zapAnalytics Onboarding
      Back to home
      1. Knowledge Base
      2. zapAnalytics
      3. zapAnalytics Onboarding

      Onboarding SAP Admin - Digital Audit Preparation

      Guide for SAP Administrators to prepare for our Solution zapAnalytics - Digital Audit Preparation

      zapAnalytics - Digital Audit Preparation

      zapAnalytics - Digital Audit Preparation licenses the one-time creation of a project in our software zapAnalytics. For digital audit preparation, your SAP data is extracted, and the zapliance indicators are automatically analyzed. The result is a compilation of PowerBI files and exports that allows the user to understand SAP usage, identify key risk and opportunity indicators, and gain deeper insights into the data.

      Estimated SAP Preparation Time: 30 Minutes

      Topics:

      1. General Information about zapAnalytics
      2. General Information on Data Extraction
      3. SAP User with RFC Function Module
      4. Limitation of SAP Tables for Digital Audit Preparation
      5. Connection Data to the SAP System

      6. Download SAP Java Connector (JCO)

      7. SAP Transaction codes for auditors
      8. Impact on the SAP System

      General Information about zapAnalytics

      zapAnalytics is a web application based on Java Spring. SAP data extraction is performed via RFC and requires only a reading SAP user authorized with SAP standard function modules. A PostgreSQL database is necessary, which is set up with the standard parameters of zapliance. All data is stored locally and remains either in files or in the connected PostgreSQL database.

      The duration for data extraction and processing can vary significantly depending on the amount of data, and it may take several days. A stable network connection to the ERP and possibly the target system, such as PowerBI, is required to ensure data flow.

      General Information on Data Extraction

      zapAnalytics uses the Remote Function Call (RFC) interface to efficiently extract data from the SAP systems. This is an essential step to prepare data for analysis purposes without impacting the running SAP system. Only SAP standard function modules and a SAP user with reading rights (system or dialog) are needed. Depending on the agreed services, SAP tables can be read and narrowed down to specific objects.

      To establish a targeted connection with the SAP system, SAP connection parameters are required. These parameters vary depending on whether the target system is a message or application server.

      During data extraction, the connection to the SAP system must be maintained. In the event of a connection interruption or missing rights, data extraction must be started again.

      SAP User with RFC Function Module

      This guide provides a comprehensive overview of the necessary authorizations to enable Remote Function Call (RFC) access to your SAP system. The SAP user needs full BBP_RFC_READ_TABLE access rights for optimal functionality.

      You can also use a system user (USTYP B in USR02) instead of a dialog user (USTYP A in USR02).

      rfc_access_rights

      The following access rights should be at least available:

      1. S_RFC Authorization Object: 
        1. Activity (ACTVT):
          1. Execute (16)
        2. Name of RFC-Objekts (RFC_NAME):
          1. BBP_RFC_READ_TABLE
          2. DDIF_FIELDINFO_GET
          3. RFCPING
          4. RFC_GET_FUNCTION_INTERFACE
          5. RFC_READ_TABLE
          6. STFC_CONNECTION
        1. Type of RFC-Objects (RFC_TYPE):
          1. Function Module (FUNC)
      2. S_TABU_NAM Authorization Object:
        1. Activity (ACTVT):
          1. Display (03)
        2. Table Name (TABLE): *

      If “*” cannot be assigned to the authorization object “S_TABU_NAM,” the individual tables can also be specified from the data scope.

      Limitation of SAP Tables for Digital Audit Preparation

      The following are the required SAP tables for digital audit preparation that can be entered in the object "S_TABU_NAM":

      DD17S, T000, T001, T009, T009B, T001K, DD07T, NRIV, T001L, T001W, T003, T003T, T005, T005T, T007S, T008, T011, T011T, T014, T023T, T030K, T030W, T041C, T041CT, T043, T052, T052U, T074T, T077S, T077Z, T093, T093C, T093T, T100, T134T, T156, T156T, T159L, T161, T161T, T163, T173, T173T, T685, T685T, T880, TABW, TABWT, TBSL, TBSLT, TCURC, TCURT, TCURX, TCURF, TCURP, TCURR, TCURV, TPFID, TSTCT, TTYP, TVAK, TVAKT, TVFS, TVFST, TVLK, TVLKT, BKPF, REGUV, BSEG, BSET, FAGL_011FC, FAGL_011PC, FAGL_011QT, FAGL_011SC, FAGL_011TC, FAGL_011VC, FAGL_011ZC, REGUH, REGUP, SKA1, SKAT, SKB1, EKKO, EKPO, EBAN, EKBE, TVKO, VBAK, VBRK, LIKP, LIPS, VBAP, VBRP, VBFA, USR02, USR40, UST04, ANEP, ANLA, ANLB, ANLBZA, ANLC, ANLH, ANLZ, ANKA, ANKT, MARA, MKPF, MSEG, MAKT, MBEW, TDG41, KNB1, LFB1, KNA1, KNBK, LFA1, LFBK, KNKK, CDPOS, CDHDR,TCDOB, TCDOBT, DD03L, TIBAN, KNAS, SRGBTBREL, TOA01, TOA02, TOA03, CVERS, CVERS_ACT, BUT000, CVI_CUST_LINK, DD02T, DD03L, DD04T, TKA02, UKMBP_CMS_SGM

      Connection Data to the SAP System

      To connect to the SAP system, certain connection data is required. zapAnalytics offers the function to enter this connection data when creating the project and reuse it for future projects.

      Depending on the configuration of the SAP target system, a distinction is made between message and application servers:

      • Message Server (MSHOST)
        • Message Server
        • Message Server Port
        • System ID
        • Group/Server
        • SAP Router String
        • SAP Client
      • SAP Application Server
        • Application Server
        • Instance Number
        • System ID
        • SAP Router String
        • SAP Client 
      • (optional) SAP Web URL. The SAP Web GUI URL makes it easier to call up individual documents in zapAnalytics. Example: https://mySAP.com:44300/sap/bc/gui/sap/its/webgui

      The individual data can also be taken directly from the SAP Logon Pad.

      Connection Parameters Message Server:

      messageserver properties

      Connecation Parameters Application Server:

      image-png-Jan-04-2023-09-05-05-5397-AM

      Download SAP Java Connector (JCO)

      To start data extraction, the SAP JCo library version 3.1 64-bit x86 or newer is required. This is available for free to all SAP customers on the Marketplace. zapAnalytics offers the function to upload the SAP JCO file when creating the project and reuse it for future projects.

      • Access SAP Marketplace (https://support.sap.com/en/product/connectors/jco.html)
      • Select SAP JCo for Microsoft Windows and Windows Server 64-bit x86 version 3.1 or later
      • Log in with SAP S-user login data for the Marketplace
      • Provide the library to the IT admin for installation of zapAnalytics.

       

      Extended SAP rights for data analysis in PowerBI


      zapAnalytics enables you to call up SAP documents directly from PowerBI. To do this, the corresponding SAP web URL must be entered in zapAnalytics. Example: With the web URL https://mySAP.com:44300/sap/bc/gui/sap/its/webgui, “mySAP.com:443000” would be entered in zapAnalytics.

      Required SAP transaction codes:

      In order to access the desired documents, the auditor requires specific SAP rights. These rights include access to the following SAP transaction codes:

      • FB03: Display accounting documents
      • ME53: Display purchase requisitions
      • ME23: Display purchase orders
      • VL03: Display deliveries
      • VA03: Display sales orders
      • VF03: Display billing documents
      Make sure that all relevant users have the necessary authorizations to carry out these transactions.

      Impact on the SAP System

      In over 2000 projects, there have been no impacts on R3, ECC, or S4 systems.

      Need Help?

      If you have any questions, please contact our support team at support@zapliance.com.

       

      Last updated: February 1, 2025

      Checklist for Startup

      • Create SAP user with RFC function modules
      • Possibly unlock RFC connection in SAP system
      • Download SAP Java Connector
      • Identify SAP connection data