of 72/72
SAP NetWeaver How-To Guide How To... Create Reports with SAP NetWeaver Identity Management Applicable Releases: SAP NetWeaver Identity Management 7.0 SAP NetWeaver Identity Management 7.1 Topic Area: Security and Identity Management Capability: Identity and Access Management Version 1.0 September 2009

How to Create Reports With SAP NetWeaver Identity Management

  • View
    174

  • Download
    4

Embed Size (px)

Text of How to Create Reports With SAP NetWeaver Identity Management

  • SAP NetWeaver How-To Guide

    How To... Create Reports with SAP NetWeaver Identity Management

    Applicable Releases:

    SAP NetWeaver Identity Management 7.0

    SAP NetWeaver Identity Management 7.1

    Topic Area: Security and Identity Management

    Capability: Identity and Access Management

    Version 1.0

    September 2009

  • Copyright 2009 SAP AG. All rights reserved.

    No part of this publication may be reproduced or

    transmitted in any form or for any purpose without the

    express permission of SAP AG. The information contained

    herein may be changed without prior notice.

    Some software products marketed by SAP AG and its

    distributors contain proprietary software components of

    other software vendors.

    Microsoft, Windows, Outlook, and PowerPoint are

    registered trademarks of Microsoft Corporation.

    IBM, DB2, DB2 Universal Database, OS/2, Parallel

    Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390,

    OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP,

    Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix,

    i5/OS, POWER, POWER5, OpenPower and PowerPC are

    trademarks or registered trademarks of IBM Corporation.

    Adobe, the Adobe logo, Acrobat, PostScript, and Reader

    are either trademarks or registered trademarks of Adobe

    Systems Incorporated in the United States and/or other

    countries.

    Oracle is a registered trademark of Oracle Corporation.

    UNIX, X/Open, OSF/1, and Motif are registered

    trademarks of the Open Group.

    Citrix, ICA, Program Neighborhood, MetaFrame,

    WinFrame, VideoFrame, and MultiWin are trademarks or

    registered trademarks of Citrix Systems, Inc.

    HTML, XML, XHTML and W3C are trademarks or

    registered trademarks of W3C, World Wide Web

    Consortium, Massachusetts Institute of Technology.

    Java is a registered trademark of Sun Microsystems, Inc.

    JavaScript is a registered trademark of Sun Microsystems,

    Inc., used under license for technology invented and

    implemented by Netscape.

    MaxDB is a trademark of MySQL AB, Sweden.

    SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP

    NetWeaver, and other SAP products and services

    mentioned herein as well as their respective logos are

    trademarks or registered trademarks of SAP AG in

    Germany and in several other countries all over the world.

    All other product and service names mentioned are the

    trademarks of their respective companies. Data contained

    in this document serves informational purposes only.

    National product specifications may vary.

    These materials are subject to change without notice.

    These materials are provided by SAP AG and its affiliated

    companies ("SAP Group") for informational purposes only,

    without representation or warranty of any kind, and SAP

    Group shall not be liable for errors or omissions with

    respect to the materials. The only warranties for SAP

    Group products and services are those that are set forth in

    the express warranty statements accompanying such

    products and services, if any. Nothing herein should be

    construed as constituting an additional warranty.

    These materials are provided as is without a warranty of

    any kind, either express or implied, including but not

    limited to, the implied warranties of merchantability,

    fitness for a particular purpose, or non-infringement.

    SAP shall not be liable for damages of any kind including

    without limitation direct, special, indirect, or consequential

    damages that may result from the use of these materials.

    SAP does not warrant the accuracy or completeness of the

    information, text, graphics, links or other items contained

    within these materials. SAP has no control over the

    information that you may access through the use of hot

    links contained in these materials and does not endorse

    your use of third party web pages nor provide any warranty

    whatsoever relating to third party web pages.

    SAP NetWeaver How-to Guides are intended to simplify

    the product implementation. While specific product

    features and procedures typically are explained in a

    practical business context, it is not implied that those

    features and procedures are the only approach in solving a

    specific business problem using SAP NetWeaver. Should

    you wish to receive additional information, clarification or

    support, please refer to SAP Consulting.

    Any software coding and/or code lines / strings (Code)

    included in this documentation are only examples and are

    not intended to be used in a productive system

    environment. The Code is only intended better explain and

    visualize the syntax and phrasing rules of certain coding.

    SAP does not warrant the correctness and completeness of

    the Code given herein, and SAP shall not be liable for

    errors or damages caused by the usage of the Code, except

    if such damages were caused by SAP intentionally or

    grossly negligent.

    Disclaimer

    Some components of this product are based on Java. Any

    code change in these components may cause unpredictable

    and severe malfunctions and is therefore expressively

    prohibited, as is any decompilation of these components.

    Any Java Source Code delivered with this product is only

    to be used by SAPs Support Services and may not be

    modified or altered in any way.

  • Document History Document Version Description

    1.00 Public Release

  • Typographic Conventions Type Style Description

    Example Text Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options.

    Cross-references to other documentation

    Example text Emphasized words or phrases in body text, graphic titles, and table titles

    Example text File and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools.

    Example text User entry texts. These are words or characters that you enter in the system exactly as they appear in the documentation.

    Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system.

    EXAMPLE TEXT Keys on the keyboard, for example, F2 or ENTER.

    Icons Icon Description

    Caution

    Note or Important

    Example

    Recommendation or Tip

  • Table of Contents

    1. Business Scenario ............................................................................................................... 1

    2. Background Information ..................................................................................................... 2

    3. Prerequisites ........................................................................................................................ 3

    4. Identity Center DB Important Views/Tables ................................................................... 4

    4.1 Table MXI_Attributes .................................................................................................. 4

    4.2 View MXIV_VALUES ................................................................................................. 4

    4.3 View MXIV_SENTRIES .............................................................................................. 5

    4.4 View MXIV_ALL_SENTRIES ..................................................................................... 5

    4.5 View MXIV_OENTRIES ............................................................................................. 6

    4.6 View MXUV_ENTRIES .............................................................................................. 7

    4.7 View MXUV_ALL_SENTRIES .................................................................................... 8

    4.8 View MXUV_OENTRIES ............................................................................................ 8

    4.9 View MXUV_ALL_OENTRIES ................................................................................... 8

    4.10 View MXV_AUDIT ...................................................................................................... 8

    4.11 View MXPV_Audit ...................................................................................................... 9

    4.12 View MXPV_Ext_Audit ............................................................................................... 9

    4.13 View MXWV_ALL_APPROVALS ............................................................................... 9

    4.14 View MXPV_OLD_APPROVALS ............................................................................. 10

    4.15 View mcv_repository ................................................................................................ 10

    4.16 Table mc_language_translations ............................................................................. 11

    4.17 Comparison of Entry Views ........................................................................................ 11

    5. Typical SQL Statements ................................................................................................... 12

    5.1 Entry type related SQL Queries .................................................................................. 12

    5.2 User-related SQL Queries .......................................................................................... 13

    5.3 Business Role-related SQL Queries .......................................................................... 14

    5.4 Privilege-related SQL Queries .................................................................................... 14

    5.5 Schema-related SQL Queries .................................................................................... 14

    5.6 Audit-related SQL Queries ......................................................................................... 15

    5.7 Repository-related SQL Queries ................................................................................ 15

    5.8 Other SQL Queries ..................................................................................................... 15

    5.8.1 Translations ................................................................................................... 15

    5.8.2 Approvals ....................................................................................................... 15

    6. Reporting Possibilities (Examples) ................................................................................. 16

    6.1 SAP BusinessObjects Crystal Reports ....................................................................... 16

    6.1.1 Setting up Database Connection to IdM ........................................................ 16

    6.1.2 Creating a Report Template .......................................................................... 20

  • 6.1.3 Setting up the IdM Runtime ........................................................................... 28

    6.1.4 Provide Report Template to the IdM Runtime ............................................... 30

    6.1.5 Setting up a Task for Report Creation ........................................................... 30

    6.1.6 Executing the Task ........................................................................................ 38

    6.2 Jasper Reports and iReport ........................................................................................ 41

    6.2.1 Setting up Database Connection to IdM ........................................................ 41

    6.2.2 Creating a Report Template .......................................................................... 43

    6.2.3 Setting up the IdM Runtime ........................................................................... 49

    6.2.4 Provide Report Template to the IdM Runtime ............................................... 50

    6.2.5 Setting up a Task for Report Creation ........................................................... 52

    6.2.6 Testing the Task ............................................................................................ 57

    6.2.7 Adding a Jasper Report as Report entry in 7.1 SP2 ...................................... 59

    6.3 Simple HTML with toASCII Pass ................................................................................ 63

  • How to Create Reports with SAP NetWeaver Identity Management

    1. Business Scenario SAP NetWeaver Identity Management (IdM) helps companies to centrally manage their user accounts (identities) in a complex system landscape. This includes both SAP and non-SAP systems. The solution provides an authoritative, single source of user information and enables self-service management of user information and authorizations using workflow technology.

    During the implementation of SAP NetWeaver Identity Management typically reporting requirements need to be satisfied like

    What are all the attributes of a given user? What are all the business roles assigned to a given user? What systems does a given user has access to? Which business roles are available in the system? How many users/business roles, etc. are available in the system?

    In this guide I will first give you some background information about creating reports based on the data available in SAP NetWeaver Identity Management. Then I will show you how you can create a simple report using SAP Busines Objects Crystal Reports (available as of Version 7.1 SP2) and also Jasper Reports (available also in Version 7.0).

    September 2009 1

  • How to Create Reports with SAP NetWeaver Identity Management

    2. Background Information With SAP NetWeaver Identity Management you can create reports using the information which is available in the Identity Center. Typically the creation of reports is done by using report templates. Two kinds of report templates can be used: ...

    1. SAP BusinessObjects Crystal Reports (as of SAP NetWeaver Identity Management 7.1 SP2)

    2. Jasper Reports (SAP NetWeaver Identity Management 7.0 and 7.1)

    Out of the box SAP delivers some sample reports, for example

    Entry report (Jasper and Crystal Reports) Line Manager Report (Jasper) Privilege Report (Jasper) Role Report (Jasper)

    You can use the report templates delivered with IdM, adapt them to your needs or create your own.

    Besides using report templates you could also create simple reports by using the toASCII pass in Identity Center and create text or HTML files according to your needs. This has the advantage that you can very quickly extract information from your Identity Center into a file. On the other hand you will most likely hit the limits when it comes to a nice and clean formatting of your reports. In this case you will probably start to go the route of creating a report template and use this for creating reports.

    In any case it is important to have a basic understanding of the Identity Center database schema since you are required to retrieve the information for your reports from the Identity Store. In Chapter 4 of this guide the most important database views and tables will be introduced. Then this guide lists frequently used database statements which should help you to satisfy the most important reporting needs.

    Important The database statements in this guide are for a Microsoft SQL Server database. In case you have a SAP NetWeaver Identity Management installation using an Oracle database you may need to adapt the statements accordingly. Nevertheless the general concepts are independent of the database platform you use.

    Chapter 6 will then give you step by step guides about how you can create reports

    a. using SAP BusinessObjects Crystal Reports

    b. using Jasper Reports and iReport

    c. using the toASCII pass in Identity Center

    When creating reports you have various options where to store the reports

    as binary attribute assigned to an entry type in the file system as report entry type (available as of version 7.1 SP2)

    Following documents will provide you further information:

    SAP NetWeaver Identity Management Operation Guide SAP NetWeaver Identity Management Generating Reports using Crystal Reports

    Besides this you will always get the latest information on SDN:

    http://www.sdn.sap.com/irj/sdn/nw-identitymanagement

    September 2009 2

  • How to Create Reports with SAP NetWeaver Identity Management

    3. Prerequisites You require the following version of SAP NetWeaver Identity Management for creating the examples in Chapter 6

    SAP NetWeaver Identity Management 7.0 (Jasper and ASCII only) SAP NetWeaver Identity Management 7.1 (all reporting possibilities as described)

    In addition you require

    For the example with SAP BusinessObjects Crystal Reports 2008 { SAP BusinessObjects Crystal Reports 2008

    For the example with Jasper Reports { Jasper 1.3.1 (you get the libraries through the iReports 1.3.1 download)

    { iReports 1.3.1 link at publication time of HowTo: http://sourceforge.net/project/showfiles.php?group_id=64348&package_id=64215

    If you require additional information about SAP NetWeaver Identity Management you will find this through the IdM homepage on SDN: https://www.sdn.sap.com/irj/sdn/nw-identitymanagement

    September 2009 3

  • How to Create Reports with SAP NetWeaver Identity Management

    4. Identity Center DB Important Views/Tables

    4.1 Table MXI_Attributes This table contains the attribute definitions for all identity stores.

    Important table columns:

    View Column Description

    Attr_ID Id of the attribute

    Attr_Name Name of the attribute

    IS_ID Id of the identity store where the attribute is defined in

    display_name Display name of the attribute (typically a language key)

    4.2 View MXIV_VALUES This view provides you access to the current values stored in the Identity Center. Using this view is the best performing way to access information inside the identity store but other views might be more convenient.

    Important view columns:

    View Column Description

    MSKEY MSKEY of the entry to which the attribute belongs to

    Attr_ID Id of the attribute

    aValue Value of the attribute

    SearchValue Search value of the attributes (indexed!)

    IS_ID Id of the identity store where the attribute is stored in

    AuditID Audit Id which caused the change of the attribute see also view MXV_AUDIT

    Modifytime Modification time of attribute value

    ExpiryTime Time when the attribute value expires (e.g. privilege assignment ValidTo)

    September 2009 4

  • How to Create Reports with SAP NetWeaver Identity Management

    4.3 View MXIV_SENTRIES This view provides you access to current entries and attributes stored in the Identity Center. Every attribute plus attribute value will be displayed as one row in the SQL query result.

    This view will only show active entries which attributes are not expired.

    Important view columns:

    View Column Description

    MSKEY MSKEY of the entry to which the attribute belongs to

    Attr_ID Id of the attribute

    AttrName Name of the attribute

    aValue Value of the attribute (dont use in a WHERE clause!)

    SearchValue Search value of the attributes (indexed!)

    display_name Display name of the attribute. This field typically contains the language key of the display name in the form of e.g. #LANG_KEY

    IS_ID Id of the identity store where the attribute is stored in.

    AuditID Audit Id which caused the change of the attribute see also view MXV_AUDIT

    ValueAuditId AuditId from where the change came from

    Modifytime Modification time of attribute value

    ExpiryTime Time when the attribute value expires (e.g. privilege assignment ValidTo)

    Tip This is the typical view to use when you like to retrieve current information about entries inside the identity store where the MSKEYVALUE of referenced entry types (e.g. roles) is not required

    Important Do not use aValue in the WHERE clause of a SQL statement or in joins, order by, . Always use SearchValue instead since it is indexed and therefore avoids performance problems.

    4.4 View MXIV_ALL_SENTRIES This view is similar to MXIV_SENTRIES but will display all entries, i.e. also inactive and expired entries/attributes.

    September 2009 5

  • How to Create Reports with SAP NetWeaver Identity Management

    4.5 View MXIV_OENTRIES This view provides you access to entries and attributes which have been changed/deleted from the Identity Center and have not been archived. Every attribute plus attribute value will be displayed as one row in the SQL query result.

    View Column Description

    OLD_ID Counter for entries in the view

    MSKEY MSKEY of the entry to which the attribute belongs to

    Attr_ID Id of the attribute

    AttrName Name of the attribute

    aValue Value of the attribute

    display_name Display name of the attribute. This field typically contains the language key of the display name in the form of e.g. #LANG_KEY

    IS_ID Id of the identity store where the attribute is stored in.

    AuditID Audit Id which caused the change/deletion of the attribute see also view MXV_AUDIT

    ValueAuditId AuditId from where the change came from

    CreateTime Creation time of attribute value

    Modifytime Modification time of attribute value

    Changetype Id for type of change

    Changename Name for type of change, e.g. DELETE

    ChangedBy Information about who last changed the attribute, e.g. of the user changing the attribute through the UI

    MultiValue Flag if attribute value belongs to a multi value attribute

    0: no multi value attribute 1: multi value attribute

    Tip This is the typical view to use when you like to retrieve historical information about entries.

    September 2009 6

  • How to Create Reports with SAP NetWeaver Identity Management

    4.6 View MXUV_ENTRIES Similar to the view MXIV_SENTRIES this view provides you access to entries and attributes stored in the Identity Center. Every attribute plus attribute value will be displayed as one row in the result.

    This view will only show active entries which attributes are not expired.

    This view differs from the view MXIV_ENTRIES in the respect that it provides extended information about the MSKEY, the attribute and the attribute value. Using this view you can for example directly retrieve the MSKEYVALUE of referenced entry types like for example the MSKEYVALUE of roles. In MXIV_ENTRIES only the MSKEY can be retrieved which is in many cases not sufficient.

    Important view columns:

    View Column Description

    MSKEY MSKEY of the entry to which the attribute belongs to

    ExtMSKEY Contains the MSKEYVALUE of the entry to which the attribute belongs to plus the MSKEY in the format:

    (), e.g. mxmc_admin (8)

    Attr_ID Id of the attribute

    AttrName Name of the attribute

    ExtAttribute Display name of the attribute. In case the display name is not filled it will give the attribute name

    This field typically contains the language key of the display name in the form of e.g. #LANG_KEY

    aValue Value of the attribute

    ExtValue For reference attributes: Contains the MSKEYVALUE of the referenced entry in the format:

    (), e.g. PRIV:ROLE:xyz (9)

    All other attributes: same as aValue

    SearchValue Search value of the attributes (indexed!)

    display_name Display name of the attribute. This field typically contains the language key of the display name in the form of e.g. #LANG_KEY

    IS_ID Id of the identity store where the attribute is stored in.

    AuditID Audit Id which caused the change of the attribute see also view MXV_AUDIT

    ValueAuditId AuditId from where the change came from

    Modifytime Modification time of attribute value

    Important Using this view might be time-consuming with a large amount of data (i.e. many rows in table MXI_VALUES)

    September 2009 7

  • How to Create Reports with SAP NetWeaver Identity Management

    4.7 View MXUV_ALL_SENTRIES This view is similar to MXUV_ENTRIES but will display all entries, i.e. also inactive and expired entries

    4.8 View MXUV_OENTRIES This view provides the same information about modified and deleted attributes as MXIV_OENTRIES plus additional information:

    ExtMSKEY ExtAttribute ExtValue

    4.9 View MXUV_ALL_OENTRIES This view provides the same information about modified and deleted attributes as MXIV_OENTRIES plus additional information: from MXIV_ALL_ENTRIES:

    ExtMSKEY ExtAttribute ExtValue

    The additional information is retrieved from MXIV_ALL_SENTRIES which is the difference from MX_UV_OENTRIES. (4.8)

    4.10 View MXV_AUDIT Whenever a new task hierarchy is started, a new AuditID is allocated, and a new audit record is created.

    This view provides information about the audit entries created during task execution.

    Important view columns:

    View Column Description

    AuditId Id of the audit entry (automatically created and unique)

    MSKey MSKEY of entry which is related to this audit entry

    AuditRoot Id of the audit entry which is the root of task executions, i.e. if one task leads to the execution of other tasks the audit entry of the child tasks will reference the root tasks audit entry in the AuditRoot

    In case there was no initiating task AuditRoot=AuditId

    userid Field that holds the user additional information like user MSKEY, operation, etc. For a detailed description please refer to the product documentation, e.g. available through the MMC via Help Help Topics or on http://help.sap.com

    IDSID Id of the identity store

    September 2009 8

  • How to Create Reports with SAP NetWeaver Identity Management

    4.11 View MXPV_Audit This view provides the same information as MXV_AUDIT but limits the result to the 100 most current entries in the audit.

    4.12 View MXPV_Ext_Audit This view provides extra audit information in case the option enable trace is activated for your identity Center configuration.

    Important view columns:

    View Column Description

    Aud_ref Reference to the audit record in MXV_AUDIT. There may be multiple extended audit records for one audit record in MXV_AUDIT

    Aud_approver Positive values are the MSKEY of the approver.

    Aud_OnEntry MSKEY o f the entry being executed

    Aud_datetime The records date and time

    4.13 View MXWV_ALL_APPROVALS This view gives you information about approvals which are currently in process or already finished.

    Important view columns:

    View Column Description

    MSKEY MSKEY of the entry which is to be approved

    IS_ID Id of the identity store where the approval task has been executed on

    TASKID Id of the approval task

    AUDITID Related Audit Id from MXV_AUDIT

    STATUS Approval status, e.g. APPROVED, DECLINED

    APPROVER MSKEY of the user who approved/declined

    REASON Reason for approving/declining the request

    ApproveTime Time, when the approval/decline was performed

    RefAudit Reference to audit entry which triggered current approval

    September 2009 9

  • How to Create Reports with SAP NetWeaver Identity Management

    4.14 View MXPV_OLD_APPROVALS This view gives you information about past approvals.

    Important view columns:

    View Column Description

    MSKEY MSKEY of the entry which is to be approved

    IS_ID Id of the identity store where the approval task has been executed on

    TASKID Id of the approval task

    AUDITID Related Audit Id from MXV_AUDIT

    STATUS Approval status, e.g. APPROVED, DECLINED

    APPROVER MSKEY of the user who approved/declined

    REASON Reason for approving/declining the request

    ApproveTime Time, when the approval/decline was performed

    4.15 View mcv_repository This view provides all repositories which are available in your Identity Center installation.

    Important view columns:

    View Column Description

    REP_ID Unique Id of the repository

    RepType Type of the repository, e.g. file, directory

    REP_NAME Name of the repository as displayed in the management node of the MMC

    REP_DESCRIPTION Description of the repository

    September 2009 10

  • How to Create Reports with SAP NetWeaver Identity Management

    4.16 Table mc_language_translations This table contains the translation information for texts which are to be displayed in a language dependent manner. If you require e.g. attribute descriptions in a specific language you can look this up using language key, language code and identity store.

    Important table columns:

    Table Column Description

    LangKey Unique language key per identity store.

    This key is for example returned in the display_name column of the view mxiv_entries. By reading the respective LangValue in the translation table the language dependent string can be retrieved

    LangCode Language code

    LangIdStore Number of the identity store for which the translation is relevant

    LangValue Language dependent value

    4.17 Comparison of Entry Views ViewName Attribute

    NamesInactiveEntries

    ExpiredAttributes

    Old/PastValues

    MSKEYVALUEofMSKEY

    MSKEYVALUEofreferencedentries

    MXIV_VALUES X X

    MXIV_SENTRIES X

    MXIV_ALL_SENTRIES X X X

    MXIV_OENTRIES X notrelevant notrelevant X

    MXUV_ENTRIES X X X

    MXUV_OENTRIES X notrelevant notrelevant X X X

    MXUV_ALL_SENTRIES X X X X* X

    MXUV_ALL_OENTRIES X notrelevant notrelevant X X* X

    *extendedinformationretrievedfromMXIV_ALL_SENTRIES

    September 2009 11

  • How to Create Reports with SAP NetWeaver Identity Management

    5. Typical SQL Statements This chapter contains typical SQL statements against the Identity Center database which fulfill typical reporting requirements.

    5.1 Entry type related SQL Queries -- get MSKEYVALUE of specific MSKEY SELECT aValue as AVALUE FROM MXIV_SENTRIES WHERE (MSKEY=) AND (AttrName = 'MSKEYVALUE') -- alternative to get MSKEYVALUE of specific MSKEY (better performance!) SELECT avalue FROM MXIV_VALUES WHERE MSKEY= AND Attr_ID=(SELECT Attr_ID FROM MXI_Attributes WHERE AttrName='MSKEYVALUE' AND IS_ID=) -- get DISPLAYNAME of specific MSKEY SELECT aValue FROM MXIV_SENTRIES WHERE (MSKEY = ) AND (AttrName = 'DISPLAYNAME') -- alternative to get DISPLAYNAME of specific MSKEY (better performance!) SELECT avalue FROM MXIV_VALUES WHERE MSKEY= AND Attr_ID=(SELECT Attr_ID FROM MXI_Attributes WHERE AttrName='DISPLAYNAME' AND IS_ID=) -- get MSKEYVALUE, DISPLAYNAME, identity store for specific mskey SELECT MXIV_SENTRIES.AttrName as ATTRNAME, MXIV_SENTRIES.MSKEY, MXIV_SENTRIES.aValue as AVALUE, MXIV_SENTRIES.IS_ID, MXI_IDStores.IdStoreName as IDSTORENAME FROM MXIV_SENTRIES INNER JOIN MXI_IDStores ON MXIV_SENTRIES.IS_ID = MXI_IDStores.IS_ID WHERE (MXIV_SENTRIES.MSKEY = ) AND (MXIV_SENTRIES.AttrName = 'MSKEYVALUE') OR (MXIV_SENTRIES.MSKEY = ) AND (MXIV_SENTRIES.AttrName = 'DISPLAYNAME') -- get attributes of a specific MSKEY at a defined point in the past select MSKEY, AttrName, aValue, ModifyTime, NULL AS CreateTime, NULL as changename from MXIV_SENTRIES where MSKEY= AND modifyTime < convert(datetime, '2009-04-22',110) UNION ALL select MSKEY, AttrName, aValue, ModifyTime, CreateTime, changename from mxiv_oentries where MSKEY= AND modifyTime > convert(datetime, '2009-04-21 23:59:59', 120) AND createTime < convert(datetime, '2009-04-22',110)

    September 2009 12

  • How to Create Reports with SAP NetWeaver Identity Management

    5.2 User-related SQL Queries -- get attributes and attribute values (except roles, privileges, audit flags) for specific user (MSKEY) SELECT display_name, ExtAttribute as [Attribute],extvalue as [Value], convert(varchar,modifytime,20) as [Modified],changename as [Operation] FROM mxuv_entries WHERE MSKEY = and attrname'mxref_mx_role' and attrname'mxref_mx_privilege' and attrname'mx_autoprivilege' and attrname'mx_audit_flags' -- get historical attributes and attribute values for specific user (MSKEY) SELECT ExtAttribute as [Attribute],Extvalue as [Value], convert(varchar,modifytime,20) as [Modified],changename as [Operation] FROM mxuv_oentries WHERE MSKEY = -- get historical values for a specific user (MSKEY) ordered by creation time SELECT OLD_ID, MSKEY, AttrName, aValue, CreateTime, Modifytime, ChangedBy, Changenumber, Changetype, Changename, ParentAuditId, ValueAuditId, IS_ID, Access_ID, display_name, MultiValue, ProvStatus, AuditID FROM MXIV_OENTRIES WHERE (MSKEY = ) ORDER BY CreateTime -- get assigned privileges for specific user (MSKEY) SELECT attrname as [Attribute],extvalue as [Value],convert(varchar,modifytime,20) as [Modified], changename as [Operation] FROM mxuv_entries WHERE MSKEY = and attrname IN ('mxref_mx_privilege','mx_autoprivilege') -- get assigned roles for specific user (MSKEY) SELECT extvalue as [Value],convert(varchar,modifytime,20) as [Modified], changename as [Operation] FROM mxuv_entries WHERE MSKEY = and attrname='mxref_mx_role' -- get all repositories where a specific user (MSKEY) is present SELECT SUBSTRING(AttrName,8, LEN(AttrName)) AS [Repository], aValue as [AccountId] FROM MXIV_SENTRIES WHERE mskey= and MXIV_SENTRIES.AttrName like 'ACCOUNT%' -- get all users with defined set of attributes SELECT MSKEY, AttrName, aValue FROM MXIV_SENTRIES WHERE (MSKEY IN (SELECT MSKEY FROM MXIV_SENTRIES WHERE AttrName = 'MX_ENTRYTYPE' AND SearchValue = 'MX_PERSON')) AND (AttrName IN ('MSKEYVALUE','DISPLAYNAME','MX_FIRSTNAME','MX_LASTNAME')) AND (IS_ID =) ORDER BY MSKEY -- line manager report: get all direct reports (mskey) for a specific manager mskey SELECT DISTINCT MSKEY FROM MXIV_SENTRIES WHERE (MSKEY IN (SELECT mskey FROM MXIV_SENTRIES WHERE attrname = 'MX_MANAGER' AND SearchValue = '')) ORDER BY MSKEY

    September 2009 13

  • How to Create Reports with SAP NetWeaver Identity Management

    5.3 Business Role-related SQL Queries -- get all business roles SELECT MSKEY, AttrName, aValue FROM MXIV_SENTRIES WHERE (MSKEY IN (SELECT MSKEY FROM MXIV_SENTRIES WHERE AttrName = 'MX_ENTRYTYPE' AND SearchValue = 'MX_ROLE')) AND (AttrName IN ('MSKEYVALUE', 'DISPLAYNAME')) AND (IS_ID =) ORDER BY MSKEY -- get role members for role with specific mskey SELECT extvalue as [Entry name],Convert(varchar,modifytime,20) as [Added] FROM mxuv_entries WHERE mskey= and attrname='MXREF_MX_ROLE'

    5.4 Privilege-related SQL Queries -- get all privileges SELECT MSKEY, AttrName, aValue FROM MXIV_SENTRIES WHERE (MSKEY IN (SELECT MSKEY FROM MXIV_SENTRIES WHERE AttrName = 'MX_ENTRYTYPE' AND SearchValue = 'MX_PRIVILEGE')) AND (AttrName IN ('MSKEYVALUE','DISPLAYNAME')) AND (IS_ID =1) ORDER BY MSKEY -- get direct members for privilege with specific mskey SELECT extmskey as [Entry name],Convert(varchar,modifytime,20) as [Added] FROM mxuv_entries WHERE (datatypeid = 5) and searchvalue=cast( as varchar) and attrname='MXREF_MX_PRIVILEGE' order by extmskey -- get properties for specific privilege (MSKEY) SELECT ExtAttribute as [Attribute],extvalue as [Value], convert(varchar,modifytime,20) as [Modified],changename as [Operation] FROM mxuv_entries WHERE MSKEY = and attrname'mxref_mx_role'

    5.5 Schema-related SQL Queries -- get attribute name based on attribute id SELECT AttrName FROM mxiv_allattributes WHERE ATTR_ID= -- get name of entry type based on entry type id SELECT OCNAME as "ocname" FROM mxiv_entrytypes WHERE ocid=

    September 2009 14

  • How to Create Reports with SAP NetWeaver Identity Management

    5.6 Audit-related SQL Queries -- get audit flags for specific mskey SELECT extvalue as [Value],convert(varchar,modifytime,20) as [Modified], changename as [Operation] FROM mxuv_entries WHERE MSKEY = and attrname='mx_audit_flags' -- get audit entries for specific mskey SELECT AuditID as [Audit ID],TaskName as [Task],Provision_status as [Status],convert(varchar,posteddate,20) as [Date],Userid as [User ID],MSG as [Message] FROM mxv_audit WHERE mskey=

    5.7 Repository-related SQL Queries -- get all repositories in the idm system select REP_NAME from mcv_repository ORDER BY REP_NAME

    5.8 Other SQL Queries

    5.8.1 Translations -- get language translations SELECT * from mc_language_translations

    5.8.2 Approvals -- get approver, status and reason for a finished approval with a specific audit id select approver, status, reason from mxpv_old_approval where AuditId= -- get information about any approval with a specific audit id SELECT * FROM MXWV_ALL_APPROVALS where auditid =

    September 2009 15

  • How to Create Reports with SAP NetWeaver Identity Management

    6. Reporting Possibilities (Examples) There are various possibilities how you can visualize the data which you retrieve from the Identity Center database. In this chapter I want to introduce the most prominent ones: ...

    1. SAP BusinessObjects Crystal Reports

    2. Jasper Reports and iReport

    3. Simple HTML using the toASCII pass

    6.1 SAP BusinessObjects Crystal Reports As of SAP NetWeaver Identity Management 7.1 SP2 you will have the possibility to design your reports using Crystal Reports and then use the report templates for creating reports.

    Important If you want to change the layout of the delivered reporting templates or if you want to create your custom reporting template you require a license for SAP BusinessObjects Crystal Reports.

    6.1.1 Setting up Database Connection to IdM In order to be able to design and also test your report properly you need to configure the connection to your Identity Center database. Typically you would use an IdM development system for this task.

    6.1.1.1 Create Blank Report

    September 2009 16

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.1.2 Create New Connection

    6.1.1.3 Create new JDBC Connection Open the tree for JDBC

    September 2009 17

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.1.4 Maintain Database Connection Parameters

    Parameter Value

    Connection URL Provide the JDBC connection URL, for example jdbc:sqlserver://myserver:1433;databasename=mxmc_db

    Database Classname Provide the JDBC driver class,. For Microsoft SQL Server 2005 this will be for example: com.microsoft.sqlserver.jdbc.SQLServerDriver

    Note In order to make the database driver available to Crystal Reports you need to adapt the Java classpath in the file CRConfig.xml which is typically located in the directory \Program Files\Business Objects\Common\4.0\java.

    September 2009 18

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.1.5 Maintain User and Database Information

    Parameter Value

    User ID Provide the database user which you defined for the runtime. By default this will be mxmc_rt

    Password Provide the password for the runtime user

    Database Select your Identity Center database

    September 2009 19

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.2 Creating a Report Template

    6.1.2.1 Create a New Command In the Database Expert expand your connection and double click Add Command

    6.1.2.2 Specify the Command A new window opens where you can type in or paste in a SQL statement which retrieves the information you want to display in your report. In addition you can specify parameters which you want to fill later on.

    In this example we want to create a report which shows all business roles and all privileges assigned to a specific user.

    The SQL command for this task is as follows:

    SELECT ExtMSKEY, AttrName, ExtValue FROM MXUV_ENTRIES WHERE MSKEY= AND AttrName IN ('MXREF_MX_PRIVILEGE','MX_AUTOPRIVILEGE','MX_AUTOROLE')

    September 2009 20

  • How to Create Reports with SAP NetWeaver Identity Management

    Click on Create

    6.1.2.3 Create a new Parameter In the pop-up maintain a new parameter with the name MSKEY, some Prompting Text and Value Type String

    Press OK

    Note If you want to pass more information from Identity Center to the report template you would need to create additional parameters here.

    September 2009 21

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.2.4 Add the Parameter to your SQL Statement Place your cursor after MSKEY= and double-click on MSKEY in the parameter list

    This will insert the parameter into your SQL statement in the form of {?MSKEY}

    Press OK to confirm.

    September 2009 22

  • How to Create Reports with SAP NetWeaver Identity Management

    In the next screen enter the MSKEY of the user you want to use for test purposes into the next screen and confirm:

    As next step you may want to rename the command. Just click twice on the name and change it:

    Now you can close the Database Expert by selecting OK

    September 2009 23

  • How to Create Reports with SAP NetWeaver Identity Management

    Note The Database Expert provides a very useful feature which enables you to join/link SQL commands. Once you have more than one command defined a new tab will be displayed called Links:

    6.1.2.5 Design your Report Now you can design your report by adding static text, images and the return values of your command.

    September 2009 24

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.2.6 Field Explorer You get access to the results of your command through the Field Explorer

    You can simply drag and drop items from the field explorer into your report.

    6.1.2.7 Add Information to your Report Here you see an example of a very simple layout with some static text and the information retrieved through the command:

    6.1.2.8 Preview your Report You can preview your report by selecting the Print Preview button in the toolbar:

    September 2009 25

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.2.9 Adding Sorting to your Report If you want to sort the information displayed in your report you can add a sorting rule using the Record Sort Expert

    In this example we will sort the data displayed in ascending order according to the AttrName returned by the command:

    September 2009 26

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.2.10 Result You will very quickly be able to see the result of your report design thanks to Crystal Reports:

    6.1.2.11 Dont Forget to Save By the way, dont forget to save your report since you will need the report template file later on.

    September 2009 27

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.3 Setting up the IdM Runtime

    6.1.3.1 Downloading Libraries for Crystal Reports The Crystal Reports Runtime Libraries are part of Crystal Reports for Eclipse and can be downloaded from http://www.sap.com/solutions/sapbusinessobjects/sme/reporting/eclipse/index.epx. You find further details in the Guide SAP NetWeaver Identity Management Identity Center Generating Reports using Crystal Reports

    Following libraries are required for the report generation:

    CrystalReportsRuntime.jar CrystalCommon2.jar JDBInterface.jar DatabaseConnectors.jar QueryBuilder.jar logging.jar log4j.jar keycodeDecoder.jar commons-configuration-1.2.jar commons-lang-2.1.jar commons-collections-3.1.jar icu4j.jar

    September 2009 28

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.3.2 Updating Classpath Settings of Runtime You have to update the Java classpath of your runtimes. You do this via Tools Options in the Identity Center Management Console on the Java tab.

    In case you have distributed dispatchers/runtimes you have to copy your dispatchers prop files to your these dispatchers.

    Alternatively you can also directly update the DSECLASSPATH property in all prop files in your distributed landscape.

    Important When using the Crystal Reports libraries you need to make sure that the j2ee.jar is not contained in your classpath. The j2ee.jar has been distributed until 7.1 SP1.

    September 2009 29

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.4 Provide Report Template to the IdM Runtime As a next step you now need to copy your report template to a folder on your machine which runs dispatcher and runtime.

    You first create a folder for your report; in this case we call it howto. Then you copy your report template (*.rpt file) into it.

    6.1.5 Setting up a Task for Report Creation For our custom report template generation task we will use the sample report which comes with SP2 as a starting point.

    As a first step you therefore need to import the sample report:

    September 2009 30

  • How to Create Reports with SAP NetWeaver Identity Management

    Select the file Create Report Sample_Task.mcc which is located in the subdirectory Templates\Reporting underneath your installation directory

    From here you will need click through the import wizard:

    Step 1:

    September 2009 31

  • How to Create Reports with SAP NetWeaver Identity Management

    Step 2:

    Step 3:

    September 2009 32

  • How to Create Reports with SAP NetWeaver Identity Management

    After the import you should see a task tree like the one below.

    Now please rename the task as well as the job and pass underneath:

    September 2009 33

  • How to Create Reports with SAP NetWeaver Identity Management

    The task for generating reports based on a Crystal Reports template uses references to repository constants. The repository is called Reporting. Please change the constants according to your configuration:

    DATABASEID: please put here the name of your Identity Center database DATASOURCE: please put here the JDBC connection string to your Identity Center database JDBCDRIVER: please put here the classname of your database driver for MS SQL Server

    2005 this would be com.microsoft.sqlserver.jdbc.SQLServerDriver

    USERID: database user id for the user reading the data from the Identity Center database typically this will be your _rt user (in a default installation mxmc_rt)

    PASSWORD: password of the database user REPORT_DIR: path to the directory which contains subdirectories with the report templates

    Note All parameters are explained in the documents Generating Reports using Crystal Reports as referenced already above.

    September 2009 34

  • How to Create Reports with SAP NetWeaver Identity Management

    In the next step you need to go to the Job constants underneath your new task and maintain the Job constants required for your job. These are:

    REPORT: name of your report template file (*.rpt) in my case HowTo.rpt SUBDIR: name of the subdirectory in the reports directory (as defined in the repository constant

    REPORT_DIR). In my case howto.

    September 2009 35

  • How to Create Reports with SAP NetWeaver Identity Management

    As a last configuration step, please maintain the access control for the task on the configuration tab Access control. In this case I only allowed my user mxmc_admin to access this task and execute it for anybody in the system.

    September 2009 36

  • How to Create Reports with SAP NetWeaver Identity Management

    Typically you are passing parameters to the report template as we do here with MSKEY:

    Note In case you have additional parameters which are used inside your report template you can extend the configuration here and pass values for your additional parameters.

    September 2009 37

  • How to Create Reports with SAP NetWeaver Identity Management

    6.1.6 Executing the Task Once you completed the task configuration you can go into your workflow UI and search for a specific user which you want to create the report for. Once you have selected a user you can press the button Choose Task .

    In the popup window you can now select the task you created in the previous step, in my case the task is called HowTo_Crystal. Then select Choose Task.

    September 2009 38

  • How to Create Reports with SAP NetWeaver Identity Management

    In the next step you will get the option to define a name for the report and then create the report by pressing Save.

    Note The texts for the buttons can be customized in the task configuration according to your needs.

    You will receive a message that the report generation task has been executed.

    Now you can browse to the tab View Reports. Here you will find the report which just has been generated. In order to be able to see the tab your user must be assigned to the privilege MX_PRIV:WD:TAB_REPORT.

    September 2009 39

  • How to Create Reports with SAP NetWeaver Identity Management

    When you click on the link in the Result column your report will open.

    September 2009 40

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2 Jasper Reports and iReport Jasper Reports is the reporting engine which has been used in former versions of SAP NetWeaver Identity Management. This functionality is still available with the latest release (7.1 SP2) and can be used especially if no license for a Crystal Reports Designer is available.

    For Jasper Reports there is a designer available which is called iReport. Using iReport gives you the possibility of changing the delivered report templates as well as creating your custom report templates in a kind of WYSIWYG manner.

    Important For Jasper Reports as well as iReport you need to make sure to use the old version 1.3.0 or 1.3.1 since SAP NetWeaver Identity Management is not compatible with newer versions of the Jasper API.

    6.2.1 Setting up Database Connection to IdM Start iReport and create a new database connection

    6.2.1.1 Create a new Connection/Data Source In the main menu select Data Connection/Date Sources

    In the popup select New

    September 2009 41

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.1.2 Maintain name of Connection and connection parameters Now maintain your database connection parameters in the next popup.

    Parameter Value

    Name Specify the name of your connection

    Type of Connection Set it to Database JDBC connection

    JDBC Driver Provide the JDBC driver class. For Microsoft SQL Server 2005 this will be for example: com.microsoft.sqlserver.jdbc.SQLServer

    JDBC URL Provide the JDBC connection URL, for example jdbc:sqlserver://myserver:1433;databasename=mxmc_db

    User Name Provide the database user which you defined for the runtime. By default this will be mxmc_rt

    Password Provide the password for the runtime user. For convenience reasons you may tick the box Save password. Only use this object if you are operating against a local development system.

    September 2009 42

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.1.3 Specify your Default Connection Select your Connection and press Set as Default

    6.2.2 Creating a Report Template Create a New Document

    Provide Report Details

    September 2009 43

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.2.1 Add a new Parameter Create a new parameter for MSKEY

    The parameter will be used as input for the database query defined later.

    Please tick the box for Use as Prompt. This will give you the possibility to specify the value interactively when testing your report.

    September 2009 44

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.2.2 Define the Database Query In the toolbar select the icon for Database

    In the next window specify your query.

    We use the same SQL query as for the Crystal Reports example:

    SELECT ExtMSKEY, AttrName, ExtValue FROM MXUV_ENTRIES WHERE MSKEY=$P{MSKEY} AND AttrName IN ('MXREF_MX_PRIVILEGE','MX_AUTOPRIVILEGE','MX_AUTOROLE') $P{MSKEY} defines in Jasper Reports the reference to the parameter

    September 2009 45

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.2.3 Library for Fields Similar to the Field Explorer in Crystal Reports iReport provides you with a library containing fields etc.

    You can use these also in a drag and drop manner in order to design your report

    6.2.2.4 Add Information to your Report Here you see an example of a very simple layout with some static text and the information retrieved through the database query:

    September 2009 46

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.2.5 Preview your Report You can preview your report by selecting the button Execute (with active connection) button in the iReport toolbar.

    As a next step you will be prompted to provide the value for your MSKEY parameter:

    Once this is defined you will get the preview of your report:

    September 2009 47

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.2.6 Dont Forget to Save By the way, dont forget to save your report since you will need the report template file later on.

    September 2009 48

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.3 Setting up the IdM Runtime

    6.2.3.1 Downloading Libraries (Jasper Reports, etc.) Your download of iReports 1.3.1 comes with all libraries you require for generating Jasper reports using SAP NetWeaver Identity Management. You find them in the lib\ subdirectory of your iRepaort installation.

    Following libraries are required for the report generation:

    jasperreports-1.3.1.jar itext-1.3.1.jar commons-collections-2.1.jar commons-logging-api-1.0.2.jar

    6.2.3.2 Updating Classpath Settings of Runtime You have to update the Java classpath of your runtimes. You do this via Tools Options in the Identity Center Management Console on the Java tab.

    In case you have distributed dispatchers/runtimes you have to copy your dispatchers prop files to your these dispatchers.

    Alternatively you can also directly update the DSECLASSPATH property in all prop files in your distributed landscape.

    September 2009 49

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.4 Provide Report Template to the IdM Runtime As a next step you now need to copy your report template to a folder on your machine which runs dispatcher and runtime.

    You first create a folder for your report; in this case we call it howto.

    Then create a subdirectory dist where you copy your *.jasper file into.

    September 2009 50

  • How to Create Reports with SAP NetWeaver Identity Management

    Then create a subdirectory template which holds your *.jrxml file.

    Note This step is optional but I consider this as best practice since you now have also the definition file of the report at the same location. You will need the *.jrxml file in case you want to modify your report later on.

    September 2009 51

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.5 Setting up a Task for Report Creation As a starting point for your custom Jasper report we use a standard report which is delivered with the product.

    Create a new task by right-clicking on a folder and then selecting New Action Task Run wizard

    Select Java-Generate MSSQL entry report from Templates Identity Center Provisioning Jasper reports.

    Note You could also select a different report. We just want to use a template as starting point.

    September 2009 52

  • How to Create Reports with SAP NetWeaver Identity Management

    You do not need to maintain a value for the job constant in the next step if you dont want to reuse this later on.

    Now finish the wizard.

    September 2009 53

  • How to Create Reports with SAP NetWeaver Identity Management

    As a next step you should change the name of the tasks like in this example:

    The final step of configuration is now to maintain the parameters and attributes of the pass which I named Generate RoleReport.

    You have to maintain following parameters:

    REPORT_DIR: point to the directory where your *.jasper file is stored REPORT_DIR: output directory of the report REPORT: give the name of your report template (*.jasper file without extension) here HowTo

    and following pass attributes:

    OUTPUT_TYPE: PDF MSKEY: this is the parameter used in the report for selecting the data. We pass here the

    MSKEY of the user for which we want to create the report

    TO_FILE_NAME: name of our report file without file extension

    September 2009 54

  • How to Create Reports with SAP NetWeaver Identity Management

    Here a list of important connector parameters which are available for the Jasper report generation:

    Parameter Description

    DATASOURCE Connection string to the database, typically %$ddm.identitycenter% will be used here

    REPORT_DIR Path to the jasper report file. By default the reports are stored in a subdirectory of %$ddm.path%\Reporting

    RESULT_DIR Directory where the result file will be stored. This parameter is not required if the report will be stored at an entry as defined with attribute TO_MSKEY

    REPORT Name of the report, i.e. name of the .jasper file without the file extension

    DEFAULT_LANGUAGE Default language of the report. If nothing is set the report will be generated in English.

    September 2009 55

  • How to Create Reports with SAP NetWeaver Identity Management

    Here a list of important pass attributes which are available for the Jasper report generation:

    Attribute Desccription

    OUTPUT_TYPE Output type of the report. Valid values are HTML and PDF. HTML is the default.

    MSKEY MSKEY of the entry to process. The name of the parameter depends on the name of the input parameter in your jasper report

    TO_MSKEY MSKEY of the entry where the report should be attached to. The report will be stored in the entry attribute MX_REPORT_RESULT.

    In case you do not run 7.1 SP2 you need to extend the schema for e.g. MX_PERSON to include the a binary attribute MX_REPORT_RESULT.

    TO_FILE_NAME Name of the target file without extension (the extension will be added automatically)

    The file will be put into the directory as defined in the pass parameter RESULT_DIR

    IMAGE_DIR This is a report parameter defining the company logo for the report used by most of the standard reports. This parameter will be used inside the Jasper report templates.

    SUBREPORT_DIR This is a report parameter defining the path to subreports used by most of the standard reports. This parameter will be used inside the Jasper report templates.

    In addition to above attributes any report parameter of your Jasper report can be filled here like MSKEY above.

    September 2009 56

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.6 Testing the Task You can now simply test the task by selecting Test provisioning task in the context menu.

    In the popup you define the MSKEYVALUE of the user you want to generate the report for

    In the Audit Log window you will see once the task has been finished successfully.

    Note If you maintain access control for this task you will also be able to launch it through the UI.

    September 2009 57

  • How to Create Reports with SAP NetWeaver Identity Management

    Then you can go to your result directory and check the generated pdf.

    This will give you information similar to this one:

    Note In case you want to attach the file to the MX_PERSON entry in the Identity Store you will need to maintain the attribute TO_MSKEY with the users MSKEY instead of defining a file name.

    September 2009 58

  • How to Create Reports with SAP NetWeaver Identity Management

    6.2.7 Adding a Jasper Report as Report entry in 7.1 SP2 With SAP NetWeaver Identity Management 7.1 SP2 extended reporting functionality is available.

    This comprises for example of

    A new entry type MX_REPORT A new task option Report task A new tab in the UI named View Reports which makes the MX_REPORT entries available

    In order to use this new functionality you need to change your task from before.

    Go to the Attributes tab and

    Select Entry type MX_PERSON Check the tick box for Report task Define a DISPLAYNAME, e.g. HowTo Test 7.1 SP2

    September 2009 59

  • How to Create Reports with SAP NetWeaver Identity Management

    Then go to your pass configuration and change

    MSKEY: %MX_REPORT_ENTRY% Note

    Once you select Report task on the task definition the entry you are working with will be MX_REPORT. The entry type MXREPORT will contain the users MSKEY in the attribute %MX_REPORT_ENTRY%

    TO_MSKEY: %MSKEY% - this will be the MSKEY of the generated report entry

    After defining access control on the task a user can now execute the task on an entry.

    September 2009 60

  • How to Create Reports with SAP NetWeaver Identity Management

    This will bring up a screen where in our case you can adapt the display name (since we defined this attribute in the attribute list as read/write attribute).

    When submitting the task the user will get a message.

    Note The success message as well as the text for the buttons can be customized on the Presentation tab of your task.

    September 2009 61

  • How to Create Reports with SAP NetWeaver Identity Management

    When you now switch to the View Reports tab in the workflow UI you will see a new report entry in the list which you can open from here.

    September 2009 62

  • How to Create Reports with SAP NetWeaver Identity Management

    6.3 Simple HTML with toASCII Pass Creating a simple HTML report is something which you can achieve by using the toASCII connector of the Identity Center. In this case you do not need any additional libraries. One example of an HTML report is the system report which is available with version 7.1 SP2.

    I will not dig into all details here since the procedure is pretty straightforward: ...

    1. define database queries which return the information you want to display in the report

    2. create a job or task which includes a toASCII pass that writes the information into a text file using HTML markup around.

    In order to have a look at the standard system report which comes with 7.1 SP2 proceed as follows:

    Create a new job using the job wizard:

    Then choose the System report job template which fits your database system:

    September 2009 63

  • How to Create Reports with SAP NetWeaver Identity Management

    Now provide the required connection and output information:

    Finish the job creation:

    September 2009 64

  • How to Create Reports with SAP NetWeaver Identity Management

    This will give you a job consisting of a set of passes as below which construct an HTML file containing the information which should be displayed:

    September 2009 65

  • www.sdn.sap.com/irj/sdn/howtoguides

    1. Business Scenario2. Background Information3. Prerequisites4. Identity Center DB Important Views/Tables4.1 Table MXI_Attributes4.2 View MXIV_VALUES4.3 View MXIV_SENTRIES4.4 View MXIV_ALL_SENTRIES4.5 View MXIV_OENTRIES4.6 View MXUV_ENTRIES4.7 View MXUV_ALL_SENTRIES4.8 View MXUV_OENTRIES4.9 View MXUV_ALL_OENTRIES4.10 View MXV_AUDIT4.11 View MXPV_Audit4.12 View MXPV_Ext_Audit4.13 View MXWV_ALL_APPROVALS4.14 View MXPV_OLD_APPROVALS4.15 View mcv_repository4.16 Table mc_language_translations4.17 Comparison of Entry Views

    5. Typical SQL Statements5.1 Entry type related SQL Queries5.2 User-related SQL Queries5.3 Business Role-related SQL Queries5.4 Privilege-related SQL Queries5.5 Schema-related SQL Queries5.6 Audit-related SQL Queries5.7 Repository-related SQL Queries5.8 Other SQL Queries5.8.1 Translations5.8.2 Approvals

    6. Reporting Possibilities (Examples)6.1 SAP BusinessObjects Crystal Reports6.1.1 Setting up Database Connection to IdM6.1.1.1 Create Blank Report6.1.1.2 Create New Connection6.1.1.3 Create new JDBC Connection6.1.1.4 Maintain Database Connection Parameters6.1.1.5 Maintain User and Database Information

    6.1.2 Creating a Report Template6.1.2.1 Create a New Command6.1.2.2 Specify the Command6.1.2.3 Create a new Parameter6.1.2.4 Add the Parameter to your SQL Statement6.1.2.5 Design your Report6.1.2.6 Field Explorer6.1.2.7 Add Information to your Report6.1.2.8 Preview your Report6.1.2.9 Adding Sorting to your Report6.1.2.10 Result6.1.2.11 Dont Forget to Save

    6.1.3 Setting up the IdM Runtime6.1.3.1 Downloading Libraries for Crystal Reports6.1.3.2 Updating Classpath Settings of Runtime

    6.1.4 Provide Report Template to the IdM Runtime6.1.5 Setting up a Task for Report Creation6.1.6 Executing the Task

    6.2 Jasper Reports and iReport6.2.1 Setting up Database Connection to IdM6.2.1.1 Create a new Connection/Data Source6.2.1.2 Maintain name of Connection and connection parameters6.2.1.3 Specify your Default Connection

    6.2.2 Creating a Report Template6.2.2.1 Add a new Parameter6.2.2.2 Define the Database Query6.2.2.3 Library for Fields6.2.2.4 Add Information to your Report6.2.2.5 Preview your Report6.2.2.6 Dont Forget to Save

    6.2.3 Setting up the IdM Runtime6.2.3.1 Downloading Libraries (Jasper Reports, etc.)6.2.3.2 Updating Classpath Settings of Runtime

    6.2.4 Provide Report Template to the IdM Runtime6.2.5 Setting up a Task for Report Creation6.2.6 Testing the Task6.2.7 Adding a Jasper Report as Report entry in 7.1 SP2

    6.3 Simple HTML with toASCII Pass