How to setup SOVN OrgAudit application
Loading the Default Build
- Set the RDBMS connection to the database you have set up for the purpose of holding OrgAudit application data.
- The username used to access the RDBMS system must have read/write/create/drop object rights to this database. See the OrgAudit Admin guide for more details.
- SAPRoleMappingConnection and SAPExtractorConnection
- SAP connection in format:
- The username and password are of a system account in SAP with at least the permissions detailed on p14 (“Authorization Objects”) of the OrgAudit Admin guide (“OrgAudit_VSN40_Admin_En.pdf”).
AuthenticationThe out of the box authentication method is “Anonymous”, meaning anyone with access to the URL will have access to the application. For the purpose of this exercise you don’t need to change it, but I will list how to change it to a Login screen and I recommend you consider which authentication method suits you best when implementing.
Use the Security Settings section to configure authentication. Go to User Authentication > Authentication Settings.
For simplicity, start by using the “Logon Screen” option (meaning the user will have to enter a valid SAP username and password to enter).
- Select Logon Screen, click Next
- For Credentials, just click Next
- In the Authentication
Source section, enter the information requested based on the SAP system you will authenticate against and click Next.
- For Employee
Source, just click Next.
- In the Role
Mapping section you should see the connection details you’ve already set up (as it uses SAPRoleMappingConnection), so just click Next (feel free to use Test Connection to double check!)
- Press Submit
Again, for simplicity, let’s make the HR role the default so we are assigned this when we come to test. In the Security Settings module, select Define Roles (below Roles). Then click Edit Roles. In the drop down, Select Role select ROLE_EXECUTIVE (or ROLE_HR as they are identical) and click Set as Default.
Click Finish, Submit and Save your build.
Note that because OrgAudit is based on staged data, any SAP structural authorization will not apply to the structure. This means all users will see the entire organizational structure, including error details for all org units. OrgAudit is intended for managers, HR and executives – not for general employees.
Extracting DataThe extraction process needs some basic configuration to specify the root id of your organisation as this is used in the extraction.
Click Configure Staging module, then Configure SAPExtractor. In the first section, test the (SAP) connection, click Next, then test the (DB) connection and click Next until the Keywords section. Set the OrgUnitRoot as required (normally the same as you set for the Org Unit hierarchy in the previous section).
Click Finish, Submit and Save your build change.
Extract DataThis retrieves all the data to visualise the organisational structure and its objects (org units, positions and employees). It is very similar to configuring staging in OrgChart but unlike OrgChart, there is no analytics generation step … analytics related to the audit data are available in the application, but are calculated later in the process.
Personally, I recommend checking the CDS log for any errors at this stage (this blog post is a good reference for how you could use a script to do that).
Set Root IdsThe Org and Position hierarchies require configuration of the root. For simplicity we will specify a specific root id (object id from SAP). Use SAP transaction PPOSE to locate and confirm these root object ids in your system.
In the Audit View module, click on Org Unit (below Organization Structure). Click on General Settings section and in the Org chart root value field enter your root org unit ID. Click Finish, then Submit.
Still in the Audit View module, click on Position Hierarchy (below Position Org Chart). Repeat the process above to specify the root of this structure (a position id). If you don’t maintain S 002 S relationships, then you can disable this hierarchy in the Enable/Disable section found when you click on the Position Org Chart.
Click Finish, and then Submit. Click Save to save your build changes.
Configure AuditNext we need to create the database structure to hold the rules and errors in the application database.
To do this, click Configure Audit module then Configure Audit (below ErrorExtractor Settings). By all means test your (SAP) connection but then click Next.
In the Destination section, click Recreate Database Structure button (note we are only doing this because it is the first time of setting up the application). In the pop up message, confirm with Yes. A confirmation message (not that big, but just above the connection input boxes) appears on screen. Click Finish, and then Submit.
Add RulesThis is the configuration of the rules applied to data and then the running of the audit steps (to apply the configured rules and produce any errors).
Click Configure Audit module, then Add Rules (below ErrorExtractor Settings). For each rule template you intend to use, you need to select it (one at a time), and click through this wizard to configure it.
For simplicity (and I don’t recommend this long term), let’s configure 1 rule (repeat for others if you wish). Check the second rule (“Age Incorrect”) in the list of template rules and click Next.
Modify the rule (click icon to left of the row) and change the “Rule Weightage” from 6 to 100 (since we will only have 1 rule for now, we have to put 100%, as the active rules for each group must sum to 100%). Click Next. Click Finish. Click Submit.
Close the browser once published and open a new one to try it out! The application will be accessible via:
Obviously give it a full test but as a 2 min quick sense check, I would suggest testing:
- Is each hierarchy visible?
- Click on different types of node (OU, Position, etc.) to view the detail panels.
- In the Audit Runs listing, can you see 1 result for the audit run you’ve just completed?
- Does the analytics dashboard display?
- Does a selection of listings return results?
Post Set UpYou now have an OOTB (out of the box) build setup. This is always a great reference in case of any product issues.
So, I suggest that when you start to configure the application further you use “Save as…” again to create a new build version and configure from there. You can also use the “Export Changes” button in the AdminConsole to export your build to a ZIP file and store it in your project directory as a backup.