The steps below guide you through the process of configuring the ERP MA to create new users in SAP. The ERP MA Configuration Tool is used to create the configuration. Depending on your SAP environment, you may be able to use the default template instead of following these steps. If possible, it is recommended to either use or start with the default template. The steps outlined in this section, describe the process for creating a new Add User operation for the User Object Type.

The approach

The approach is to first flow the create-user-data from the FIM attributes onto the corresponding function/parameters for the 1st function (BAPI_USER_CREATE). Next, assign a profile to the user account (allowing the user to log onto the SAP) by calling a 2nd function (BAPI_USER_PROFILES_ASSIGN).

The default functions used for adding user(s) to SAP are:

  • BAPI_USER_CREATE - Adds a new user to SAP.

  • BAPI_USER_PROFILES_ASSIGN - Assigns a profile to the new user account.

For this example, we'll configure the minimum set of attributes:

  • username - anchor attribute (defines the user)

  • firstname

  • lastname

To configure an add user operation

  1. To begin, start the ERP Configuration Tool. This will bring you to the main window. Click the connect button to connect to your SAP server.

  2. Click the Add ObjectType action button. Enter the name of the CS object to be created in FIM (i.e. users, employee, etc). Click Next to move to the 'Add Operations for ObjectType' form.

  3. Click the Add button to add new operations for this object type. Doing so will start the "Define Operation" wizard. Select Add for the operation by clicking and selecting from the standard FIM operations in the drop-down combo box.

    Note
    You will need to supply a password for the create BAPI to succeed. To do so, set the password field (BAPI_USER_CREATE.PASSWORD.BAPIPWD) to reference the predefined alias 'ma.runtimeGeneratedPassword.' For more information on this see the section on Password Management.

  4. Define the functions to be executed for this operation. Click the Add button to find and add functions to this operation. The Search Functions dialog box will be displayed. Enter BAPI_USER_CREATE in the search dialog box to find and select this function into your configuration.

  5. Similar to the 1st function, add a 2nd function 'BAPI_USER_PROFILES_ASSIGN' to this operation. When done you should have two functions listed in your operation. Complete the wizard by clicking Next until you return to the main screen.

Adding attribute 'username'

  1. Click the Add Attribute action button on the main window. This will start the 'Add New Attribute' wizard.When prompted enter a name='username' then click Next.

  2. Map this attribute the function/parameters

    • 'BAPI_USER_CREATE.USERNAME'

    • 'BAPI_USER_PROFILES_ASSIGN.USERNAME'

This will flow data from attribute 'username' to the username parameter on the function.

Adding attribute 'firstname'

  1. Repeat the Add Attribute procedure outlined above to create a new string attribute named 'firstname'.

  2. Map this attribute to the function/parameter 'BAPI_USER_GET_DETAIL.ADDRESS.FIRSTNAME which returns 'firstname' information for a user.

This will flow data from attribute 'username' to the username parameter on the function.

Adding attribute 'lastname'

  • Repeat the Add Attribute procedure outlined above to create a new string attribute named 'lastname'.

  • Map this attribute to the function/parameter BAPI_USER_GET_DETAIL.ADDRESS.LASTNAME which returns 'lastname' information for a user.

Adding attribute 'profile'

  • Click the 'Add Attribute' action button on the main window to start the Add Attribute wizard. When prompted enter the

    1. name = 'profile'

    2. Check the 'multi-value' option for this attribute, since a user may have multiple profiles assigned.

    3. Map this attribute to the function/parameter 'BAPI_USER_PROFILES_ASSIGN.PROFILES.BAPIPROF'

Adding a runtime check condition to 'BAPI_USER_PROFILES_ASSIGN' (optional)

Because a separate function is called to assign profiles to a user, you may not want this function to run when there is no 'profile' data to process. To prevent this, set up a runtime condition to check that the CS attribute "profile" is populated before calling this function.

  1. Edit the 'add' operation by selecting the operation and clicking the edit action button

  2. Select the 'BAPI_USER_PROFILES_ASSIGN' function and click the edit button at the bottom of the form.

  3. Click the edit function properties to the right of the function name. This will open the "Add Condition" form shown below.

    • Check the 'Enable checking runtime condition before executing function' checkbox.

    • select the attribute named 'profiles' in the attribute list

    • In the 'Execute function when' option, check the 'Attribute Value Exists' radio box

Save configuration as MA

  • Save the configuration to the FIMInstallDirectory/Extensions folder. Remember to use a name which will be the name of you MA within FIM.