SAP NW IdM Notification Report
Overview
During the implementation of SAP NetWeaver Identity Management typically reporting requirements need to be satisfied. The generic ways available are to create a simple report using SAP Business Objects Crystal or Jasper and more complex reports using SAP Netweaver Business Warehouse.
If the requirement is not huge then we can make use of existing standard SAP IDM tasks/jobs in identity center to generate such report. It will be more cost effective and easy to customize. We can even send reports in the form of notification by allowing a self-service task for the end user so that they trigger it on their own without involving any other workflow. The scope of this doc is to provide such idea with relevant use case.
Usecase – Report for managers on subordinates
A self-service task for managers so that just by few mouse clicks (as shown below) they can request for the subordinate details delivered to their email.
- Self-Service Task
- Select email id
- Submit Request
- E-mail received
Solution
The components involved for the solution of this use case are as follows
- Notification Repository
- Notification Template
- Temporary attribute (AX_REPORT_ATTR)
- Ordered task group (UI task)
- Empty Job with ‘To Generic’ Pass
- Scripts
Version
SAP NetWeaver Identity Manager Version 7.2, Service Pack 7
Notification Repository
The notification task uses a repository called “NOTIFICATION” when sending notification messages. If you are using the SAP provisioning framework, you normally will have a notification repository defined that is used by the framework. If so, you could use the existing repository.
If not you can create a repository based on the “Notification” template. Specify “NOTIFCATION” as name for the repository and fill in values for the repository constants.
Notification Template (Reportee.html)
A sample HTML template for this use case is as below.
<html>
<head>
<style type=”text/css”>
table{border:solid 1px #666666; width:100%; border-bottom:0px;};
td{border: 1px solid #666666; font-family:SAPFolioMedium,Arial; font-size:12px; padding-right:5px;}
.heading{font-family:SAPFolio,Arial; font-size:18px; font-weight:bold; color:#F0AB00;}
.tableHeading{background-color:#cccccc;}
</style>
</head>
<body>
<table>
<REPORT_CONTENT>
</table>
</body>
</html>
Here <REPORT_CONTENT> will be replaced with corresponding dynamic values by the script in the ‘To Generic’ pass of job.
Temporary attribute (AX_REPORT_ATTR)
A temporary attribute is maintained to confirm on the end user email address. Same will be cleared after the flow of job is completed at back end. This is to avoid in front end UI from prompting like ‘The task is executed with no data change’
Make sure to check UI task and keep it enabled.
Attribute mapping are as below
Here %usermskey% in the above query will fetch dynamically the mskey of the user on which action is performed. We are mapping primary email address to the temporary attribute which will be cleared at the end by the script.
Here Access Control is provided only for ‘MANAGER_ROLE’. So only the managers will have access to this self-service task.
‘To Generic’ Pass
‘To Generic ‘pass is added to the empty job here and the configuration of attributes are as below. This in turn will be referred in the custom script that triggers notification.
Scripts
Use below scripts as reference and frame it as per the requirement
// Main function: AX_reporteeListByEmail
function AX_reporteeListByEmail(Par){
usermskey = Par.get(“MSKEY”);
mailMessageFile = Par.get(“MESSAGEFILE”);
mailSubject = Par.get(“SUBJECT”);
mailRecipients = Par.get(“RECIPIENTS”);
userattributes = Par.get(“ATTRIBUTES”);
headerRow=”<tr><td class=tableHeading>User ID</td><td class=”tableHeading”>Display Name</td><td class=”tableHeading”>Email</td><td class=tableHeading>Company</td><td class=”tableHeading”>Cost Centre</td></tr>”
userattrArray = userattributes.split(“!!”);
rMskey = “SELECT mcMSkey FROM idmv_vallink_basic WHERE mcAttrName = ‘MX_MANAGER’ and mcSearchValue =” + usermskey;
rValue=uSelect(rMskey);
mailSMTPHost = “%$rep.MAIL_SMTP_HOST%”;
mailSMTPPort = “%$rep.MAIL_SMTP_PORT%”;
mailSender = “%$rep.MAIL_ORIGINATOR%”;
mailDebug = sap_getAsBoolean(“rep.MAIL_DEBUG”);
mailContentType = 1; //0-Text, 1-HTML
mailMessage = uFromFile(mailMessageFile, 0, false);
oArray=rValue.split(“!!”);
value = headerRow;
for(j=0; j<oArray.length; j++){
CurrentIDStore = uGetIDStore();
value = value+”<tr>”;
for (i = 0; i < userattrArray.length; i++) {
oValue = uIS_nGetValues(oArray[j],userattrArray[i]);
if(oValue.indexOf(“ERROR”) > 0) {
oValue = “”;
}
value = value + “<td>”+oValue+”</td>”;
}
value = value+”</tr>”;
}
mailMessage = uReplaceString(mailMessage, “<REPORT_CONTENT>”, value);
if (mailDebug.equalsIgnoreCase(“1”)) {
mailDebugRecipients = “%$rep.MAIL_DEBUG_RECIPIENTS%”;
uInfo(“DEBUG MODE ON: Sent email to ” + mailRecipients);
mailMessage = “DEBUG: mailto:” + mailRecipients + “\n\n” + mailMessage;
uSendSMTPMessage(mailSender, mailDebugRecipients, “DEBUG: ” + mailSubject, mailMessage, mailSMTPHost, mailContentType);
} else {
// mailRecipients =”%$rep.MAIL_DEBUG_RECIPIENTS%”;
uInfo(“Sent email to ” + mailSender);
uSendSMTPMessage(mailSender, mailRecipients, mailSubject, mailMessage, mailSMTPHost, mailContentType);
}
AX_resetReportAttr(Par);
return “”;
}
// Main function: AX_resetReportAttr
function AX_resetReportAttr(Par){
var idStore = “%$glb.SAP_MASTER_IDS_ID%”;
var mskey = Par.get(“MSKEY”);
outstring = uIS_SetValue(mskey,idStore,”AX_REPORT_ATTR”,””);
return ”;
}
// Main function: sap_getAsBoolean
function sap_getAsBoolean(Par){
//Example calling DSE internal function
//uStop(“Terminated by user”);
var constantValue = UserFunc.uGetConstant(Par).toLowerCase();
if (constantValue == “true” || constantValue == “1” )
return “1”;
else
return “0”;
}