Configuring SailPoint’s Function Module

Note
Configure any one function module based on your SAP_BASIS version.

  1. Use the /SAILPOIN/SAIL_READ_TABLE function module to support systems whose SAP BASIS version is 751 and later.

    This is a SAP-certified function module provided by SailPoint to replace the use of SAP’s RFC_READ_TABLE function module, according to SAP recommendations, for reading data from SAP tables required for governance.

    The /SAILPOIN/SAIL_READ_TABLE provides enhanced security, support for pagination, and performance improvements over the RFC_READ_TABLE. For more information on the deployment process, refer to Installation of SAILPOIN Add-On

  2. Use the /SAILPOIN/SAIL_READ_TABLE_LEG function module to support SAP systems whose SAP_BASIS version 740, Support Package 08 up to BASIS 750.

    This is a SAP-certified function module provided by SailPoint to replace the use of SAP’s RFC_READ_TABLE function module, according to SAP recommendations, for reading data from SAP tables required for governance.

    The /SAILPOIN/SAIL_READ_TABLE_LEG provides enhanced security over the RFC_READ_TABLE. For more information on the deployment process, refer to Installation of SAILPOIN Add-On

    To configure SailPoint's Function Module, refer to Connection Settings.

    Note
    Configure any one function module based on your SAP_BASIS version. On the Connection Settings page, select /SAILPOIN/SAIL_READ_TABLE for SAP Basis version 751 and later, or /SAILPOIN/SAIL_READ_TABLE_LEG for SAP_BASIS version 740, Support Package 08 up to BASIS 750.

Configuring SAP GRC Delimiter for aggregation with Sailpoint’s Function Module

  1. Set the delimiter for aggregated users and groups records. The default delimiter used is '/'. Aggregation Delimiter configuration is applicable only in the case of the '/SAILPOIN/SAIL_READ_TABLE' and the '/SAILPOIN/SAIL_READ_TABLE_LEG' Function Module.

    • The length of the field must be two characters.

    • As per the connector implementation, SailPoint recommends using special characters as the GRC Delimiter. For example, “~~, @@, ##, !!”

    • SailPoint encourages using native identities like usernames and rolenames without including commas.

Note
SailPoint will continue to support the RFC_READ_TABLE as per our deprecation policies. SailPoint highly recommends that you start planning the move to use SailPoint's Function Module.