In this blog, we will go through the steps involved in setting up the BTP service Group Reporting Data collection and integration with SAP S4 HANA
System requirements:
Steps involved:
Subscribe to SAP Group Reporting Data Collection Application:
Open the SAP BTP Cockpit and navigate to the subaccount. In the entitlements, add service plan for SAP group reporting data collection with standard plan.
Go to instances and subscriptions , add a new instance for GRDC
Configure Tiles Using an HTTP Connection for SAP S/4 HANA 2020 FPS1 and Higher Versions:
Create a HTTP Connection To External Server with Connection Type: G.
In the RFC Destination field, enter FIN_GRDC Under Administration Target System Settings Host, enter https://<scp_host_name>. For example: http://[your_subaccount_name].grdc-sap.cfapps.[region_name].hana.ondemand.com/.
Configure the cloud connector:
HTTPS Mapping:
We have configure principal propagation in cloud connector as a prerequisite for creating HTTP mapping,
Create self signed certificate for system certificate
Create self signed certificate for CA certificate
Upload the cloud connector certificate in strust
Update the cloud connector subject in the trusted reverse proxy parameter
Set the subject pattern as email
Download the sample certificate
In the CERTRULE tcode, upload the sample certificate and make sure the email ID is available for a user in the S4 system.
Create HTTPS mapping with principal propagation as below,
Add Mapping Virtual To Internal System and enter the following:
Backend-type | ABAP System |
Protocol | HTTPS |
Internal Host | Host for the S/4 HANA backend services |
Internal Port | Port for the S/4 HANA backend services |
Virtual Host | Enter any value. Note Remember your entry as you need it to configure the destination in your SAP BTP subaccount. |
Virtual Port | Enter any numerical value. Note Remember your entry as you need it to configure the destination in your SAP BTP subaccount. |
Principal Type | X.509 Certificate (General Usage) |
Host In Request Header | Use Internal Host |
Select the mapping you just created and add Resources.
URL Path | / |
Access Policy | Path and all sub-paths |
RFC SNC Mapping:
Install SAP Cryptographic library with S4 PRD SNC certificate in PRD cloud connector
Set the parameter “login/certificate_mapping_rulebased” to 1
In SNC0 tcode, update the cloud connector system ID and SNC name. Make sure the Entry for RFC activated, Entry for CPIC activated , Entry for certificate activated checkboxes are ticked.
Create RFC SNC mapping in cloud connector as below,
Add Mapping Virtual To Internal System and enter the following:
Backend-type | ABAP System |
Protocol | RFC SNC |
Application Server | host for the S/4 HANA backend services |
Instance Number | Instance number of the S/4 HANA backend |
Virtual Application Server | Enter any value. Note Remember your entry as you need it to configure the destination in your SAP BTP subaccount. |
Virtual Instance Number | Enter any numerical value. Note Remember your entry as you need it to configure the destination in your SAP BTP subaccount. |
Principal Type | X.509 Certificate (General Usage) |
SNC Partner Name | ABAP system's SNC identity name (for example, p:CN=SID, O=Trust Community, C=DE) |
Select the mapping you just created and add Resources.
Function Name | FC |
Naming Policy | Prefix |
Now, we are back to the BTP subaccount. Navigate to the connectivity section and create 2 destinations for the 2 mappings we created in cloud connector.
For S4HanaCConsoEndpoint, enter the information shown in the following table and save your changes:
Type | HTTP | |
URL | http://<host:port as defined in Cloud Connector> | |
Proxy Type | OnPremise | |
Authentication | PrincipalPropagation | |
Additional Properties | sap-client | Client number of your system |
Note:
Ensure the correct capitalization of the destination name S4HanaCConsoEndpoint. If the destination S4HanaCConsoEndpoint already exists, change the settings to those given in the table above.
For S4HanaCConsoEndpoint_RFC, enter the information shown in the following table and save your changes:
Type | RFC | |
Repository User | Technical user with required access | |
Additional Properties | jco.client.ashost | <host as defined in Cloud Connector> |
jco.client.client | Client number in SAP S/4HANA | |
jco.client.sysnr | <instance number as defined in Cloud Connector> | |
jco.destination.auth_type | PrincipalPropagation |
Note:
Ensure the correct capitalization of the destination name S4HanaCConsoEndpoint_RFC. If the destination S4HanaCConsoEndpoint_RFC already exists, change the settings to those given in the table above.
Under the security tab, navigate to role collections and create the below role collections,
App | Role | Description |
Manage Packages | SAP_BCR_FIN_CCON_GRDC_SCM_PC | Access Manage Packages |
Define Ad Hoc Items | SAP_BCR_FIN_CCON_GRDC_MAHI_PC | Access Manage Ad Hoc Items |
Manage Forms | SAP_BCR_FIN_CCON_GRDC_DFR_PC SAP_BCR_FIN_CCON_CQA_PC | Access Manage Forms Access the comments, questions and answers functionality from the Manage Forms app. |
Enter Package Data | SAP_BCR_FIN_CCON_GRDC_ERD_PC SAP_BCR_FIN_CCON_CQA_PC | Access Enter Package Data Access the comments, questions and answers functionality from the Enter Package Data app. |
Define Data Mapping |
|
|
| SAP_GRDC_DDM_READ | Access mapping definitions in read-only mode, with no rights to download the mapping file. |
| SAP_GRDC_DDM_WRITE | Create, delete and edit mapping definitions, with no rights to overwrite a mapping file. When creating a mapping definition, the user is allowed to upload a mapping file. For existing mapping definitions, the user isn't allowed to upload a new mapping file. |
| SAP_GRDC_DDM_EDIT_RESTRICTIONS | Access in read-only mode the complete list of mapping definitions and edit the definition access restrictions. This role allows a user to see and modify the access restrictions of all definitions, independently of any access restrictions changes. For more information on access restrictions, see Define Access Restrictions. |
| SAP_GRDC_DDM_DOWNLOAD_MAPPING _FILE | Access mapping definitions in read-only mode,with the right to download the mapping file. |
| SAP_GRDC_DDM_UPLOAD_MAPPING _FILE | Edit a mapping definition with the right to upload a mapping file but with no rights to modify or delete the definition. |
Run Data Mapping |
|
|
| SAP_GRDC_RDM_READ | Access jobs in read-only mode. |
| SAP_GRDC_RDM_WRITE | Create, delete and edit jobs with no rights to run them. |
| SAP_GRDC_RDM_RUN | Run a job in test mode without importing data (test mode or import into a CSV file). |
| SAP_GRDC_RDM_RUN_IMPORT | Run a job and import data only. |
| SAP_GRDC_RDM_ENABLE_TL | Generate a traceability log. Note This right can't be assigned alone, you must also add the SAP_GRDC_RDM_RUN_TEST right and / or SAP_GRDC_RDM_ENABLE_TL right. |
| SAP_GRDC_RDM_DOWNLOAD_TL | Download a traceability log. |
| SAP_GRDC_RDM_RUN_DWNLD_CSV | Download the CSV file when running a job with CSV file as target. |
| GRDC_EXTENSIBILITY | Access the Update Custom Fields button |
| GRDC_TMS_EXPORT | Access the SAP Cloud Transport Management service. For more information, see SAP Cloud Transport Management Service Implementation. |
| GRDC_CQA_EXPORT | Access the Export Comments, Questions and Answers Data API. For more information, see SAP Cloud Transport Management Service Implementation. |
Create a user and assign the GRDC role collections to the user.
Once done, we are ready to use the GRDC application that is integrated to our S4 system for all it’s data needs.
Reference:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
12 | |
9 | |
7 | |
6 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |