Connecting Non SAP Applications to SAP IDM (Database oriented)
Lily Sloane: I envy you… the world you’re going to.
Captain Jean-Luc Picard: I envy YOU… taking these first steps into a new frontier.
–Star Trek: First Contact
Previous entries here in the SCN IDM Space have discussed connecting various applications to SAP IDM. Active Directory (and other LDAP related systems) SAP Systems, Flat Files, even database tables. But what we have not really discussed is how to connect a database related system to SAP IDM. As with all things IDM, there are a number of ways to do this using IDM and VDS, and I am going to discuss how to do this over the next couple of blog postings.
In this first entry, I will discuss how to set up the Repository and Initial load for the system, which I am simply calling NonSAPApp. It is based on a simple database structure that was submitted in a Forum thread.
So the first challenge was creating the Repository. To do this, I simply used the New Repository Wizard to create a Database Repository
Didn’t need to do too much here, just name the repository, choose the driver and then add the JDBC and OLE DB connection strings. If you’ve installed IDM before or created a new Identity Store, this should not prove to be too much of an issue. When you’re all done, you’ll get something like this:
Now we can go ahead and create an Initial Load job. To do this, first I went through the job wizard to create a job to use as a template.
Make sure when you are running through the wizard that you select the correct repository. Don’t worry though, it can all be modified later 🙂 After you’ve run through the wizard, expand the node and remove the unnecessary passes so the job looks like this:
Now let’s talk about some of the changes that were made to these passes so it will work for NONSAPAPP.
- In the root node of the job, double check and make sure it’s enabled, has a dispatcher assigned (and running!) This is also your chance to make sure that the correct repository is selected.
- In the Create System Privilege Pass, change the description to something that describes the application. If need be this can be done manually later.
- In ReadNonSAPAppUsers, make sure that you are re-configuring the source tab to read from your Users table. It will look something like this:
You’ll then be able to do an Insert Data Source Template
- For ReadNonSapAppRoles, do the same thing, except that you will need to pull from your Roles Table
- In the WriteUsers pass, map the fields accordingly. Blank out any fields that don’t apply or won’t be populated either by disabling the attribute via the # prefix or by clearing the attribute value.
- In the WriteRolePrivilege there is a value of %uniquename% used in the MSKEYVALUE and DISPLAYNAME attributes, if you are not using this value, replace it with a relevant unique value in your database as I have done here:
That’s it, run the job, fix your errors and then check the database to make sure that the roles and users have been created. In this case, my sample data had one user, Luke Skywalker (guess what I was watching?) and some roles that you can see from the following queries.
First a query that shows the user has been created:
Next a query that shows the roles have been created and any users assigned to roles.
So there you have it. You’ll notice I did not handle role assignments here, but I think we call get the general idea of how to do this. In the next week or so, I will wrap this up by extending the provisioning framework to cover adding a user via the IDM UI to the system.
Thinking back to my TechEd Sessions with Plamen Pavlov and Kristian Lehment, you might want to try importing the attached file to a Version 8 environment.(Or to a version 7 environment for that matter) Just remember to drop the “.xml” from the filename. Note that there are absolutely no warranties or guarantees included with this configuration and neither myself or SAP can be held responsible for anything that happens as a result of using this import. – MP
If you’d like to know how to connect the application to the Provisioning Framework, take a look at the follow up to this blog: Connecting Non SAP Applications to the SAP IDM Provisioning Framework