SAP
Identity Manager provides resource adapters for supporting the following versions of SAP:
- SAP R/3 4.5, 4.6, 4.7
- SAP HR 4.5, 4.6, 4.7 (read-only access)
The following table summarizes the attributes of the SAP adapters:
GUI Name
|
Class Name
|
SAP
|
com.waveset.adapter.SAPResourceAdapter
|
SAP HR Active Sync
|
com.waveset.adapter.SAPHRActiveSyncAdapter
|
Note As of Identity Manager 6.0 and Identity Auditor 2.0, the SAP HR Active Sync account attributes have a new format. The resource user attributes in the schema map are now separated by : (colon) instead of _ (underscore). This allows an attribute from SAP HR to be a path to arbitrarily deep attributes instead of a simple attribute within the infotype. If you are upgrading either of these products from a previous version, the default attributes are renamed by default as part of the update script. The ResourceUpdater will print a message if it had a problem converting an attribute. However, you should review your account attributes to ensure the conversion was successful.
Resource Configuration Notes
This section provides configuration notes that are unique to the SAP resource adapter and to the SAP HR Active Sync adapter. In addition, this section provides configuration instructions that are common to both adapters, including:
- Creating a Logical System
- Assigning a Client to the Logical System
- Creating a Distribution Model
- Registering the RFC Server Module with the SAP Gateway
- Creating a Port Definition
- Generating Partner Profiles
- Modifying the Port Definition
- Generating an IDoc
- Activating Change Pointers
- Scheduling a Job for Change Pointer Processing
- Scheduling a Job
- Testing the Change Pointer Configuration
- Creating a CPIC User
SAP Resource Adapter
The following resource configuration notes are applicable to the SAP resource adapter only.
To enable the ability for a user to change his or her own SAP password as well as associated password data, such as “Password Last Changed Date” and password history, perform the following steps:
- Set the User Provides Password On Change resource attribute.
- Add WS_USER_PASSWORD to both sides of the schema map. You do not need to modify the user form or other forms.
SAP HR Active Sync Adapter
The following resource configuration notes are applicable to the SAP HR Active Sync adapter only.
The SAP Application Link Enabling (ALE) technology enables communication between SAP and external systems, such as Identity Manager. The SAP HR Active Sync adapter uses an outbound ALE interface. In an outbound ALE interface, the base logical system becomes the sender for outbound messages and the receiver of inbound messages. A SAP HR user will likely be logged into the base logical system/client when making changes to the database (for example, hiring an employee, updating position data, terminating an employee, etc.) A logical system/client must also be defined for the receiving client. This logical system will act as the receiver of outbound messages. As for the message type between the two systems, the Active Sync adapter uses a HRMD_A message type. A message type characterizes data being sent across the systems and relates to the structure of the data, also known as an IDoc type (for example, HRMD_A05).
The following steps provide the configurations required on SAP for the Active Sync adapter to receive authoritative feeds from SAP HR:
Note You must configure the SAP system parameters to enable Application Link Enabling (ALE) processing of HRMD_A IDocs. This allows for data distribution between two application systems, also referred to as messaging.
Creating a Logical System
Depending on your current SAP environment, you might not need to create a logical system. You might only need to modify an existing Distribution Model by adding the HRMD_A message type to a previously configured Model View. It is important, however, that you follow SAP's recommendations for logical systems and configuring your ALE network. The following instructions assume that you are creating new logical systems and a new model view.
- Enter transaction code SPRO, then display the SAP Reference IMGproject (or the project applicable to your organization).
- Click Basis Components (or SAP Web Application Services on SAP 4.7) > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Define Logical System.
- Click Edit > New Entries.
- Enter a name and a description for the logical system you want to create (IDMGR).
- Save your entry.
Assigning a Client to the Logical System
- Enter transaction code SPRO, then display the SAP Reference IMGproject (or the project applicable to your organization).
- Click Basis Components (or SAP Web Application Services on SAP 4.7) > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Assign Client to Logical System.
- Select the client.
- Click GOTO > Details to display the Client Details dialog box.
- In the Logical System field, enter the logical system you want to assign to this client.
- Save your entry.
Creating a Distribution Model
To create a distribution model:
- Verify that you are logged on to the sending system/client.
- Enter transaction code BD64. Ensure that you are in Change mode.
- Click Edit > Model View > Create.
- Enter the short and technical names for your view, as well as the start and end date, then click Continue.
- Select the view you created, then click Add Message Type.
- Define the sender/logical system name.
- Define the receiver/server name.
- Define the Message Type you want to use (HRMD_A), then click Continue.
- Click Save.
Registering the RFC Server Module with the SAP Gateway
During initialization, the Active Sync adapter registers with the SAP Gateway. It uses “LIGHTHOUSERFC” for its ID. This value must match the value set in the SAP application. You must configure the SAP application so that the RFC Server Module can create a handle to it. To register the RFC Server Module as an RFC destination:
- In the SAP application, go to transaction SM59.
- Expand the TCP/IP connections directory.
- Click Create (F8).
- In the RFC destination field, enter the name of the RFC destination system. (LIGHTHOUSERFC).
- Set the connection type to T (Start an external program via TCP/IP).
- Enter a description for the new RFC destination, and then click Save.
- Click the Registration button for the Activation Type.
- Set the Program ID. We recommend that you use the same value as the RFC destination (LIGHTHOUSERFC), and then click Enter.
- If the SAP system is a Unicode system, the port must be configured for Unicode. Click the Special Options tab, and look for the Character Width In Target System section. There is a setting for unicode and non-unicode.
- Using the buttons at the top - Test Connection and Unicode Test - test the connection to the Identity Manager resource. You must have the adapter started for the test to pass.
Creating a Port Definition
The port is the communication channel to which IDocs are sent. The port describes the technical link between the sending and receiving systems. You should configure an RFC port for this solution. To create a port definition:
- Enter transaction code WE21.
- Select Transactional RFC, then click the Create icon. Enter LIGHTHOUSERFC for the RFC Destination.
- Save your changes.
Generating Partner Profiles
The system automatically generates a partner profile or you can manually maintain the profile.
Note If you are using an existing distribution model and partner profile, you do not need to automatically generate a partner profile. Instead, you can modify it to include the HRMD_A message type. To automatically generate a partner profile:
- Enter transaction code BD82.
- Select the Model View. This should be the Model View previously created.
- Ensure the Transfer IDoc immediately and Trigger Immediately radio buttons are selected.
- Click Execute.
Modifying the Port Definition
When you generated a partner profile, the port definition might have been entered incorrectly. For your system to work properly, you need to modify the port definition.
- Enter transaction code WE20.
- Select Partner Type LS.
- Select your receiving partner profile.
- Select Outbound Parameters, then click Display.
- Select message type HRMD_A.
- Click Outbound Options, then modify the receiver port so it is the RFC port name you created (IDMGR).
- From the Output Mode, select Transfer IDoc Immediately to send IDocs immediately after they are created.
- From the IDoc Type section, select HRMD_A05 as basictype (for SAP 4.6).
- Click Continue/Save.
Generating an IDoc
- Enter transaction code PFAL.
- Insert the Object Type P for person objects.
- Enter an Employee's ID for the Object ID or select a range of employees.
- Click Execute.
- Ensure that the status is set to “passed to port okay.”
- The IDoc has been created. Check the Active Sync adapter log file to verify that an update was received.
Activating Change Pointers
To activate change pointers globally:
- Enter transaction code BD61.
- Enable the Change Pointers Active tab.
To activate change pointers for a message type:
- Enter transaction code BD50.
- Scroll to the HRMD_A message type.
- Check the HRMD_A check box, then click Save.
Scheduling a Job for Change Pointer Processing
- Enter transaction code SE38 to begin defining the variant.
- Select the RBDMIDOC program, select Variant, then click the Create icon.
- Name the variant and give it a description (Make note of the variant name so you can use it when scheduling the job).
- Select the HRMD_A message type, then click Save. You will be prompted to select variant attributes. Select the background processing attribute.
- Click Save.
Scheduling a Job
- Enter transaction code SM36.
- Name the job.
- Assign Job Class. Job Class is the priority in which jobs are processed. Class A is the highest priority and will be processed first. For a production environment, assign the class to B or C.
- Schedule a start time. Click the Start Condition tab, then click Date and Time. Enter a scheduled start time, which must be a future event.
- Mark the job as a periodic job. Click the Periodic Values tab, schedule how frequently you want the job to run, then press Enter. For testing purposes, setting this period to 5 minutes.
- Click Save.
- Define the job steps.
- Enter the ABAP program name: RBDMIDOC.
- Select the variant you created in the previous step.
- Click Save (Note: Click Save once; otherwise, the job will be scheduled to run multiple times).
Testing the Change Pointer Configuration
- From the SAP client, hire an employee.
- Ensure that an IDoc was created. You can verify IDoc creation in two locations:
- Enter transaction code WE02, enter search date parameters and generate a list of generated IDOCs
- Check the SAP HR Active Sync adapter log
Creating a CPIC User
Users are client-independent. For each SAP HR Active Sync adapter that will be using the driver, a system user with CPIC access must be created.
- From User Maintenance in SAP, enter a username in the user dialog box, then click the Create icon.
- Click the Address tab, then enter data in the last name and format fields.
- Click the Logon Data tab, then define the initial password and set the user type to CPIC.
- Click the Profiles tab, then add the SAP_ALL, SAP_NEW and S_A.CPIC profiles.
- Click Save.
Note Initially, you can create a dialog user to test your SAP system configuration. If there are processing problems, you can analyze the dialog user in the debugger. You should also log into the SAP system once to set this user's password. After the system is tested and works properly, you should switch to a CPIC user for security measures.
Identity Manager Installation Notes
The SAP resource adapters are custom adapters. The Oracle and Oracle ERP resource adapters are custom adapters. You must perform the following steps to complete the installation process:
- Download the JCo (Java Connection) toolkit from http://service.sap.com/connectors. (Access to the SAP JCO download pages require a login and password.) The toolkit will have a name similar to sapjco-ntintel-2.1.4.zip. This name will vary depending on the platform and version selected.
Note On Solaris, use the 32-bit version of the 2.1.4 (or later) SAP JCO file. Also use the corresponding IDOC libraries.
- Unzip the toolkit and follow the installation instructions. Be sure to place library files in the correct location and to set the environment variables as directed.
- Copy the sapjco.jar file to the InstallDir\idm\WEB-INF\lib directory.
If you are installing the SAP HR Active Sync adapter, perform these additional steps:
- Download the SAP Java Base IDoc Class Library. The library will be in a zip file with a name similar to sapidoc-1.0.1.zip.
- Unzip the library and follow the installation instructions.
- Copy the sapidoc.jar file to the InstallDir\idm\WEB-INF\lib directory.
- Download the SAP Java Connector IDoc Class Library. The library will be in a zip file with a name similar to sapidocjco-1.0.1.zip.
- Unzip the library and follow the installation instructions.
- Copy the sapidocjco.jar file to the InstallDir\idm\WEB-INF\lib directory.
Usage Notes
This section provides information related to using the SAP resource adapter, which is organized into the following sections:
General Notes
The following general notes are provided for the resource:
- To allow editing of to and from dates on a per activity group basis, load the SAPUserForm_with_RoleEffectiveDates_Timezone.xml form. This form also provides the ability to select a time zone for the user.
- The sources.ResourceName.hosts property in the waveset.properties file can be used to control which host or hosts in a cluster will be used to execute the synchronization portion of an Active Sync resource adapter. ResourceName must be replaced with the name of the Resource object.
- The sample user forms SAPUserForm.xml and SAPUserForm_with_RoleEffectiveDates_Timezone.xml now contain a definition for a field that pre-expires the user’s password. If this field's value is true, and an Identity Manager administrator creates or changes a user’s password, the user must specify a new password upon logging in to SAP.
SAP JCO and RFC Tracing
The SAPResourceAdapter and the SAPHRActiveSyncAdapter provide resource attributes for SAP JCO and RFC tracing. They can be used to trace Identity Manager's communication with the SAP system. The attributes are JCO Trace Level and JCO Trace Directory.
The following environment variables can be set in the environment to enable SAP RFC tracing. These variables must be set in the environment before starting the application server. They control the shared library that JCO uses to communicate with the SAP system.
- RFC_TRACE: 0 or 1
- RFC_TRACE_DUMP: 0 or 1
- RFC_TRACE_DIR: Path to the directory for the trace files
- CPIC_TRACE_DIR: Path to the directory for the trace files
Note If no JCO tracing is desired, set RFC_TRACE to 0 to ensure that no trace files are created.
Active Sync Configuration
Before Identity Manager 5.5, the SAP HR Active Sync adapter used the Process to run with changes field to determine which process to launch when a change was detected. The process specified in this field is now specified in the Active Sync Resolve Process rule.
In addition, before Identity Manager 5.5, if the Process deletes as updates check box was selected, Identity Manager would disable a deleted Identity Manager user as well as all resource accounts and mark the user for later deletion. By default, this check box was selected. In Identity Manager 5.5 and beyond, this functionality is configured by setting the Delete Rule set to None.
If the checkbox was previously deselected, then the Delete Rule will be set to ActiveSync has isDeleted set.
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses BAPI over SAP Java Connector (JCo) to communicate with the SAP adapters.
Required Administrative Privileges
The user name that connects to SAP HR must be assigned to a role that can access the SAP HR users.
Provisioning Notes
The default SAP HR Active Sync adapter is read-only. You cannot use this adapter to create or modify accounts.
Feature
|
Supported?
|
Enable/disable account
|
Basis accounts can be enabled and disabled with the SAP resource adapter. The SAP HR Active Sync adapter cannot enable or disable accounts.
|
Rename account
|
No
|
Pass-through authentication
|
No
|
Before/after actions
|
No
|
Data loading methods
|
Import directly from resource
Active Sync (SAP HR Active Sync adapter only)
Reconciliation
|
Account Attributes
The following table provides information about SAP and SAP HR Active Sync account attributes.
SAP Attributes
The following attributes are applicable for the SAP resource adapter only.
All attribute types are String.
User Attribute
|
Resource Attribute Name
|
Description
|
accountId
|
USERNAME->BAPIBNAME
|
Required. The user’s account ID.
|
firstname
|
ADDRESS->FIRSTNAME
|
User’s first name
|
fullname
|
ADDRESS->FULLNAME
|
User’s first and last name
|
email
|
ADDRESS->E_MAIL
|
User’s e-mail address
|
lastname
|
ADDRESS->LASTNAME
|
Required. User’s last name
|
personNumber
|
ADDRESS->PERS_NO
|
Internal key for identifying a person
|
addressNumber
|
ADDRESS->ADDR_NO
|
Internal key for identifying an address for central address management
|
birthName
|
ADDRESS->BIRTH_NAME
|
Maiden name or name given at birth
|
middleName
|
ADDRESS->MIDDLENAME
|
User’s middle name
|
secondLastName
|
ADDRESS->SECONDNAME
|
Second last name
|
academicTitle
|
ADDRESS->TITLE_ACA1
|
An academic title, such as Dr. or Prof.
|
academicTitle2
|
ADDRESS->TITLE_ACA3
|
A second academic title
|
namePrefix
|
ADDRESS->PREFIX1
|
A prefix to a last name, such as von, van der, or de la
|
namePrefix2
|
ADDRESS->PREFIX1
|
A second prefix to a last name
|
nameSupplement
|
ADDRESS->TITLE_SPPL
|
Name supplement, for example noble title, such as Lord or Lady
|
nickname
|
ADDRESS->NICKNAME
|
User’s nickname
|
initials
|
ADDRESS->INITIALS
|
Middle initial or initials
|
nameFormat
|
ADDRESS->NAMEFORMAT
|
The sequence in which name components are assembled to present the name of a person in a complete form. The sequence can vary for each country.
|
nameFormatCountry
|
ADDRESS->NAMCOUNTRY
|
The country used to determine the name format
|
languageKey
|
ADDRESS->LANGU_P
|
The language used to enter and display text
|
iso639Language
|
ADDRESS->LANGUP_ISO
|
ISO 639 language code
|
sortKey1
|
ADDRESS->SORT1_P
|
A search term
|
sortKey2
|
ADDRESS->SORT2_P
|
A secondary search term
|
department
|
ADDRESS->DEPARTMENT
|
The department in a company as part of the company address
|
function
|
ADDRESS->FUNCTION
|
The user’s job functionality
|
buildingNumber
|
ADDRESS->BUILDING_P
|
The building number where the user’s office is located
|
buildingFloor
|
ADDRESS->FLOOR_P
|
The floor where the user’s office is located
|
roomNumber
|
ADDRESS->ROOM_NO_P
|
The room number where the user’s office is located
|
correspondenceCode
|
ADDRESS->INITS_SIG
|
A correspondence code
|
inhouseMailCode
|
ADDRESS->INHOUSE_ML
|
An internal mail code
|
communicationTypeCUA
|
ADDRESS->COMM_TYPE
|
States how the user wants to exchange documents and messages with a business partner.
|
title
|
ADDRESS->TITLE
|
A title, such as Mr. or Mrs.
|
title2
|
ADDRESS->TITLE_P
|
A title, such as Mr. or Mrs.
|
personName
|
ADDRESS->NAME
|
Name of an address
|
personName2
|
ADDRESS->NAME_2
|
Second line in a name of an address
|
personName3
|
ADDRESS->NAME_3
|
Third line in a name of an address
|
personName4
|
ADDRESS->NAME_4
|
Fourth line in a name of an address
|
careOfName
|
ADDRESS->C_O_NAME
|
Part of the address if the recipient is different from the occupant (c/o = care of)
|
city
|
ADDRESS->CITY
|
User’s city
|
district
|
ADDRESS->DISTRICT
|
City or district supplement
|
cityNumber
|
ADDRESS->CITY_N
|
City code
|
districtNumber
|
ADDRESS->DISTRCT_NO
|
District code
|
cityPostalCode
|
ADDRESS->POSTL_COD1
|
User’s postal code
|
cityPostalCode2
|
ADDRESS->POSTL_COD2
|
Postal code required for unique assignment of the PO Box.
|
cityPostalCode3
|
ADDRESS->POSTL_COD3
|
Postal code which is assigned directly to a company.
|
poBox
|
ADDRESS->PO_BOX
|
The user’s post office box
|
poBoxCity
|
ADDRESS->PO_BOX_CIT
|
Post office box city
|
poBoxCityNumber
|
ADDRESS->PBOXCIT_NO
|
The PO Box city, if it is different from the address city.
|
postalDeliveryDistrict
|
ADDRESS->DELIV_DIS
|
Postal delivery district
|
transportZone
|
ADDRESS->TRANSPZONE
|
Regional zone of a goods recipient or supplier
|
street
|
ADDRESS->STREET
|
The user’s street
|
streetCode
|
ADDRESS->STREET_NO
|
A street code
|
streetAbbreviation
|
ADDRESS->STR_ABBR
|
A street abbreviation
|
houseNumber
|
ADDRESS->HOUSE_NO
|
The number portion of a street address
|
houseNumber2
|
ADDRESS->HOUSE_NO2
|
A secondary address number
|
street2
|
ADDRESS->STR_SUPPL1
|
Additional address field printed above the Street line.
|
street3
|
ADDRESS->STR_SUPPL2
|
Additional address field printed above the Street line.
|
street4
|
ADDRESS->STR_SUPPL3
|
Additional address field printed below the Street line.
|
street5
|
ADDRESS->LOCATION
|
Additional address field printed below the Street line.
|
oldBuilding
|
ADDRESS->BUILDING
|
Number or ID for the building in a contact person address.
|
floor
|
ADDRESS->FLOOR
|
The floor number of an address
|
roomNumber
|
ADDRESS->ROOM_NO
|
The room number in an address
|
countryCode
|
ADDRESS->COUNTRY
|
The country in an address
|
countryCodeISO
|
ADDRESS->COUNTRYISO
|
The two-letter ISO code for the country in an address
|
languageKey
|
ADDRESS->LANGU
|
The language used to enter and display text
|
languageKeyISO
|
ADDRESS->LANGU_ISO
|
ISO 639 language code
|
region
|
ADDRESS->REGION
|
State or province
|
sort2
|
ADDRESS->SORT2
|
A secondary search term
|
timeZone
|
LOGONDATA->TZONE
|
The time difference of the time zone in hours/minutes relative to the UTC
|
taxJurisdictionCode
|
ADDRESS->TAXJURCODE
|
the tax authority to which taxes must be paid. It is always the city to which the goods were delivered.
|
telephoneNumber
|
ADDRESS->TEL1_NUMBR
|
Telephone number, including the area code, but no country code
|
telephoneExtension
|
ADDRESS->TEL1_EXT
|
Telephone number extension
|
faxNumber
|
ADDRESS->FAX_NUMBER
|
Fax number, including the area code, but no country code
|
faxExtension
|
ADDRESS->FAX_EXTENS
|
Fax number extension
|
buildingNumber
|
ADDRESS->BUILD_LONG
|
Number or abbreviation of a building in an address.
|
cuaSystems
|
SYSTEMS->CUASYSTEMS
|
Central User Administration system names
|
profiles
|
PROFILES->BAPIPROF
|
Profiles assigned to the user.
|
activityGroups
|
ACTIVITYGROUPOBJECTS
|
Roles assigned to the user.
|
lastLoginTime
|
LOGONDATA->LTIME
|
Read only attribute that lists the most recent login time.
|
SAP HR Active Sync Attributes
The acccount attributes in the schema map are now separated by : (colon) instead of _ (underscore). This allows an attribute from SAP HR to be a path to arbitrarily deep attributes instead of a simple attribute within the infotype.
The basic format of an attribute path is as follows:
infoType:subType:iDocDef:attrName
Note The iDocDef (IDoc definition) and attrName segments of an attribute path can be expanded.
An example valid attribute path is 0105:MAIL:E2P0105001:ID. The infoType is 0105, the subType is MAIL, the iDocDef is E2P0105001 and the attrName is ID.
If the desired attribute is deeper than the first IDoc definition, an arbitrary number of IDoc definitions can be specified before the attrName, as long as each one is separated by the delimiter : (colon). For example, 0002::E2P0002001:E2Q0002002:PERNR has the following elements:
infoType - 0002
subType - None. If an attribute does not have a subtype, use a null field or blank.
iDocDef1 - E2P0002001
iDocDef2 - E2Q0002002
attrName - PERNR
The IDoc Definition object can also be returned as a GenericObject. Using the above example, to get the IDoc Definition of E2Q0002002 as a GenericObject, the resource user attribute would be specified as 0002::E2P0002001:E2Q0002002 in the schema map.
In addition, [] (left and right brackets) can be appended to the pathname to indicate the attribute is a list. For example, if it is possible for a particular attribute to have multiple values, that attribute's values will be returned as a list by appending [] to the attribute name. This example would be similar to the following:
1001:B008:E2P1001001:VARYF[]
If the attribute has multiple values but [] is not appended to the attribute name, the last value will be used as the value of the attribute.
By default, the following infotypes are supported:
Infotype
|
Name
|
Supported Subtypes
|
0000
|
Actions
|
Not applicable
|
0001
|
Organizational Assignment
|
Not applicable
|
0002
|
Personal Data
|
Not applicable
|
0006
|
Addresses
|
01 (permanent residence), 03 (home residence)
|
0105
|
Communication
|
EMAIL (email address), 0010 (internet address)
|
Actions Attributes
User Attribute
|
Resource Attribute Name
|
Description
|
actions_end_date
|
0000::E2P0000001:ENDDA
|
End date
|
actions_start_date
|
0000::E2P0000001:BEGDA
|
Start date
|
actions_sequence_number
|
0000::E2P0000001:SEQNR
|
Number of Infotype record with same key
|
actions_last_changed_by
|
0000::E2P0000001:UNAME
|
Name of person who changed object
|
actions_last_changed
|
0000::E2P0000001:AEDTM
|
Last changed on
|
actions_change_reason
|
0000::E2P0000001:PREAS
|
Reason for changing master data
|
actions_flag1
|
0000::E2P0000001:FLAG1
|
Reserved Field/Unused Field
|
actions_flag2
|
0000::E2P0000001:FLAG2
|
Reserved Field/Unused Field
|
actions_flag3
|
0000::E2P0000001:FLAG3
|
Reserved Field/Unused Field
|
actions_flag4
|
0000::E2P0000001:FLAG4
|
Reserved Field/Unused Field
|
actions_reserved1
|
0000::E2P0000001:RESE1
|
Reserved Field/Unused Field of Length 2
|
actions_reserved2
|
0000::E2P0000001:RESE2
|
Reserved Field/Unused Field of Length 2
|
actions_type
|
0000::E2P0000001:MASSN
|
Action type
|
actions_reason
|
0000::E2P0000001:MASSG
|
Reason for action
|
actions_customer_status
|
0000::E2P0000001:STAT1
|
Customer-Specific Status
|
actions_employment_status
|
0000::E2P0000001:STAT2
|
Employment status
|
actions_special_payment_status
|
0000::E2P0000001:STAT3
|
Special payment status
|
Organizational Assignment Attributes
User Attribute
|
Resource Attribute Name
|
Description
|
org_admingroup
|
0001::E2P0001001:ADMINGROUP
|
Administrator Group
|
org_bus_area
|
0001::E2P0001001:BUS_AREA
|
Business Area
|
org_ch_on
|
0001::E2P0001001:CH_ON
|
Last changed on
|
org_changed_by
|
0001::E2P0001001:CHANGED_BY
|
Name of person who changed object
|
org_cnfrm_flag
|
0001::E2P0001001:CNFRM_FLAG
|
Confirmation Fields Exist
|
org_co_area
|
0001::E2P0001001:CO_AREA
|
Controlling Area
|
org_comp_code
|
0001::E2P0001001:COMP_CODE
|
Company Code
|
org_contract
|
0001::E2P0001001:CONTRACT
|
Work Contract
|
org_costcenter
|
0001::E2P0001001:COSTCENTER
|
Cost Center
|
org_egroup
|
0001::E2P0001001:EGROUP
|
Employee Group
|
org_esubgroup
|
0001::E2P0001001:ESUBGROUP
|
Employee Subgroup
|
org_flag1
|
0001::E2P0001001:FLAG1
|
Reserved Field/Unused Field
|
org_flag2
|
0001::E2P0001001:FLAG2
|
Reserved Field/Unused Field
|
org_flag3
|
0001::E2P0001001:FLAG3
|
Reserved Field/Unused Field
|
org_flag4
|
0001::E2P0001001:FLAG4
|
Reserved Field/Unused Field
|
org_from_date
|
0001::E2P0001001:FROM_DATE
|
Start Date
|
org_fund
|
0001::E2P0001001:FUND
|
Fund
|
org_funds_ctr
|
0001::E2P0001001:FUNDS_CTR
|
Funds Center
|
org_hist_flag
|
0001::E2P0001001:HIST_FLAG
|
Historical Record Flag
|
org_infotype
|
0001::E2P0001001:INFOTYPE
|
Infotype
|
org_job
|
0001::E2P0001001:JOB
|
Job
|
org_jobtxt
|
0001::E2P0001001:JOBTXT
|
|
org_leg_person
|
0001::E2P0001001:LEG_PERSON
|
Legal Person
|
org_lock_ind
|
0001::E2P0001001:LOCK_IND
|
Lock Indicator for HR Master Data Record
|
org_name
|
0001::E2P0001001:NAME
|
Formatted Name of Employee or Applicant
|
org_object_id
|
0001::E2P0001001:OBJECT_ID
|
Object Identification
|
org_objecttype
|
0001::E2P0001001:OBJECTTYPE
|
Object Type
|
org_org_key
|
0001::E2P0001001:ORG_KEY
|
Organizational Key
|
org_org_unit
|
0001::E2P0001001:ORG_UNIT
|
Organizational Unit
|
org_orgtxt
|
0001::E2P0001001:ORGTXT
|
|
org_p_subarea
|
0001::E2P0001001:P_SUBAREA
|
Personnel Subarea
|
org_payarea
|
0001::E2P0001001:PAYAREA
|
Payroll Area
|
org_payr_admin
|
0001::E2P0001001:PAYR_ADMIN
|
Payroll Administrator
|
org_perno
|
0001::E2P0001001:PERNO
|
Personnel Number
|
org_pers_admin
|
0001::E2P0001001:PERS_ADMIN
|
Administrator for HR Master Data
|
org_pers_area
|
0001::E2P0001001:PERS_AREA
|
Personnel Area
|
org_position
|
0001::E2P0001001:POSITION
|
Position
|
org_postxt
|
0001::E2P0001001:POSTXT
|
|
org_reason
|
0001::E2P0001001:REASON
|
Reason for Changing Master Data
|
org_ref_flag
|
0001::E2P0001001:REF_FLAG
|
Reference Fields Exist (Primary/Secondary Costs)
|
org_reserved1
|
0001::E2P0001001:RESERVED1
|
Reserved Field/Unused Field of Length 2
|
org_reserved2
|
0001::E2P0001001:RESERVED2
|
Reserved Field/Unused Field of Length 2
|
org_screenctrl
|
0001::E2P0001001:SCREENCTRL
|
Infotype Screen Control
|
org_seqno
|
0001::E2P0001001:SEQNO
|
Number of Infotype Record With Same Key
|
org_sort_name
|
0001::E2P0001001:SORT_NAME
|
Employee's Name (Sortable by LAST NAME FIRST NAME)
|
org_subtype
|
0001::E2P0001001:SUBTYPE
|
Subtype
|
org_supervisor
|
0001::E2P0001001:SUPERVISOR
|
Supervisor Area
|
org_textflag
|
0001::E2P0001001:TEXTFLAG
|
Text Exists for Infotype
|
org_time_admin
|
0001::E2P0001001:TIME_ADMIN
|
Administrator for Time Recording
|
org_to_date
|
0001::E2P0001001:TO_DATE
|
End Date
|
Personal Data Resources
User Attribute
|
Resource Attribute Name
|
Description
|
academicgrade
|
0002::E2P0002001:ACADEMICGRADE
|
Academic title
|
aristrocratictitle
|
0002::E2P0002001:ARISTROCRATICTITLE
|
Name supplement, for example noble title, such as Lord or Lady
|
birthplace
|
0002::E2P0002001:BIRTHPLACE
|
Employee’s place of birth
|
countryofbirth
|
0002::E2P0002001:COUNTRYOFBIRTH
|
Country where the employee was born
|
dateofbirth
|
0002::E2P0002001:DATEOFBIRTH
|
Employee’s date of birth
|
employeeno
|
0002::E2P0002001:EMPLOYEENO
|
Required. A personnel number
|
firstname
|
0002::E2P0002001:FIRSTNAME
|
Employee’s first name. Required.
|
formofaddress
|
0002::E2P0002001:FORMOFADDRESS
|
Form-of-address key
|
fullname
|
0002::E2P0002001:FULLNAME
|
Full employee name
|
gender
|
0002::E2P0002001:GENDER
|
Indicates the gender of the employee
|
idnumber
|
0002::E2P0002001:IDNUMBER
|
Personnel ID number, such as Social Security Number
|
initials
|
0002::E2P0002001:INITIALS
|
Employee’s initials
|
knownas
|
0002::E2P0002001:KNOWNAS
|
Name which the employee prefers to be called.
|
language
|
0002::E2P0002001:LANGUAGE
|
A language key
|
language_iso
|
0002::E2P0002001:LANGUAGE_ISO
|
ISO 639 language code
|
lastname
|
0002::E2P0002001:LASTNAME
|
Employee’s last name
|
maritalstatus
|
0002::E2P0002001:MARITALSTATUS
|
Marital status key
|
maritalstatussince
|
0002::E2P0002001:MARITALSTATUSSINCE
|
Validity start date for current marital status
|
middlename
|
0002::E2P0002001:MIDDLENAME
|
Employee’s middle name
|
name_format_indicator
|
0002::E2P0002001:NAME_FORMAT_INDICATOR
|
Name Format ID for employee in a list
|
nameatbirth
|
0002::E2P0002001:NAMEATBIRTH
|
Name at birth or second name
|
nameofcountryofbirth
|
0002::E2P0002001:NAMEOFCOUNTRYOFBIRTH
|
Country of birth
|
nameofformofaddress
|
0002::E2P0002001:NAMEOFFORMOFADDRESS
|
Name of form-of-address
|
nameofgender
|
0002::E2P0002001:NAMEOFGENDER
|
Name of gender
|
nameoflanguage
|
0002::E2P0002001:NAMEOFLANGUAGE
|
Name of language
|
nameofmaritalstatus
|
0002::E2P0002001:NAMEOFMARITALSTATUS
|
Name of marital status
|
nameofnationality
|
0002::E2P0002001:NAMEOFNATIONALITY
|
Name of nationality
|
nameofreligion
|
0002::E2P0002001:NAMEOFRELIGION
|
Name of religion
|
nameofsecondnationality
|
0002::E2P0002001:NAMEOFSECONDNATIONALITY
|
Name of second nationality
|
nameofstateofbirth
|
0002::E2P0002001:NAMEOFSTATEOFBIRTH
|
Name of state of birth
|
nameofthirdnationality
|
0002::E2P0002001:NAMEOFTHIRDNATIONALITY
|
Name of third nationality
|
nationality
|
0002::E2P0002001:NATIONALITY
|
The employee’s primary nationality
|
numberofchildren
|
0002::E2P0002001:NUMBEROFCHILDREN
|
The number of children the employee has.
|
recordnr
|
0002::E2P0002001:RECORDNR
|
Number of Infotype Record With Same Key
|
religion
|
0002::E2P0002001:RELIGION
|
A two-character code used to identify a religious denomination.
|
secondacadgrade
|
0002::E2P0002001:SECONDACADGRADE
|
Second academic title
|
secondname
|
0002::E2P0002001:SECONDNAME
|
Second name
|
secondnameprefix
|
0002::E2P0002001:SECONDNAMEPREFIX
|
Second name prefix
|
secondnationality
|
0002::E2P0002001:SECONDNATIONALITY
|
The employee’s second nationality
|
stateofbirth
|
0002::E2P0002001:STATEOFBIRTH
|
State or province the employee was born
|
surnameprefix
|
0002::E2P0002001:SURNAMEPREFIX
|
A prefix to a last name, such as von, van der, or de la
|
thirdnationality
|
0002::E2P0002001:THIRDNATIONALITY
|
Third nationality
|
validbegin
|
0002::E2P0002001:VALIDBEGIN
|
Date employee data becomes valid
|
validend
|
0002::E2P0002001:VALIDEND
|
Date employee data is no longer valid
|
Addresses Resources
User Attribute
|
Resource Attribute Name
|
Description
|
addresstype_permanent_address
|
0006:1:E2P0006001:ADDRESSTYPE
|
Address type of the permanent address
|
addresstype_home_address
|
0006:3:E2P0006003:ADDRESSTYPE
|
Address type of the home address
|
city_permanent_address
|
0006:1:E2P0006001:CITY
|
City of permanent address
|
city_home_address
|
0006:3:E2P0006003:CITY
|
City of home address
|
coname_permanent_address
|
0006:1:E2P0006001:CONAME
|
Care of (c/o) information for the employee’s permanent address.
|
coname_home_address
|
0006:3:E2P0006003:CONAME
|
Care of (c/o) information for the employee’s home address.
|
country_permanent_address
|
0006:1:E2P0006001:COUNTRY
|
Country code of permanent address
|
country_home_address
|
0006:3:E2P0006003:COUNTRY
|
Country code of home address
|
district_permanent_address
|
0006:1:E2P0006001:DISTRICT
|
District of permanent address
|
district_home_address
|
0006:3:E2P0006003:DISTRICT
|
District of home address
|
nameofaddresstype_permanent_address
|
0006:1:E2P0006001:NAMEOFADDRESSTYPE
|
Address type assigned to permanent address.
|
nameofaddresstype_home_address
|
0006:3:E2P0006003:NAMEOFADDRESSTYPE
|
Address type assigned to home address
|
nameofcountry_permanent_address
|
0006:1:E2P0006001:NAMEOFCOUNTRY
|
Country of permanent address
|
nameofcountry_home_address
|
0006:3:E2P0006003:NAMEOFCOUNTRY
|
Country of home address
|
nameofstate_permanent_address
|
0006:1:E2P0006001:NAMEOFSTATE
|
Name of the state or province of permanent address
|
nameofstate_home_address
|
0006:3:E2P0006003:NAMEOFSTATE
|
Name of the state or province of home address
|
postalcodecity_permanent_address
|
0006:1:E2P0006001:POSTALCODECITY
|
Postal code city of permanent address
|
postalcodecity_home_address
|
0006:3:E2P0006003:POSTALCODECITY
|
Postal code city of home address
|
recordnr_permanent_address
|
0006:1:E2P0006001:RECORDNR
|
|
recordnr_home_address
|
0006:3:E2P0006003:RECORDNR
|
|
scndaddressline_permanent_address
|
0006:1:E2P0006001:SCNDADDRESSLINE
|
Second address line of the permanent address.
|
scndaddressline_home_address
|
0006:3:E2P0006003:SCNDADDRESSLINE
|
Second address line of the home address.
|
state_permanent_address
|
0006:1:E2P0006001:STATE
|
State or province of permanent address
|
state_home_address
|
0006:3:E2P0006003:STATE
|
State or province of home address
|
streetandhouseno_permanent_address
|
0006:1:E2P0006001:STREETANDHOUSENO
|
Street name and number of permanent address
|
streetandhouseno_home_address
|
0006:3:E2P0006003:STREETANDHOUSENO
|
Street name and number of home address
|
telephonenumber_permanent_address
|
0006:1:E2P0006001:TELEPHONENUMBER
|
Primary phone number for permanent address
|
telephonenumber_home_address
|
0006:3:E2P0006003:TELEPHONENUMBER
|
Primary phone number for home address
|
validbegin_permanent_address
|
0006:1:E2P0006001:VALIDBEGIN
|
Date a permanent address becomes valid
|
validbegin_home_address
|
0006:3:E2P0006003:VALIDBEGIN
|
Date a home address becomes valid
|
validend_permanent_address
|
0006:1:E2P0006001:VALIDEND
|
Date a permanent address is no longer valid
|
validend_home_address
|
0006:3:E2P0006003:VALIDEND
|
Date a home address is not longer valid
|
Communication Resources
User Attribute
|
Resource Attribute Name
|
Description
|
commtype_communication_EMail
|
0105:0010:E2P0105001:COMMTYPE
|
Key for communication type (Internet)
|
commtype_communication_EMail2
|
0105:MAIL:E2P0105001:COMMTYPE
|
Key for communication type (E-mail)
|
delimit_date_communication_EMail
|
0105:0010:E2P0105001:DELIMIT_DATE
|
Key date for delimiting an internet address
|
delimit_date_communication_EMail2
|
0105:MAIL:E2P0105001:DELIMIT_DATE
|
Key date for delimiting an Email address
|
email_communication_EMail
|
0105:0010:E2P0105001:ID
|
Internet address
|
email
|
0105:MAIL:E2P0105001:ID
|
Email address
|
nameofcommtype_communication_EMail
|
0105:0010:E2P0105001:NAMEOFCOMMTYPE
|
Name of communication type (internet)
|
nameofcommtype_communication_EMail2
|
0105:MAIL:E2P0105001:NAMEOFCOMMTYPE
|
Name of communication type (e-mail)
|
recordnr_communication_EMail
|
0105:0010:E2P0105001:RECORDNR
|
|
recordnr_communication_EMail2
|
0105:MAIL:E2P0105001:RECORDNR
|
|
validbegin_communication_EMail
|
0105:0010:E2P0105001:VALIDBEGIN
|
Date internet address becomes effective
|
validbegin_communication_EMail2
|
0105:MAIL:E2P0105001:VALIDBEGIN
|
Date e-mail address becomes effective
|
validend_communication_EMail
|
0105:0010:E2P0105001:VALIDEND
|
Date internet address expires
|
validend_communication_EMail2
|
0105:MAIL:E2P0105001:VALIDEND
|
Date e-mail address expires
|
Resource Object Management
Not applicable
Identity Template
$accountId$
Sample Forms
SAPForm.xml
SAPUserForm_with_RoleEffectiveDates_Timezone.xml
SAPHRActiveSyncForm.xml
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following classes:
- com.waveset.adapter.SAPResourceAdapter
- com.waveset.adapter.SAPHRActiveSyncAdapter
To determine which version of the SAP Java Connector (JCO) is installed, and to determine whether it is installed correctly, run the following command:
java -jar sapjco.jar
The command returns the JCO version as well as the JNI platform-dependent and the RFC libraries that communicate with the SAP system.
If the platform-dependent libraries are not found, refer to the SAP documentation to find out how to correctly install the SAP Java Connector.