Creating a Custom Business Application Programming Interface (BAPI)

You can aggregate the following attributes by manually adding them in the Schema Attributes section:

  • Function: Use Function as the field name in the provisioning policy.

  • SNC Name: Use SNC Name as the field name in the provisioning policy.

  • Functional Area: Use function_area as the field name in the provisioning policy.

  • User Group Assignments

  • Logon Language

  • Function

  • Phone

  • Department

SailPoint provides support for aggregation and provisioning of the additional attributes mentioned below. You must add these to the account schema and create a custom BAPI.

  • Alias

  • Personnel Number

  • Company

  • Parameters (Multi valued)

Important
After creating the BAPI, you must add the name of the BAPI under RFC_NAME in authorization object S_RFC in SAP GRC.

To create a custom BAPI:

In the GRC system, provide the input and output parameters.

The input for the custom BAPI must be User_ID as described below:

The output of this value must be in the form of:

  1. Z_USER_DETAILS_TABLE - Internal table: where each row is of Line Type: ZUSER_SYSTEM_DETAILS.

    ZUSER_SYSTEM_DETAILS is a custom structure which contains two fields:

    • SYSTEM : The system to which the user is connected. Associated type is CHAR.

    • Z_GRAC_S_USER_DETAIL : The complete user details. The associated type is GRAC_S_USER_DETAIL.

      Note
      This is GRC’s built-in structure which represents a complete user entity connected to a system.

  2. ET_MESSAGE : contains error message details and the associated type is BAPIRET2_TAB.

Copy 
FUNCTION ZCUSTOM_BAPI_FOR_ADDITIONAL_ATTRIBUTES.
*"----------------------------------------------------------------------
*"*"Local Interface:
*"  IMPORTING
*"     VALUE(USER_ID) TYPE  GRAC_USER
*"  EXPORTING
*"     VALUE(Z_USER_DETAILS_TABLE) TYPE  ZGRAC_S_USER_TAB
*"     VALUE(ET_MESSAGE) TYPE  BAPIRET2_TAB
*"----------------------------------------------------------------------


DATA:
ld_IV_USER TYPE GRAC_USER ,
ld_ES_USER_DETAILS TYPE GRAC_S_USER_DETAIL ,
it_data TYPE STANDARD TABLE OF GRACUSERCONN INITIAL SIZE 0 ,
wa_data TYPE GRACUSERCONN ,
id_system_id  TYPE string ,
it_user_details TYPE STANDARD TABLE OF ZUSER_SYSTEM_DETAILS INITIAL SIZE 0 ,
ld_custom_user_struct TYPE ZUSER_SYSTEM_DETAILS,
exception_ref TYPE REF TO cx_grfn_exception.


ld_IV_USER = USER_ID.

*Getting systems associated with a user
SELECT * FROM GRACUSERCONN WHERE USER_ID = @ld_IV_user INTO TABLE @it_data.


TRY.
*Loop over each connector to get the user details
LOOP AT it_data INTO wa_data.

id_system_id = wa_data-CONNECTOR.
clear : ld_ES_USER_DETAILS.

CALL METHOD CL_GRAC_AD_ACCESS_MGMT=>GET_USER_DETAIL(
EXPORTING
IV_USER = ld_IV_USER
iv_system_id    = id_system_id
IMPORTING
ES_USER_DETAILS = ld_ES_USER_DETAILS
ET_MESSAGE = ET_MESSAGE

).

ld_custom_user_struct-SYSTEM = id_system_id.
 ld_custom_user_struct-Z_GRAC_S_USER_DETAIL = ld_ES_USER_DETAILS.

APPEND ld_custom_user_struct TO it_user_details.

ENDLOOP.

CATCH cx_grfn_exception INTO exception_ref.
RETURN.

ENDTRY.

Z_USER_DETAILS_TABLE =  it_user_details.


ENDFUNCTION.