Synchronization Editor - Object scope for SAPUser having UserType =Dialog (BAPILOGOND_USTYP)

Hi Satnam,

if the object filter takes too much time during sync because all objects have been full loaded before filtering is processing you have another option at workflow definition:

set a condition onto the "insert" method at "user" step in "Initial Synchronization" workflow like this: Other.BAPILOGOND_USTYP='A'

This will filter the users. Be aware all non-imported users are selected in the superset on the target system side during each synchronization, which costs runtime.

regrads,

   Tino

Hi Tino,

thank you for your suggestion. Your idea could work. In this case i have to implement such condition in OneIM side for other mapping like SapUserInSAPRole etc. to avoid sync Insert exceptions. It's not even possible to add a virtual property to get Ident_UserType in other mapping on SAP side.

regards,

Satnam

You are right, the solution it would generate errors when matching the M:N relations (role, group, profile, parameter).
There is another solution to filter the user list from SAP via permissions of the used SAP user for synchronization. It can be found in the documentation here:
https://support.oneidentity.com/de-de/technical-documents/identity-manager/9.1/administration-guide-for-connecting-to-sap-r3/7#TOPIC-1875993  .
If the SAP user used to establish the connection with SAP for synchronization (sync user) has explicit permissions on the authorization object "S_USER_GRP", then only those SAP accounts will be delivered that match one of the "CLASS" entries. If you make sure that the SAP accounts that are not of the "Dialog" type have a CLASS entry that the sync user does not have, the SAP connector will filter out the unauthorized users in all lists. Possibly the customer already has such an authorization constellation and you only have to restrict the sync user accordingly.

regrads,

   Tino

Thank you Tino. Your suggestion to add condition Other.BAPILOGOND_USTYP='A' in workflow works.