Click here to load reader

SAP Identity Management APIs

  • View
    136

  • Download
    2

Embed Size (px)

DESCRIPTION

SAP Identity Management API

Text of SAP Identity Management APIs

SAP NetWeaver Security and Identity Management

SAP Identity Management APIsDocument Version 1.20 December 2009

SAP AG Dietmar-Hopp-Allee 16 69190 Walldorf Germany T +49/18 05/34 34 24 F +49/18 05/34 34 20 www.sap.com SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, Copyright 2009 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. These materials are subject to change without notice. These Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBM Corporation in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. Disclaimer UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. Any Java Source Code delivered with this product is only to be used by SAPs Support Services and may not be modified or altered in any way. Some components of this product are based on Java. Any code change in these components may cause unpredictable and severe malfunctions and is therefore expressively prohibited, as is any decompilation of these components. materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

T ypographic ConventionsType Style Example Text Represents Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Cross-references to other documentation. Example text Emphasized words or phrases in body text, graphic titles, and table titles. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER.

IconsIcon Meaning Caution Example Note Recommendation Syntax

EXAMPLE TEXT

Example text

Example text

EXAMPLE TEXT

Contents1 IDENTITY MANAGEMENT ABAP APIS ........................................................................ 3 1.1 1.2 1.3 Purpose ................................................................................................................. 3 Integration ............................................................................................................. 3 Concepts ............................................................................................................... 3 1.3.1 BAPI Explorer ............................................................................................. 4 1.3.2 Business Object: USER............................................................................... 4 1.3.3 Authorization Assignments .......................................................................... 6 1.3.4 Role Assignment for IAM Administrator ....................................................... 7 APIs for User Administration Functions in ABAP .................................................... 7 1.4.1 BAPIs for User Enquiry................................................................................ 8 1.4.2 BAPI for Creating Users .............................................................................. 9 1.4.3 BAPI for Modifying Users .......................................................................... 11 1.4.4 BAPI for Deleting Users............................................................................. 12 1.4.5 BAPIs for Setting Passwords ..................................................................... 13 1.4.6 BAPIs for Locking and Unlocking Users..................................................... 14 1.4.7 BAPIs for Obtaining or Maintaining Company Information .......................... 15 1.4.8 BAPIs for Role Assignment ....................................................................... 16 1.4.9 BAPIs for Profile Assignment..................................................................... 18 Integration With Central User Administration ........................................................ 20 1.5.1 Recommendations .................................................................................... 20 1.5.2 Maintaining Attributes Globally or Locally .................................................. 20 1.5.3 Considerations When Using the IAM APIs for a CUA System Landscape ................................................................................................ 21 1.5.4 Considerations for User Administration Functions ...................................... 21 1.5.5 Considerations for Role and Profile Assignment Functions ........................ 23 Appendix ............................................................................................................. 23 1.6.1 Overview of IAM BAPIs and Function Modules .......................................... 24 1.6.2 Sample Parameters for BAPI_HELPVALUES_GET ................................... 25 1.6.3 Includes Used by IAM_API_TESTFRAME ................................................. 34

1.4

1.5

1.6

2

IDENTITY MANAGEMENT JAVA APIS ....................................................................... 35 2.1 2.2 2.3 2.4 2.5 2.6 Purpose ............................................................................................................... 35 Integration ........................................................................................................... 35 Features .............................................................................................................. 36 Constraints .......................................................................................................... 36 Prerequisites ....................................................................................................... 36 APIs for User Administration Functions in Java .................................................... 37 2.6.1 SPML-Specific Object IDs ......................................................................... 37 2.6.2 Reading the Schema ................................................................................. 38 2.6.3 Creating Objects ....................................................................................... 38 2.6.4 Modifying Objects...................................................................................... 41

2.6.5 2.6.6 2.6.7 2.6.8 2.6.9 2.7

Deleting Objects........................................................................................ 43 Changing or Resetting Passwords ............................................................. 44 Locking and Unlocking Users .................................................................... 45 Searching for Objects or Obtaining Attribute Values for Objects................. 46 Using Batch Functions .............................................................................. 47

Appendix: Schema Description ............................................................................ 50

Identity Management ABAP APIs Purpose

December 2009

Identity Management APIsPurposeAs part of the SAP identity management model, we provide a set of application programming interfaces (APIs) that can be used by identity and access management (IAM) vendors to manage SAP users and role assignments within their systems. The APIs exist for both ABAP and Java systems. The ABAP APIs are provided as Business Application Programming Interfaces (BAPIs). The Java APIs are provided with the user management engine (UME) interfaces. This documentation provides an overview of how to use the BAPIs and the Java APIs

Search related