Connectors and Connections > Data Ingestion and Replication connection properties > SAP ODP Extractor connection properties

SAP ODP Extractor connection properties

Create an SAP ODP Extractor connection to securely read data from SAP ODP objects.

You can use an SAP ODP Extractor connection to read data from the following applications:

•SAP S/4HANA
•ECC
•Applications enabled with Operational Data Provisioning (ODP)
•Applications enabled with Operational Delta Queue (ODQ)

Prerequisites

Before you use an SAP ODP Extractor connection, the SAP administrator needs to perform certain prerequisite tasks to configure the Secure Agent machine and SAP system.

To process SAP ODP data, you also need to verify if the required licenses are enabled for the SAP system.

Verify the required SAP Notes in the SAP server

To read data from the SAP ODP objects, you need to verify that the required SAP Notes are available in the SAP server.

•1931427 - ODP Data Replication API 2.0
•2232584 - Release of SAP extractors for ODP replication (ODP SAPI)

SAP ODP Extractor Connector uses the ODP Replication APIs version 2.0 when you read data from SAP ODP objects.

Download and configure the SAP libraries

To read data from SAP ODP objects, you need to download and configure the SAP JCo libraries on the Secure Agent machine. If you encounter any issues while you download libraries, contact SAP Customer Support.

1Go to the SAP Support Portal, and then click Software Downloads.

Note: You need to have SAP credentials to access Software Downloads from the SAP Support Portal.

2Download the latest version of the 64-bit SAP JCo libraries based on the operating system on which the Secure Agent runs.

Operating System	SAP JCo Libraries
Windows	- sapjco3.jar - sapjco3.dll
Linux	- sapjco3.jar - libsapjco3.so

3Copy the JCo libraries to the following directory:

<Informatica Secure Agent installation directory>\apps\Data_Integration_Server\ext\deploy_to_main\bin\rdtm-extra\tpl\sap

Create the deploy_to_main\bin\rdtm-extra\tpl\sap directory if it does not already exist.

4Log in to Informatica Intelligent Cloud Services and configure the JAVA_LIBS property for the Secure Agent.

aSelect Administrator > Runtime Environments.
bClick Runtime Environments to access the Runtime Environments page.
cTo the left of the agent name, click Edit Secure Agent.
dFrom the Service list, select Data Integration Server.
eFrom the Type list, select Tomcat JRE.
fEnter the JAVA_LIBS value based on the operating system on which the Secure Agent runs.

Operating System	Value
Windows	..\bin\rdtm-extra\tpl\sap\sapjco3.jar;..\bin\rdtm\javalib\sap\sap-adapter-common.jar
Linux	../bin/rdtm-extra/tpl/sap/sapjco3.jar:../bin/rdtm/javalib/sap/sap-adapter-common.jar

Warning: If you copy the value directly from the table, the hyphens (-) in the value might be incorrectly copied. Copy the value to a text editor and make sure that the value you copied is not corrupted.

The configured JAVA_LIBS property for the Secure Agent.

gClick Save.

5After you save the JAVA_LIBS value, configure the JVMClassPath property for the Secure Agent.

aFrom the Service list, select Data Integration Server.
bFrom the Type list, select DTM.
cEnter the JVMClassPath value based on the operating system on which the Secure Agent runs.

Operating System	Value
Windows	pmserversdk.jar;..\..\bin\rdtm-extra\tpl\sap\sapjco3.jar;..\..\bin\rdtm\javalib\sap\sap-adapter-common.jar
Linux	pmserversdk.jar:../../bin/rdtm-extra/tpl/sap/sapjco3.jar:../../bin/rdtm/javalib/sap/sap-adapter-common.jar

The configured JVMClassPath property for the Secure Agent.

dClick Save.
eRepeat steps 2 through 5 on every machine where you installed the Secure Agent.

6Restart the Secure Agent.

Configure SAP user authorization

Configure the SAP user account in the SAP system to process SAP ODP data.

For more information about how to configure SAP user authorization in the SAP system, see SAP user authorizations.

The following table describes the required authorization to read from SAP ODP objects:

Read Object Name	Authorization Values	Value	Activity	Design Time/Run Time
S_RFC	RFC_TYPE - Function Group(FUGR)	SYST	16	Both
	RFC_TYPE - Function Module(FUGR)	RFC1	16	Both
	RFC_TYPE - Function Module(FUNC)	RFCPING	16	Both
	RFC_TYPE - Function Group(FUGR)	RFC_METADATA	16	Both
	RFC_TYPE - Function Module(FUNC)	RFC_METADATA_GET	16	Both
	RFC_TYPE - Function Module(FUNC)	RFC_GET_FUNCTION_INTERFACE	16	Both
	RFC_TYPE - Function Module(FUNC)	RODPS_REPL_CONTEXT_GET_LIST	16	Both
	RFC_TYPE - Function Module(FUNC)	RODPS_REPL_ODP_GET_DETAIL	16	Both
	RFC_TYPE - Function Module(FUNC)	RODPS_REPL_ODP_GET_LIST	16	Both
	RFC_TYPE - Function Module(FUNC)	RODPS_REPL_ODP_OPEN	16	Both
	RFC_TYPE - Function Module(FUNC)	RODPS_REPL_ODP_CLOSE	16	Both
	RFC_TYPE - Function Module(FUNC)	/INFADI/ODP_FETCH_XML	16	Run Time
	RFC_TYPE - Function Module(FUNC)	RODPS_REPL_ODP_FETCH	16	Run Time
	RFC_TYPE - Function Module(FUNC)	RODPS_REPL_ODP_FETCH_XML	16	Run Time
	RFC_TYPE - Function Module(FUNC)	DDIF_FIELDINFO_GET	16	Both
S_BTCH_ADM	FIELD NAME - BTCADMIN	Y	N/A	Both
S_BTCH_JOB	FIELD NAME - JOBACTION	RELE	RELE(Release Jobs)	Both
S_BTCH_JOB	FIELD NAME - JOBGROUP	' '	N/A	Both
S_RS_ODP_H	FIELD NAME - RSODPHNAME	*	3	Both
S_RS_ODP_H	FIELD NAME - RSODPHPKG	*	3	Both
S_RO_OSOA	FIELD NAME - OLTPSOURCE	*	3	Both
	FIELD NAME - OSOAAPCO	*	3	Both
	FIELD NAME - OSOAPART	Data, Definition	3	Both
S_RS_HYBR	FIELD NAME - RSHYBRPROV	'*'	3	Both
S_RS_HYBR	FIELD NAME - RSHYBRPROJ	Definition	3	Both
S_RS_ICUBE	FIELD NAME - OLTPSOURCE	*	3	Both
	FIELD NAME - OSOAAPCO	*	3	Both
	FIELD NAME - OSOAPART	Data, Definition	3	Both
S_RS_IOMAD	FIELD NAME - RSINFOAREA	*	3	Both
	FIELD NAME - RSAPPLNM	*	3	Both
	FIELD NAME - RSIOBJNM	*	3	Both
S_RS_MPRO	FIELD NAME - RSINFOAREA	*	3	Both
	FIELD NAME - RSMPRO	*	3	Both
	FIELD NAME - RSMPROOBJ	Data	3	Both
S_RS_ODSO	FIELD NAME - RSINFOAREA	*	3	Both
	FIELD NAME - RSODSOBJ	*	3	Both
	FIELD NAME - RSODSPART	Data	3	Both
S_ADMI_FCD	FIELDNAME - S_ADMI_FCD	PADM	N/A	Both

Configure the Secure Network Communication protocol

To use the SAP ODP Extractor connection with the Secure Network Communication (SNC) protocol, you need to configure the SNC protocol on both the SAP server and Secure Agent machine.

To create a connection with the SNC protocol, use the application server SNC connection and load balancing server SNC connection.

For more information about the prerequisites and steps to configure an SAP SNC connection, see Configure the SAP Secure Network Communication protocol Informatica How-To Library article.

Connect to SAP ODP

Let's configure the SAP ODP Extractor connection properties to connect to SAP ODP objects.

Before you begin

Before you get started, you'll need to configure the Secure Agent machine and SAP system to establish an SAP ODP Extractor connection.

Check out Prerequisites to learn more about these tasks.

Connection details

The following table describes the basic connection properties:

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	SAP ODP Extractor
Runtime Environment	The name of the runtime environment where you want to run tasks to access SAP S/4HANA or SAP ECC.

SAP server connection types

You can configure application server, application server SNC, load balancing server, and load balancing server SNC connection types to access SAP ODP.

Select the required connection type and then configure the connection-specific parameters.

Application server connection

Application server connection is the default type which requires your SAP client details.

The following table describes the basic connection properties for an application server connection:

Connection property	Description
SAP Client Number	The client number of the SAP application server. Get the required client number from the SAP system to which you want to connect.
SAP Language	Language code that corresponds to the SAP language. Get the required language code from the SAP system to which you want to connect.
SAP Application Server	The host name of the SAP application Server.
SAP System Number	The system number of the SAP application server to connect. Get the required system number from the SAP system to which you want to connect.
SAP Username	The user name with the appropriate user authorization to connect to the SAP account.
SAP Password	The password to connect to the SAP account.
Subscriber Name	A name that defines the Secure Agent as a unique subscriber in the SAP system. SAP uses this name to define unique operational delta queue (ODQ) in case of delta read from ODP.

Application server SNC connection

Application server SNC connection requires the Secure Agent PSE certificate name, SAP server PSE certificate name, and path to the X509 certificate file along with your SAP client details.

The following table describes the basic connection properties for an application server SNC connection:

Connection property	Description
SAP Client Number	The client number of the SAP application server. Get the required client number from the SAP system to which you want to connect.
SAP Language	Language code that corresponds to the SAP language. Get the required language code from the SAP system to which you want to connect.
SAP Application Server	The host name of the SAP application Server.
SAP System Number	The system number of the SAP application server to connect. Get the required system number from the SAP system to which you want to connect.
SNC My Name	The agent Personal Security Environment (PSE) or certificate name generated for the Secure Agent. Default length is 256.
SNC Partner Name	The server PSE or certificate name generated on the SAP server. Default length is 256.
SNC Quality of Protection (QoP)	The level of protection applied to a communication path when you create an SAP SNC connection. Select one of the following options from the list: - 1 - Apply authentication only - 2 - Apply authentication and integrity protection - 3 - Apply authentication, integrity, and privacy protection (encryption) - 8 - Apply global default protection (usually 3) - 9 - Apply the maximum protection Default is 3 - Apply authentication, integrity, and privacy protection (encryption).
Use X509 Certificate	Method of logging in. Select Use X509 Certificate to log in with SNC encryption that uses the X.509 certificate. If you don't select this option, you need to enter your SAP user name in the X509 Certificate Path or SAP Username property. Default is disabled.
X509 Certificate Path or SAP Username	The path and file name of the X509 certificate file. If the X509 certificate file name is abc.crt and the path is \root\<folder name>, enter both the path and file name in the following format: \root\<folder name>\abc.crt If you select to use the X509 certificate, you don't need to enter the SAP user name. If you don't want to use the X509 certificate, enter the SAP user name for which SNC is configured in the SAP server.
Subscriber Name	A name that defines the Secure Agent as a unique subscriber in the SAP system. SAP uses this name to define unique operational delta queue (ODQ) when the Secure Agent reads delta data from ODP.

The following table describes the advanced connection properties for application server SNC connection:

Property	Description
SAP Cryptographic Library Path	The path and file name of the SAP cryptographic library. Enter both the path and file name in the following format based on the operating system on which the Secure Agent runs: - On Windows: \root\<folder name>\sapcrypto.dll - On Linux: /root/<folder name>/libsapcrypto.so

Load balancing server connection

Create a load balancing server connection when you want to connect to the SAP system with the least load at run time.

Load balancing server connection requires your SAP client details and message server group name.

The following table describes the basic connection properties for a load balancing server connection:

Connection property	Description
SAP Client Number	The client number of the SAP message server. Get the required client number from the SAP system to which you want to connect.
SAP Language	Language code that corresponds to the SAP language. Get the required language code from the SAP system to which you want to connect.
SAP Message Server	The host name of the SAP message server.
SAP System ID	The system ID of the SAP message server. Get the required system ID from the SAP system to which you want to connect.
SAP Group	The name of the SAP logon group through which you want to connect. For example, PUBLIC.
SAP Username	The user name with the appropriate user authorization to connect to the SAP account.
SAP Password	The password to connect to the SAP account.
Subscriber Name	A name that defines the Secure Agent as a unique subscriber in the SAP system. SAP uses this name to define unique operational delta queue (ODQ) when you read delta data from ODP.

Load balancing server SNC connection

Create a load balancing server SNC connection when you want to connect to the SAP system using the (SNC) protocol with the least load at run time.

Load balancing server SNC connection requires the Secure Agent PSE certificate name, SAP server PSE certificate name, and path to the X509 certificate file along with your SAP client details and message server group name.

The following table describes the basic connection properties for a load balancing server SNC connection:

Connection property	Description
SAP Client Number	The client number of the SAP message server. Get the required client number from the SAP system to which you want to connect.
SAP Language	Language code that corresponds to the SAP language. Get the required language code from the SAP system to which you want to connect.
SAP Message Server	The host name of the SAP message server.
SAP System ID	The system ID of the SAP message server. Get the required system ID from the SAP system to which you want to connect.
SAP Group	The name of the SAP logon group through which you want to connect. For example, PUBLIC.
SNC My Name	The agent PSE or certificate name generated for the Secure Agent. Default length is 256.
SNC Partner Name	The server PSE or certificate name generated on the SAP server. Default length is 256.
SNC Quality of Protection (QoP)	The level of protection applied to a communication path when you create an SAP SNC connection. Select one of the following options from the list: - 1 - Apply authentication only - 2 - Apply authentication and integrity protection - 3 - Apply authentication, integrity, and privacy protection (encryption) - 8 - Apply global default protection (usually 3) - 9 - Apply the maximum protection Default is 3 - Apply authentication, integrity, and privacy protection (encryption).
Use X509 Certificate	Method of logging in. Select Use X509 Certificate to log in with SNC encryption that uses the X.509 certificate. If you don't select this option, you need to enter your SAP user name in the X509 Certificate Path or SAP Username property. Default is disabled.
X509 Certificate Path or SAP Username	The path and file name of the X509 certificate file. If the X509 certificate file name is abc.crt and the path is \root\<folder name>, enter both the path and file name in the following format: \root\<folder name>\abc.crt If you select to use the X509 certificate, you don't need to enter the SAP user name. If you don't want to use the X509 certificate, enter the SAP user name for which SNC is configured in the SAP server.
Subscriber Name	A name that defines the Secure Agent as a unique subscriber in the SAP system. SAP uses this name to define unique operational delta queue (ODQ) when you read delta data from ODP.

The following table describes the advanced connection properties for load balancing server SNC connection:

Property	Description
SAP Cryptographic Library Path	The path and file name of the SAP cryptographic library. Enter both the path and file name in the following format based on the operating system on which the Secure Agent runs: - On Windows: \root\<folder name>\sapcrypto.dll - On Linux: /root/<folder name>/libsapcrypto.so

Advanced settings

The following table describes the advanced connection properties:

Property	Description
Additional Parameters	Additional SAP parameters that you can use when you connect to the SAP system. You can enter multiple additional parameters, separated by semicolon, in the following format: <parameter name1>=<value1>;<parameter name2>=<value2>;<parameter name3>=<value3>.... For example, to generate SAP JCo and SAP CPIC trace files, enter the following additional parameters: jco.client.trace="1";jco.client.cpic_trace="3"; During the run time, the SAP JCo and SAP CPIC trace files are generated in the following location: <Informatica Secure Agent installation directory>\apps\Data_Integration_Server\<DIS version>\ICS\main\bin\rdtm During the design time, the SAP CPIC traces are generated in the tomcat.out files at the following location: <Informatica Secure Agent installation directory>\apps\Data_Integration_Server\<DIS version>tomcat.out
Display Delta Fields	Specifies whether the mapping displays the operation modes that caused the changed data on ODP sources. When enabled, the mapping generates the ODQ_CHANGEMODE and ODQ_ENTITYCNTR fields on the Fields tab for ODP sources that are enabled with Operational Delta Queue (ODQ). Default is disabled.

Property

Description

Additional Parameters

Additional SAP parameters that you can use when you connect to the SAP system.

You can enter multiple additional parameters, separated by semicolon, in the following format:

<parameter name1>=<value1>;<parameter name2>=<value2>;<parameter name3>=<value3>....

For example, to generate SAP JCo and SAP CPIC trace files, enter the following additional parameters:

jco.client.trace="1";jco.client.cpic_trace="3";

During the run time, the SAP JCo and SAP CPIC trace files are generated in the following location:

<Informatica Secure Agent installation directory>\apps\Data_Integration_Server\<DIS version>\ICS\main\bin\rdtm

During the design time, the SAP CPIC traces are generated in the tomcat.out files at the following location:

<Informatica Secure Agent installation directory>\apps\Data_Integration_Server\<DIS version>tomcat.out

Display Delta Fields

Specifies whether the mapping displays the operation modes that caused the changed data on ODP sources.

When enabled, the mapping generates the ODQ_CHANGEMODE and ODQ_ENTITYCNTR fields on the Fields tab for ODP sources that are enabled with Operational Delta Queue (ODQ).

Default is disabled.

Hierarchical data extraction from SAP ODP objects

Before you use an SAP ODP Extractor connection to extract hierarchical data from SAP ODP objects in a Unicode SAP system, you need to install the SAP ODP Extractor transport files that you get from the Secure Agent directory to the SAP system.

Prerequisites to install the transport files

Before you install the SAP ODP Extractor transports, make sure to perform the following prerequisite tasks:

•Ensure that the transport files you install on the SAP machines are the latest. Get the latest transport files from the following directory:

<Informatica Secure Agent installation directory>\downloads\package-SAPODP.<Latest version>\package\sapodp\sap-transport

•Verify that the transport files are applicable for SAP version ERP 6.0 EHP7 system or later.
•Before you install the transports on your production system, install and test the transports in a development system.

The following table lists the transports that you need to install to read data from the SAP ODP objects:

Data and Cofile Names	Transport Request	Functionality
- K900861.N75 - R900861.N75	N75K900861	Install the transports only when you want to read from an SAP ODP that supports hierarchy. If the SAP ODP objects that do not contain hierarchical data, you can use SAP ODP Extractor Connector without installing the SAP ODP Extractor transport files.

Installing transport files

To install the SAP ODP Extractor transport files, perform the following steps:

1Find the transport files in the following directory on the Secure Agent machine:

<Informatica Secure Agent installation directory>\downloads\package-SAPODP.<Latest version>\package\sapodp\sap-transport

2Copy the cofile transport file to the Cofile directory in the SAP transport management directory on each SAP machine that you want to access.

The cofile transport file uses the following naming convention: <number>.<sap system>.

3Copy the data transport file to the Data directory in the SAP transport management directory on each SAP machine that you want to access.

The data transport file uses the following naming convention: <number>.<sap-system>.

4To import the transports to SAP, in the STMS, click Extras > Other Requests > Add and add the transport request to the system queue.
5In the Add Transport Request to Import Queue dialog box, enter the request number for the cofile transport.

The request number inverts the order of the renamed cofile as follows: <sap-system><number>.

6In the Request area of the import queue, select the transport request number that you added, and click Import.
7If you want to upgrade from a previous version of the Informatica Transports, select the Overwrite Originals option.