Skip to Content
author's profile photo Former Member
Former Member

How does the HCM integration really works?

Hi all

This is the first time I am setting up HCM integration in IDM and I need your advice. So far, I have installed the main identity store. The MX_PERSON is populated by the company ldap. The ABAP and JAVA initial load has been run which brought in the R/3 and java roles from the ECC and EP systems and then mapped to the MX_PERSON. I have also installed the HCM_Staging_Area and the VDS

I am hoping to bring in the positions from the ECC HCM and have followed the "Identity Management for SAP System Landscapes: Configuration Guide". After I run the program RPLDAP_EXTRACT_IDM and bring in one single employee as a test, I got the following error on the job "Write HCM Employee To SAP Master":

Exception from Add operation:com.sap.idm.ic.ToPassException: ToIDStore.addEntry failed storing entry 'MX_PERSON'. IDStore returned error message: " Entry type missing for entry:null" when validating entry

Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed updating entry 'MX_PERSON'. IDStore returned error message: "Entry does not exist" when fetching entry

Here is the data according to the log(I put the XXXX to mask out the data):

P0105-SYHR_A_P0105_AF_SYSUNAME [19000101-99991231]XXXX

P0002-SOURCE_SYSTEM [19000101-99991231]TRNCLNT800

MX_ENTRYTYPE MX_HCM_EMPLOYEE

hashedPassword ********************************

encryptedPassword ************************************************************

MX_ENTRY_REFERENCE

P0001-TEXT_P0001_PLANS [19000101-99991231]XXXXX|[19000101-99991231]XXXXX

MSKEY 12386

MSKEYVALUE T90CLNT090 XXXXXX

The data itself looks good to me. I have been trying to follow SAP's javascripts and it is frustrating to follow other people's code. I guess I am confused about the following:

1) When VDS sends the data to IDM, does it go into the HCM_Staging_Area first and write into the MX_HCM_EMPLOYEE? I tried to change the UI to the HCM_Staging_Area and saw no data. What does the VDS do exactly as I don't see any error in the operation tab in VDS?

2) In the pass "Write HCM Employee To SAP Master", should the job write the position data to MX_PERSON in HCM_Staging_Area or the real identity store?

3) The position seems to be written into attribute MX_FS_POSITION_ID. We are trying to replace the classic OM role provisiong using pfud. In IDM, how do you map it to a role/privilege so that we can provision the r/3 or portal roles back?

Your help is much appreciated.

Thanks,

Jonathan.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Apr 02, 2013 at 10:31 AM

    Hi Jonathan,

    in answer to the questions

    1) - yes it should got to the staging area. When you configure the VDS for this scenario you have to enter an idstore value in this config which should point to the HCM staging area Identity Store

    2) the data is passed from the HCM Staging area to the main Identity Store (to the MX_PERSON

    entry)

    3) there is no straight mapping of OM in the HCM system to the IDM application. You will need to plan/implement this using business roles and groups (also see dynamic groups).

    Hope it helps to clarify.

    Chris

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thank you Chris for the feedback.

      I following the doc and change the mskeyvalue of the "write HCM employee to SAP" pass to $FUNCTION.sap_getSysUname(%P0105-SYHR_A_P0105_AF_SYSUNAME%)$$. That turns out to be a problem because when I traced the javascript, it fully expects the pernr to be there. Othewise, it returns an empty string. I put the vanilla function argument and it works.


  • Posted on Apr 10, 2013 at 05:02 AM

    Hi Jonathan,

    Did you get past this issue.

    As Chris mentioned, the data will flow from HCM into the Staging Area of the Identity Centre via VDS. If you have maintained the events for MX_HCM_EMPLOYEE, the pass "Write HCM Employee To SAP Master" will push the position data into the respective attributes of the Entry Type MX_PERSON belonging to the Productive Identity Store.

    Under Global Constants, have you checked if SAP_MASTER_IDS_ID & HR_STAGING_AREA_IDS_ID are maintained properly.

    Cheers,

    Murali

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Sep 05, 2013 at 09:37 AM

    Hi Experts,

    I'm also getting the same error for "Write HCM Employee To SAP Master" for one per nr. Its working fine for other per nr.

    What should be the MSKEYVALUE for the pass.

    It was initially set to "$FUNCTION.sap_getSysUname(%P0105-SYHR_A_P0105_AF_SYSUNAME%)$$"

    I faced one issue about validity date of users not being set and changed it to "$FUNCTION.sap_cutDate(%P0105-SYHR_A_P0105_AF_SYSUNAME%)$$"

    Now which one is the correct function to use?

    Kind regards,

    Jaisuryan

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.