How To synchronize data from SAP HCM to SAP NetWea...

Former Member · ‎02-27-2008

The HCM Use Case document (see http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0ad23d3-3664-2a10-8aa7-e9c3c8616...) provided for the SAP NW Identity Management component synchronizes employee data from the HCM system to the Identity Store using the LDAP connector as well as the Virtual Directory Server.

If one already uses a Middleware like SAP PI, transferring employee data as well as other relevant objects for rule based role assignment in the SAP NW Identity Management tool can also be done using the standard HR Master Data Distribution mechanisms based on ALE and IDOC by simply running the report RHALEINI with specific variants.

You will learn in this blog what has to be done in order to replicate "Organisational Unit" data from an HCM system to the SAP NW Identity Store into a custom entry type within the identity store which afterwards holds organizational data including parent/child relationships using SAP PI instead of LDAP Connector and VDS.

Part I (published in Calendar Week 9) explains the steps which have to be executed in SAP PI in order to transfer and transform the data from HCM to Identity Center using the standard HR Master Data Extraction.

How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part II) (published in Calendar Week 10 2008) explains how to create a new entry type in the Identity Store, how to write the data from the staging area into the ID Store and finally how to create the parent / child relationships for having the hierarchy information available in the identity store.

How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part III) (published in Calendar Week 12 2008) finally shows how to integrate the new entry type into the IDM workflow portal.

The following systems are required:

HR/HCM System (I am working with an IDES ECC 6.0 installation)
SAP XI 3.0 / SAP PI 7.0 installation (I am using SAP PI SPS 10)
SAP NW Identity Management 7.0 SP01 (I am using 7.0 SP01 Patch 1)

Knowledge / experience in the following area(s) is helpful:

ALE / IDOC Scenario Configuration
SAP XI / SAP PI experience
Basic SQL knowledge
Basic JScript knowledge
SAP NW Identity Management Knowledge

Download and Import of ESR Content (XI Content)

Download the following ESR Content (XI Content) packages from the Software Distribution Center in the appropriate version for your system landscape:

XI CONTENT HR

Therefore go to
SAP Software Distribution Center (http://service.sap.com/swdc)
   => Download
      => Support Packages and Patches
         => Entry by Application Group
            => SAP Content
                => ESR Content (XI Content)

Please follow the following SAP notes in order to import ESR Content (XI Content):

XI 3.0: SAP Note 705541 - XI 3.0 (SP1 and higher): Importing XI Content
PI 7.0: SAP Note 836200 - SAP NW 7.0: Importing Process Integration Content

After importing the specified components you should see the new software components in the SAP XI/PI Integration Repository.

The scenario, which we will setup uses the IDoc definition for the HRMD_A.HRMD_A07 IDoc. In case of older HR systems also other IDOC versions can be used.

Deploy the JDBC driver to access the Identity Center Database with the SAP PI JDBC adapter

Follow the instructions in the HowTo Guide “How to Install and Configure External Drivers for JDBC & JMS Adapters”.

You can download the HowTo Guide from the following location: http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f04ce027-934d-2a10-5a8f-fa0b1ed4d...

You will also need a ZIP Package provided for the HowTo Guide: http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e00262f5-934d-2a10-b99c-9bc63c2a7...

In case the URLs have changed, go to http://www.sdn.sap.com/irj/sdn/howtoguides and navigate to the list of available HowTo Guides for the Exchange Infrastructure.

Basic infrastructure Setup for the scenario

Please execute the following tasks as preparation for the PI scenario configuration:

In the SLD ...
- Create your own Software Product and Software Component Version in the SLD. In the example, I am using the Software Component Version ISV_SAP_HCM_IDM_INTEGRATION, 1.0.
- Register your HCM technical system using transaction RZ70 in the SLD
- Create a technical system of type “Third-Party” or “Standalone Engine” for the system, where you installed your Identity Center components.
- Create a business system of type “Web AS ABAP” for the HCM client.
- Create a business system of type “Third-Party” or “Standalone Engine” for the Identity Center system.
In the SAP PI Integration Repository …
- Import the created software component from the SLD version into the Integration Repository
- Add a name space to the Software Component. In the following example I created the name space urn:ibsolution-de:idm:hcm
In the SAP PI Integration Directory …
- Create an Integration Scenario. In the example I created the integration scenario ISV_ISM_HCMBlog
- Import the Business Systems you created in the SLD for the HCM system as well as the IDM System
- Assign the two business systems to the Integration Scenario
In the HCM system …
- Setup a distribution model in order to distribute generated IDOCs of type HRMD_A07 to the SAP XI / SAP PI system. (Transactions: BD64, SM59, WE20, WE21)
In the SAP PI system …
- Use transactions SM59, IDX1 and IDX2 to setup the basic IDOC connectivity to be able to receive IDOCs from the HCM system

After executing the tasks above, your SAP PI environment should look the following:

Software Component ISV_SAP_HCM_IDM_INTEGRATION, 1.0 in the Integration Repository

Integration Scenario in the Integration Directory
- Business system for HCM in the example: de_ibsolution_D04_800
- Business system for IDM in the example: de_ibsolution_IDM_dev

For the replication of HR Organisational Unit Data from HCM to the Identity Store, we use a two step approach:

First Step is to transfer the data from the HCM system into a database table created for holding the organisational unit data from the HCM system. (Part I)
Second Step is to run Jobs and passes in the Identity Center, which transfers the OU data from the staging table to the Identity Store including delta handling. This approach is comparable with the mechanism, which is used during the initial load of Web AS ABAP technical roles and profiles into the identity store. (Part II and Part III)

Create a database table in the Identity Center Database for the HCM OU data

You can use the following SQL script to create the database table. Please make sure, that you use the correct database prefixes in case you created a Identity Center database with a custom prefix:

   USE [mxmc_db]
   GO

   SET ANSI_NULLS ON
   GO
   SET QUOTED_IDENTIFIER ON
   GO
   SET ANSI_PADDING ON
   GO
   CREATE TABLE [mxmc_rt_u].[ISV_HCM_ORG_DATA_FROM_SAPXI](
      [ORGOBJECTID] [varchar](255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
      [ORGNAME] [varchar](255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
      [ORGSPRACHE] [varchar](255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
      [PARENT] [nchar](10) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
      [CHILD] [nvarchar](max) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
   ) ON [PRIMARY]

   GO
   SET ANSI_PADDING OFF

Prepare the XI / PI Design Objects in the Integration Repository

Create the data type for the already created (see SQL script above) target database table ISV_HCM_ORG_DATA_FROM_SAPXI

Create a Message Type for the data type

Create the message map in the Integration Repository to map the appropriate Info Types from the HRMD_A07 IDOC to

The mapping specification is the following (Please contact me in SDN if you would like to get the complete software component version for this example):

/ns0:IDMHCMJDBCOrgInsertUpdate= /HRMD_A07/IDOC/E1PLOGI=

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement=
      removeContexts(/HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000= )

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/@action=
      const([value=UPDATE_INSERT])

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/table=
      const([value=ISV_HCM_ORG_DATA_FROM_SAPXI])

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/access/ORGOBJECTID=
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000/OBJID=

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/access/ORGSPRACHE=
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000/LANGU_ISO=

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/access/ORGNAME=
      mapWithDefault([default_value=Kein Langtext verfuegbar]
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000/STEXT=)

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/access/PARENT=
      SplitByValue([type=Each value]concat([delimeter=]
      removeLeft(const([value=2]),
      removeSuppress(ifWithoutElse([keepss=true]and(and(stri ngEquals(toUpperCase(
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/RELAT=), const([value=002])),
      stringEquals(/HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/RS IGN=, const([value=A]))),
      stringEquals(substring([start=0, count=1]toUpperCase(
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/VARYF=)),
      const([value=O]))), /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/VARYF=))),
       /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000=))

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/access/CHILD=
      SplitByValue([type=Each value]concat([delimeter=]concatValues(
      removeSuppress(ifWithoutElse([keepss=false]and(and(str ingEquals(
      toUpperCase(/HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/REL AT=), const([value=002])),
      stringEquals(/HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/RS IGN=, const([value=B]))),
      stringEquals(substring([start=0, count=1]toUpperCase(
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/VARYF=)),
      const([value=O]))), removeLeft(const([value=2]),
       /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1001/VARYF=))),
      const([value=|])), /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000=))

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/key=
      const([value=1])

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/key/ORGOBJECTID=
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000/OBJID=

/ns0:IDMHCMJDBCOrgInsertUpdate/InsertUpdateStatement/HCMOrgFromXI/key/ORGSPRACHE=
      /HRMD_A07/IDOC/E1PLOGI/E1PITYP/E1P1000/LANGU_ISO=

Create the message Interface

Create the interface map

Activate the created objects

The setup in your Integration Repository should now be the following

Now the design objects for configuring the transfer of organization unit data from HCM to the Identity Center are in place. As a next step we have to setup the integration scenario in the SAP XI/PI Integration Directory.

Create the XI / PI Integration Scenario in the Integration Directory

Create a receiver communication channel of type JDBC for the Identity Center system

Please adjust the database settings according to your needs. In my environment, I used a database wirh prefix sbx. Therefore the database connection string is including sbx_db instead of mxmc_db in a standard installation. The same is true for the user name.

Create an appropriate receiver determination

Create the interface determination. I created two inbound interfaces. One is used to just put the message through without any transformation and use a file adapter to put it into a file system. The other one is the important one. It uses the created message and interface mappings in order to transform the IDOC into the XML format used for writing to the Identity Center database.

Since we only want to consider IDOCs which contain data for object type "O" (Organisations) we also include a condition.

Last but not least, create the receiver agreement, which references the created receiver communication channel.

The setup in your Integration Directory for this specific scenario should now be the following

Activate the changes.

Extract HR Organisational Data

Now login to your HCM system already which is already connected to PI. As mentioned in the beginning the assumption is, that you have a working ALE configuration and distribution model, which allows to send generated IDOCs of type HRMD_A07 to your SAP PI system.

Start transaction SE38 to execute the report RHALEINI.

Execute the report RHALEINI

Fill in an "O" for Object Type and the Logical System Name of your SAP PI system in the Receiver Partner Number field nearly at the bottom of the screen. Execute the report. You have to confirm, that you did not select an object so all objects of the specified type will be transferred. If the IDOC / ALE setup is correct, the HR master data objects are being selected, IDOCs are being generated and transferred to the SAP PI system. There the XML IDOC gets mapped into the target database table structure and written to the database.

Will be continued in How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part II)