1. Configuring the SAP User Management Application
  2. Frequently Asked Questions for the SAP User Management Connector

9 Frequently Asked Questions for the SAP User Management Connector

This chapter provides information on the frequently asked questions about the SAP UM connector.

  1. What is the cause of "Class Definition not found" error while running lookup schedulers or provisioning a user for the first time after installing and configuring the connector successfully?

    Answer: The class path of SapJCo.jar may not be detected. Mention its path in the startWebLogic.cmd file located in DOMAIN_HOME/bin. For more information, refer to Step 4 of Downloading and Installing the SAP JCo.

  2. Can I simultaneously use the SAP ER and the SAP UM connectors in the same Oracle Identity Governance environment?

    Answer: Yes, but it is possible only if you have one connector configured as connector server and the other connector installed directly in the same Oracle Identity Governance. Refer to SAP UM 12c Connector and SAP ER 9.x connector Do Not Work for more information.

  3. I have changed the system property for SOD as XL.SoDCheckRequired = TRUE. Is it now possible to use two SAP connectors in the same OIG environment having one connector configured for SOD analysis and the other connector configured without SOD analysis?

    Answer: No, the system property is common in OIG. Hence, the property applies to all the connectors installed in that OIG.

  4. I have configured the connector for Access Request Management and would like to see the Audit trail details. Where can I get these details?

    Answer: To get the Audit trail details, you need to enable the logs specific to AC for the connector. The Audit trail details can be viewed in the log file along with the connector logs.

    Here are a few formatted samples of the Audit trial:

    • Create User

      Audit Trial: {Result=[Createdate:20130409,

      Priority: HIGH,

      Requestedby:, johndoe (JOHNDOE),

      Requestnumber: 9000001341,

      Status: Decision pending,

      Submittedby:, johndoe (JOHNDOE),

      auditlogData:{,ID:000C290FC2851ED2A899DA29DAA1B1E2,

      Description:,

      Display String: Request 9000001341 of type New Account Submitted by johndoe ( JOHNDOE ) for JK1APRIL9 JK1APRIL9 ( JK1APRIL9 ) with Priority HIGH}],

      Status=0_Data Populated successfully}

    • Request Status

      Audit Trial: {Result=[Createdate:20130409,

      Priority:HIGH,

      Requestedby:,johndoe (JOHNDOE),

      Requestnumber: 9000001341,

      Status: Approved,

      Submittedby:, johndoe (JOHNDOE),

      auditlogData:{,ID:000C290FC2851ED2A899DA29DAA1B1E2,

      Description:,

      Display String: Request 9000001341 of type New Account Submitted by johndoe ( JOHNDOE ) for JK1APRIL9 JK1APRIL9 ( JK1APRIL9 ) with Priority HIGH,

      ID: 000C290FC2851ED2A899DAF9961C91E2,Description:,Display String:Request is pending for approval at path GRAC_DEFAULT_PATH stage GRAC_MANAGER,

      ID: 000C290FC2851ED2A89A1400B60631E2,

      Description:,

      Display String: Approved by JOHNDOE at Path GRAC_DEFAULT_PATH and Stage GRAC_MANAGER,

      ID: 000C290FC2851ED2A89A150972D091E2,

      Description:,

      Display String: Auto provisioning activity at end of request at Path GRAC_DEFAULT_PATH and Stage GRAC_MANAGER,

      ID: 000C290FC2851ED2A89A150972D111E2,

      Description:,

      Display String: Approval path processing is finished, end of path reached,

      ID: 000C290FC2851ED2A89A150972D151E2,

      Description:,

      Display String: Request is closed}],

      Status=0_Data Populated successfully}

    • Modify Request (First Name)

      Audit Trial: {Result=[Createdate:20130409,

      Priority: HIGH,

      Requestedby:, johndoe (JOHNDOE),

      Requestnumber: 9000001342,

      Status: Decision pending,

      Submittedby:,johndoe (JOHNDOE),

      auditlogData:{,

      ID: 000C290FC2851ED2A89A3ED3B1D7B1E2,

      Description:,

      Display String: Request 9000001342 of type Change Account Submitted by johndoe ( JOHNDOE ) for JK1FirstName JK1APRIL9 ( JK1APRIL9 ) with Priority HIGH}],

      Status=0_Data Populated successfully}

  5. During a Create User provisioning operation, does the SAP UM AC connector provision attributes that are mapped directly to SAP ECC system without GRC?

    Answer: No, for account creation request in GRC, the request is created only with the GRC attributes. Attributes mapped directly to SAP ECC system are not part of the create operation. Once the request is approved and the account is provisioned to the SAP ECC system (backend ABAP system), these attributes (mapped directly to SAP) can be provisioned as part of the update operation.

  6. Why am I not able to add groups when using SAP UM connector for access control?

    Answer: This a desired behavior and not a bug. Groups need to be managed on the backend server and not on the GRC server, therefore SAP will not fix this. This is a limitation with the SAP target system.  

  7. Which version of the SAP BusinessObjects Access does the connector support?

    Answer: As listed in Certified Components, the connector supports SAP BusinessObjects Access versions 10, 10.1, and 12.

    While configuring the connector, if you are using SAP BusinessObjects Access version 10.1 or 12, you need not modify the lookup definition name.

  8. Where should I copy the third party libraries (sapjco3.jar) if I am using the connector server?

    Answer: Copy SAP User Management third party libraries (sapjco3.jar) into the CONNECTOR_SERVER_HOME\lib directory.

  9. Is the SoD Check Tracking ID field no longer populated with a value during the SoD check?

    Answer: From Oracle Identity Manager 11.1.2.x, the SoD Check Tracking ID field no longer populates a value during the SoD check. You can ignore this field as it displays a null value and does not result in functionality loss.