Introduction
SAP systems are usually installed in large corporates. Some people can have twins or somebody can make a mistake and the user can have two or more logins. How can we find these duplicates when the database is large? If you use the CUA, and CUA is not integrated with LDAP, this program is for you. I have created this program to help myself in my work.
First version, published here, was capable only search, create users, assign only one role. Now I added manipulation with user's roles.
Using the Code
There do exist some prerequisites, which need to be fulfilled, before you are to install this program:
- Need to install .NET 3.0, usually this is already installed in PCs, begin with WinXp.
- Need to install SAPGUI7.xx (this is the SAP's presentation service for SAP's backend systems).
In the program, use the following BAPI functions:
- "
BAPI_USER_GETLIST"
- "
BAPI_USER_GET_DETAIL"
- "
BAPI_USER_CREATE1"
- "
BAPI_USER_CHANGE"
- "
BAPI_USER_UNLOCK"
- "
BAPI_USER_LOCK"
- "
RFC_READ_TABLE"
Import/Export parameters to the Bapi functions can be obtained by using the transaction BAPI in SAP or exploring the function module, in sapgui type SE37 -> type function module name. Here is an example of how can you lock the user:
public bool sapLockUser(string sUserLogin)
{
bool bOk = true;
if (sUserLogin == "") return false;
SAPFunctionsOCX.Parameter pUserName =
(SAPFunctionsOCX.Parameter)m_iBAPI_USER_LOCK.get_Exports("USERNAME");
((SAPFunctionsOCX.Parameter)pUserName).Value = sUserLogin;
bOk = m_iBAPI_USER_LOCK.Call();
if (bOk)
{
SAPTableFactoryCtrl.Tables tTables =
(SAPTableFactoryCtrl.Tables)m_iBAPI_USER_LOCK.Tables;
showReturn(ref tTables);
}
return bOk;
}
If you get a search in database, you need to make a range area, where searching. In LDAP used construction Reverse Polish notation(from right to left). You can add your own constructions in the search statement.
(&(cn=?)(objectCategory=person)(mail=*)(userAccountControl=512))
In SAP's function modules used another techniques, where you need to fill SELECTION_EXP structure. You can find how to fill it in the help in transaction BAPI, or in the SAP's document: SAP Identity Management APIs.
If import parameter in function module is a table, as in case of SELECTION_EXP, you need to use wrapper function, because of marshalling error in C# interop and SAP's Com object. There are many ways to workaround, as you can see in the blog of Lim Bio Liong. Here, the wrapper function is used.
SAPTableFactoryCtrl.Table oSELECTION_EXP =
(SAPTableFactoryCtrl.Table)tTables["SELECTION_EXP"];
int icntCol = oSELECTION_EXP.ColumnCount;
int icntRow = oSELECTION_EXP.RowCount;
icntRow = oSELECTION_EXP.RowCount;
sSapLogin = null;
try
{
oRowSetVal oRowSet = new oRowSetVal();
object oRow = ((SAPTableFactoryCtrl.Rows)oSELECTION_EXP.Rows).Add(null);
oRowSet.SetVal(ref oRow, "LOGOP", "AND");
oRowSet.SetVal(ref oRow, "ARITY", "1");
oRow = ((SAPTableFactoryCtrl.Rows)oSELECTION_EXP.Rows).Add(null);
oRowSet.SetVal(ref oRow, "PARAMETER", "USERNAME");
oRowSet.SetVal(ref oRow, "OPTION", "CP");
oRowSet.SetVal(ref oRow, "LOW", sapTemplateLogin.ToUpper());
}
In the wrapper dll I added new function: SetDateTime.
Now idl description looks like:
interface IoRowSetVal : IDispatch{
[id(1), helpstring("method SetVal")] HRESULT SetVal([in,out] VARIANT* pvRow, [in] BSTR vsColumn, [in] BSTR vsValue);
[id(2), helpstring("method SetDateTime")] HRESULT SetDateTime([in,out] VARIANT* pvRow, [in] BSTR vsColumn, [in] VARIANT vVal);
};
Structure of the data in the program
First of all, I am to tell, that most program possibilities are determines by the data structure. The structure of the data in program looks like:
Around this structure the user interface created, to solve some everyday tasks.
How this work from user's view
- First, you need to fill config tab with initial parameters as here:
First time this tab hidden. To get it you need to unhide using the system menu:
- When you filled the config tab, you can work with program from face tab:
-The searching words can be typed in 'Last First Name' or in 'SAP User Login' fields. If logins found in SAP, they can be viewed in Temporary ListBox. If checkBox 'with roles' selected, then all roles assigned to user loaded too. Logins may be memorized in Memory list Box; because of Temporary list Box cleared each search process. Press 'Enter' to start searching: it is the same as press 'Search' button. To search Company, you can type part company name in the Company ComboBox and press 'Enter' in the keyboard.
- I must tell that all manipulation with users and roles in memory and only two buttons change the content of user in SAP: yellow 'Change/Create' on face tab and yellow 'Save User in CUA' in tab Roles, and checkBox 'Blocked' change the status user's login: blocked/not blocked!
- When you find logins, you can switch to tabRoles tab to view roles or compare users roles:
Roles can be deleted, added or changed here(saved in SAP only when press button 'Save User in CUA'!)
- Some times I need to compare roles with different users:
If roles copyed between users, you can save selected user with new set of roles.
I hope that somebody this utility may be useful.
Points of Interest
Earlier, I was an administrator in Windows system and have some experience in programming C, C++, basic.
History
- 20.11.2011: First version published
- 04.05.2012: 1.1.8 version published
- 17.05.2012: 1.1.10 ver.(minor changes)
- 24.05.2012: 1.1.11 (minor correction in compare user's roles tab)
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin