The position analysis module "VAT Audit" replicates tax-relevant documents from the SAP database to a local AMANA database using the Java connector JCo, a local AMANA database, in order to be able to carry out analyses. On the VAT-Audit side, the AMANA interface DataGate takes care of reading and writing the data; on the SAP side, an RFC_READ_TABLE module adapted by AMANA is used. The BAPI (Business Application Programming Interface) "RFC_READ_TABLE" included in the SAP installation is used to read and transfer SAP database tables. The width of the data records is limited to 512 characters. It was initially considered to use this standard module, but its implementation is useless for accurate and performant analysis of document data; one would be faced with the challenge of extracting a large number of records in chunks via the interface and reassembling them on the client side. Amana consulting GmbH has modified the ABAP source code of the RFC_READ_TABLE in such a way that data records of up to 2 KB can be transferred. Furthermore, features such as the support of an order-by-clause have been implemented. The AMANA module is given its own name and function group; it does not conflict with the original if both functions are used in parallel. This document describes how to install the AMANA BAPI in the SAP system in order to communicate with the VAT-Audit. The Amana DataGate utilizes the standard port 33xx for the Remote Function Call (RFC) module to ensure secure and standardized communication between the SAP systems and our applications. 1. Initial situation2. Installation of the module Z_RFC_READ_TABLEIn order to be able to access the module Z_RFC_READ_TABLE developed by AMANA from the external system VAT-Audit, several settings and configurations are necessary on the SAP servers involved. First, a function group is created and finally the actual module is configured and activated.
SE80: Creating a function groupFor the BAPI delivered by AMANA, a function group must be selected on the SAP server. For AMANA programmes, a new group can be created under transaction SE80. For Customer, the prefixes Y and Z are reserved and must be used. The group is created as a local object. Image Added
SE37: Creating the BAPIIn the SAP GUI, transaction SE37 is called to create the AMANA module Z_RFC_READ_TABLE. Another name can also be chosen for the module, but this must be done in coordination with AMANA, as this name is the essential agreement through which the two systems VAT Audit and SAP communicate. The module is assigned to the function group Z_AMANA. Image Added
Image Added
SE37 Configuration of the BAPIAfter creating the function, the tabs of the sub-dialogue are filled with values one after the other. Basic settings (a), input parameters (b), output parameters (c) tables (d), exceptions (e) and last but not least the source code (f) must be made known to the SAP system. a) On the first tab of the sub-dialogue, "Properties", the option "Remote capable module" is selected.Image Added b) The import parameters of the function are stored on the second tab "Import":Image Added Image Added d) The tables used are configured in the "Tables" tab. The main differences to the original RFC are the new order-by-clause and the structure of the output table: TBL2048 instead of TAB512.Image Added e) The function throws various exceptions, which are specified in the "Exceptions" tab:Image Added Image Added
3. SAP-UserA technical SAP user is required for the data extract. The following permissions are required. - DDIF_FIELDINFO_GET (Functional building block)
- RFC1 (Function group)
- RFCPING (Functional building block)
- RFC_GET_FUNCTION_INTERFACE (Functional building block)
- RFC_METADATA_GET (Functional building block)
- SDIFRUNTIME (Function group)
- SYST (Function group)
- Z_AMANA (Function group)
In addition, a reading authorisation for the examination-relevant tables (see 1. Initial situation). 4. Preparation VAT server The library SAPJCO3.jar and SAPJCO3.dll must be stored in the lib directory of the Tomcat server so that a JCO connection can be established via the interface on the part of the VAT audit.
Configuration databaseVariant 1: Configuration of JNDI (Datasource) database connection with user/passwordPlease copy the appropriate JDBC driver into the lib directory of the Apache Tomcat server (%TOMCAT_HOME%/lib). In the context.xml of the Apache Tomcat Server a corresponding resource entry for the database connection must be created within the <Context> block: Example Datasource entry for MSSQL: Code Block |
---|
language | xml |
---|
title | MSSQL Datasource |
---|
linenumbers | true |
---|
| <Resource name="jdbc/vatauditdatasource" auth="Container"
type="javax.sql.DataSource" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://[SERVER-ADRESS]:[PORT];DatabaseName=[DATABASE_NAME]"
username="[USERNAME]" password="[PASSWORD]" maxTotal="20" maxIdle="10"
maxWaitMillis="-1"/> |
Example Datasource entry for Oracle: Code Block |
---|
language | xml |
---|
title | Oracle Datasource |
---|
linenumbers | true |
---|
| <Resource name="jdbc/vatauditdatasource" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@[SERVER-ADRESS]:[PORT]:[INSTANCE]"
username="[USERNAME]" password="[PASSWORD]" maxTotal="20" maxIdle="10"
maxWaitMillis="-1"/> |
Please adjust the SERVER-ADRESS of the database server, the database name and the user/password in the Datasource entry according to your database. Variant 2: Configuration of JNDI (Datasource) database connection with Windows userPlease copy the appropriate JDBC driver into the lib directory of the Apache Tomcat server (%TOMCAT_HOME%/lib). The database connection in the context.xml of the Tomcat server can alternatively be established via the Windows user in whose context the Tomcat is running. The following steps have to be performed: Download Microsoft SSPI driver (sqljdbc 7.0): https://www.microsoft.com/de-de/download/sqljdbc_7.0 Info |
---|
The used JAVA version is important: A 64-bit JAVA requires the x64 version of the driver, a 32-bit Java requires the x86 version. |
The driver is delivered in a self-extracting EXE, which can be unpacked e.g. by 7-Zip or alternatively the driver can be downloaded as tar.gz archive. - Copy the sqljdbc_auth.dll from the subdirectory "/auth" into the "\windows\system32" directory of your Windows installation.
Image Added - Copy the file sqljdbc42 from the subdirectory of the driver "/jre8" into the "/bin" directory of your installed JAVA version (which is used by Tomcat).
Image Added
Image Added In the context.xml of the Tomcat server a corresponding datasource entry must be configured for the database connection: Code Block |
---|
language | xml |
---|
title | MSSQL Datasource |
---|
linenumbers | true |
---|
| <Resource
name="jdbc/vatauditdatasource"
type="javax.sql.DataSource"
driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://[SERVER-NAME]\SQLEXPRESS;DatabaseName=[DATABASE_NAME];Integratedsecurity=SSPI"
maxTotal="20" maxIdle="10"
maxWaitMillis="-1"/> |
In addition, the Windows user must be entered in the "Tomcat Properties" - see illustration: Info |
---|
Please note that the user also has the right to log in as a "service", otherwise Tomcat will not start anymore. |
Image Added
Setting up a TLS connection to the SQL serverAs of driver version 10.x of mssql-jdbc (Microsoft SQL server), a connection without TLS must be explicitly configured, otherwise the driver assumes a TLS connection and expects certificates provided for this. To disable this, the context.xml of the Tomcat server must be extended as follows: Code Block |
---|
language | xml |
---|
title | MSSQL Datasource |
---|
linenumbers | true |
---|
| <Resource name="jdbc/vatauditdatasource" auth="Container"
type="javax.sql.DataSource" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://[SERVER-ADRESS]:[PORT];DatabaseName=[DATABASE_NAME];encrypt=false;trustServerCertificate=true"
username="[USERNAME]" password="[PASSWORD]" maxTotal="20" maxIdle="10"
maxWaitMillis="-1"/> |
Crucial are encrypt=false and trustServerCertificate=true in the url. If the TLS connection should be used, then the following information is needed: Code Block |
---|
language | xml |
---|
title | MSSQL Datasource |
---|
linenumbers | true |
---|
| <Resource name="jdbc/vatauditdatasource" auth="Container"
type="javax.sql.DataSource" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://[SERVER-ADRESS]:[PORT];DatabaseName=[DATABASE_NAME];hostNameInCertificate=[HOST_NAME_IN_CERTIFICATE];trustStore=[TRUSTSTORE_LOCATION];trustStorePassword=[TRUSTSTORE_PASSWORD]
username="[USERNAME]" password="[PASSWORD]" maxTotal="20" maxIdle="10"
maxWaitMillis="-1"/> |
The SQL server must be secured with a certificate and this must be located in a TrustStore/KeyStore. Both the path to the TrustStore and the password are given, as well as the host name in the certificate. Information about the parameters: https://docs.microsoft.com/de-de/sql/connect/jdbc/setting-the-connection-properties?view=sql-server-ver16 Information about configuring: https://docs.microsoft.com/de-de/sql/database-engine/configure-windows/manage-certificates?view=sql-server-ver16 https://docs.microsoft.com/de-de/sql/connect/jdbc/connecting-with-ssl-encryption?view=sql-server-ver16 https://docs.microsoft.com/de-de/sql/connect/jdbc/configuring-the-client-for-ssl-encryption?view=sql-server-ver16
5. Connection testOn the AMANA side of the interface, the VAT audit is informed about the JCO connection. The authorised user logs into the VAT-Audit (VAT@GTC) and switches to the connection parameter dialogue under the settings tab. There he stores the connection data for the (technical) SAP user who is allowed to replicate the document data via the RFC. Besides user name and password, the parameters host, instance number, client ID (client) and the SAP router are the decisive entries. The button "Extended connection test" leads to the dialogue in which you can address the RFC.
Connection testIn the extended connection test of the AMANA application, one can address both the original RFC and the Z_RFC_READ_TABLE adapted by AMANA. The input parameters QUERY_TABLE and DELIMITER are supported. The number of returned records is limited to 100, so that the connection test can also be performed against large database tables.
|