the below table provides references to the SAP User maintenance screens in SAP. For easy reference, the table is followed by screenshots from SAP interface.
| Screen name | Field name | OPS Property name | Alias Mappings |
|---|---|---|---|
| Address | |||
| Title | TITLE_P | ADDRESS.TITLE_P | title |
| Last name | LASTNAME | ADDRESS.LASTNAME | lastname |
| First name | FIRSTNAME | ADDRESS.FIRSTNAME | firstname |
| Academic Title | TITLE_ACA1 | ADDRESS.TITLE_ACA1 | academictitle |
| Language | LANGU | ADDRESS.LANGU | language |
| Function | FUNCTION | ADDRESS.FUNCTION | function |
| Department | DEPARTMENT | ADDRESS.DEPARTMENT | department |
| Room Number | ROOM_NO | ADDRESS.ROOM_NO | roomnumber |
| Floor | FLOOR | ADDRESS.FLOOR | floor |
| Building code | BUILDING | ADDRESS.BUILDING | buildingcode |
| Telephone | TEL1_NUMBER | ADDRESS.TEL1_NUMBER | telephone |
| Telephone - Extension | TEL1_EXT | ADDRESS.TEL1_EXT | telephone-extension |
| Mobile Phone | - | - | |
| Fax | FAX_NUMBER | ADDRESS.FAX_NUMBER | fax |
| Fax - Extension | FAX_EXTENS | ADDRESS.FAX_EXTENS | fax-extension |
| E-Mail Address | E_MAIL | ADDRESS.E_MAIL | emailaddress |
| Comm. Meth | COMM_TYPE | ADDRESS.COMM_TYPE | commmeth |
| Company | COMPANY | COMPANY.COMPANY | company |
| Logon Data | |||
| Alias | USERALIAS | ALIAS.USERALIAS | alias |
| User Type | USTYP | LOGONDATA.USTYP | usertype |
| Security Policy | SECURITY_POLICY | LOGONDATA.SECURITY_POLICY | |
| New Password | BAPIPWD | LOGONDATA.BAPIPWD | |
| User group | CLASS | LOGONDATA.CLASS | usergroup |
| Valid from | GLTGV | LOGONDATA.GLTGV | validfrom |
| Valid through | GLTGB | LOGONDATA.GLTGB | validto |
| Account no. | ACCNT | LOGONDATA.ACCNT | accountno |
| Cost center | KOSTL | DEFAULTS.KOSTL | costcenter |
| SNC | |||
| Permit Password Logon for SAP GUI | GUIFLAG | SNC.GUIFLAG | permitpasswordlogon |
| SNC name | PNAME | SNC.PNAME | sncname |
| Defaults | |||
| Start menu | START_MENU | DEFAULTS.START_MENU | startmenu |
| Logon Language | LANGU | DEFAULTS.LANGU | logonlanguage |
| Decimal Notation | DCPFM | DEFAULTS.DCPFM | decimalnotation |
| Date Format | DATFM | DEFAULTS.DATFM | dateformat |
| Time Format | TIMEFM | DEFAULTS.TIMEFM | timeformat |
| OutputDevice | SPLD | DEFAULTS.SPLD | outputdevice |
| Print immed. | SPDB | DEFAULTS.SPDB | printimmed |
| Delete After Output | SPDA | DEFAULTS.SPDA | deleteafteroutput |
| Time Zone | TZONE | LOGONDATA.TZONE | timezone |
| Test Status | CATTKENNZ | DEFAULTS.CATTKENNZ | teststatus |
| Parameters | |||
| Parameter ID | PARID | PARAMETER.PARID | parameterid |
| Parameter value | PARVA | PARAMETER.PARVA | parametervalue |
| Roles | |||
| USERNAME | USERNAME | username | |
| Role | ROLE | ROLE | roleid |
| Change Start Date | VALIDFROM | VALIDFROM | validfrom |
| Change End Date | VALIDTO | VALIDTO | validto |
| Profiles | |||
| USERNAME | USERNAME | username | |
| PROFILE | PROFILE | profilename | |
| Groups | |||
| User group | USERGROUP | GROUPS | groupusergroup |
| Personalization | |||
| - | - | - | |
| Lic. Data | |||
| Contractual User Type ID | LIC_TYPE | UCLASS.LIC_TYPE | licensetype |
Documentation
Address
Logon Data
SNC
Defaults
Parameters
Roles
Profiles
Groups
Personalization
License Data
Using Resource Driven Attributes to provision Parameters (example)
To provision Parameters on SAP User objects, you can assign the Parameters directly on the SAP Account or you can use a separate Resource Type and Resource for this purpose which allows you to request the Parameters separately and define priority. Here you can find information on how to utilize the built-in concept Resource Driven Attributes to provision SAP Parameters.
- Create a new Resource Type and name it, for example, SAP Parameters.
- Create a new Value Property and name it, for example, SAP Parameters. Add the property to the Resource Data Object Type. When asked where to place it select the Advanced section on the form.
- Create a new Attribute for the new property created above.
- Add a new Attribute to the existing Attribute Set for SAP Accounts.
- Create a new resource for the SAP system.
- Add parameter values in the format shown below.
- Edit existing Resource (SAP Personal Account)
- (optional) Fill in default parameters and values.
Role Engine Extension configuration
Add the below line to enable copying of the SAP Parameters from the resource 'SAP Parameters' (Resource Type SAP Parameters) to the personal SAP Account (Resource Type SAP User).
<add key="SAP User:SAPPARAM" value="/#ASSIGNMENTS_PER_RESOURCETYPE/SAP Parameters: [SAPPARAM]"></add>
