Creating a Custom Business Application Programming Interface (BAPI)
You can aggregate the following attributes by manually adding them in the Schema Attributes section:
-
Function: Use Function as the field name in the provisioning policy.
-
SNC Name: Use SNC Name as the field name in the provisioning policy.
-
Functional Area: Use function_area as the field name in the provisioning policy.
-
User Group Assignments
-
Logon Language
-
Function
-
Phone
-
Department
SailPoint provides support for aggregation and provisioning of the additional attributes mentioned below. You must add these to the account schema and create a custom BAPI.
-
Alias
-
Personnel Number
-
Company
-
Parameters (Multi valued)
Important
After creating the BAPI, you must add the name of the BAPI under RFC_NAME
in authorization object S_RFC
in SAP GRC.
To create a custom BAPI:
In the GRC system, provide the input and output parameters.
The input for the custom BAPI must be User_ID
as described below:
The output of this value must be in the form of:
-
Z_USER_DETAILS_TABLE - Internal table
: where each row is of Line Type:ZUSER_SYSTEM_DETAILS
.ZUSER_SYSTEM_DETAILS
is a custom structure which contains two fields:-
SYSTEM
: The system to which the user is connected. Associated type isCHAR
. -
Z_GRAC_S_USER_DETAIL
: The complete user details. The associated type isGRAC_S_USER_DETAIL
.Note
This is GRC’s built-in structure which represents a complete user entity connected to a system.
-
-
ET_MESSAGE
: contains error message details and the associated type isBAPIRET2_TAB
.
FUNCTION ZCUSTOM_BAPI_FOR_ADDITIONAL_ATTRIBUTES.
*"----------------------------------------------------------------------
*"*"Local Interface:
*" IMPORTING
*" VALUE(USER_ID) TYPE GRAC_USER
*" EXPORTING
*" VALUE(Z_USER_DETAILS_TABLE) TYPE ZGRAC_S_USER_TAB
*" VALUE(ET_MESSAGE) TYPE BAPIRET2_TAB
*"----------------------------------------------------------------------
DATA:
ld_IV_USER TYPE GRAC_USER ,
ld_ES_USER_DETAILS TYPE GRAC_S_USER_DETAIL ,
it_data TYPE STANDARD TABLE OF GRACUSERCONN INITIAL SIZE 0 ,
wa_data TYPE GRACUSERCONN ,
id_system_id TYPE string ,
it_user_details TYPE STANDARD TABLE OF ZUSER_SYSTEM_DETAILS INITIAL SIZE 0 ,
ld_custom_user_struct TYPE ZUSER_SYSTEM_DETAILS,
exception_ref TYPE REF TO cx_grfn_exception.
ld_IV_USER = USER_ID.
*Getting systems associated with a user
SELECT * FROM GRACUSERCONN WHERE USER_ID = @ld_IV_user INTO TABLE @it_data.
TRY.
*Loop over each connector to get the user details
LOOP AT it_data INTO wa_data.
id_system_id = wa_data-CONNECTOR.
clear : ld_ES_USER_DETAILS.
CALL METHOD CL_GRAC_AD_ACCESS_MGMT=>GET_USER_DETAIL(
EXPORTING
IV_USER = ld_IV_USER
iv_system_id = id_system_id
IMPORTING
ES_USER_DETAILS = ld_ES_USER_DETAILS
ET_MESSAGE = ET_MESSAGE
).
ld_custom_user_struct-SYSTEM = id_system_id.
ld_custom_user_struct-Z_GRAC_S_USER_DETAIL = ld_ES_USER_DETAILS.
APPEND ld_custom_user_struct TO it_user_details.
ENDLOOP.
CATCH cx_grfn_exception INTO exception_ref.
RETURN.
ENDTRY.
Z_USER_DETAILS_TABLE = it_user_details.
ENDFUNCTION.