This page details some frequently asked questions about the Palantir Foundry Connector 2.0 for SAP Applications ("Connector").
incrementalField?SNAPSHOT to APPEND (to start incremental data syncs)?This approach has a number of benefits, including:
The SAP-certified add-on runs on the NetWeaver Application Server so the NetWeaver version (also known as the SAP_BASIS component version) is most relevant.
Our recommended minimum NetWeaver versions are as follows:
If your primary SAP system is running a NetWeaver Application Server version lower than 7.4, we have a solution that exposes a subset of the functionality of the Connector. However, this solution still requires a NetWeaver Application Server on version 7.4 or higher to act as a gateway by which Foundry will connect with the earlier version; this Application Server can be empty or one in use by a newer SAP system, such as BW.
If the SAP system or module runs on a NetWeaver Application Server then the Connector will be able to extract data from it.
If, however, the SAP system is cloud-based (for example, SAP IBP) or is not NetWeaver-backed (such as SAP Ariba), then this Connector is not the right solution for data extraction. Contact Palantir Support about other options for extracting data from these systems.
The official definition of SAP certification is available on SAP’s site ↗.
The add-on's certification is available on SAP's website ↗.
Yes – uninstallation is tested as part of the certification process. The add-on uses its own namespace and uninstallation removes everything from the SAP system. The only trace left will be in the SAINT installation logs, to show when the add-on was installed and uninstalled.
The Connector was designed with SAP system load and performance as a foremost concern. It provides a resource check feature that aims to ensure that data replication from SAP systems does not put end-user experience or other critical processes at risk.
Data extraction is paginated and, prior to every page request, the add-on assesses the memory utilization, CPU utilization (both system and user), and number of running work processes (both dialog and background). If any of these metrics fall outside a set of fully configurable thresholds, extraction will be aborted and retried later when resource availability may be sufficient.
This feature is used across many large enterprises in complex production SAP system landscapes – where the Connector is replicating billions of rows of data – and has been seen to protect those systems from any excess load that may cause disruption to end-users or other running processes.
As Palantir is not affiliated with SAP and cannot provide legal advice regarding your SAP license, it is your sole responsibility to assess the scope and details of your existing or potential usage of SAP systems and the Connector and its implications for your SAP licenses and contracts.
In our experience, scheduled extraction of data from SAP ERP systems via the application layer may be considered what SAP refers to as “indirect static read” and the usage of that data in third-party non-SAP systems may not need to be licensed. However, a user writing back data to SAP from a third-party non-SAP system may often require additional SAP licenses.
For any concerns, check with your legal counsel and/or SAP representative to discuss your SAP usage and license.
Yes: data transfer from SAP to the Data Connection Agent and from the Agent to Foundry is over HTTPS; the data that is temporarily staged on the Data Connection Agent host machine is encrypted.
There are four types of authorization roles used by the add-on:
For more details, see Authorization roles.
javax.net.ssl.SSLHandshakeException: PKIX path building failed
$HOST and $PORT with the host and port number for the SAP system):openssl s_client -showcerts -servername $HOST -connect $HOST:$PORT </dev/null 2>/dev/null |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | python3 -c "from sys import stdin; text = stdin.read(); ca_cert = text.split('-----BEGIN CERTIFICATE-----')[-1][:-26]; ca_cert = ca_cert.replace('\n', ''); print('\n' + ca_cert)"
openssl and python3 are installed on the machine.
javax.net.ssl.SSLPeerUnverifiedException: Hostname XXXXX not verified
useLegacyHostnameVerifier: true.Starting with the most granular source data available helps ensure the most flexible and useful downstream applications of data integration. Using preprocessed data may appear to be a shortcut, but doing so immediately narrows the scope of problems that can be addressed in the future.
If there are existing BW reports or queries that you’d like to use, a good pattern is to extract both the raw ERP data and the BW data.
Transparent, pool, and cluster tables can all be extracted from SAP.
The following table shows how different types are mapped from one system to another.
| SAP ABAP Data Type | Foundry Data Type | Description |
|---|---|---|
| ACCP | String | Posting period |
| CHAR | String | Fixed-length character string |
| CLNT | String | Client field |
| CUKY | String | Currency key (referenced by CURR) |
| CURR | Decimal | Currency field |
| D16D | Decimal | Decimal floating point number saved in BCD format |
| D16N | Decimal | Decimal floating point number |
| D16R | Decimal | Decimal floating point number saved as binary number |
| D16S | Decimal | Decimal floating point number with scaling (obsolete but still used by older systems) |
| D34D | Decimal | Decimal floating point number saved in BCD format |
| D34N | Decimal | Decimal floating point number |
| D34R | Decimal | Decimal floating point number saved as binary number |
| D34S | Decimal | Decimal floating point number with scaling (obsolete but still used by older systems) |
| DATN | Date | Date in format YYYYMMDD (native HANA type DATE) |
| DATS | Date | Date values |
| DEC | Decimal | Signed, fixed-point decimal number |
| FLTP | Double | Floating-point number |
| INT1 | Integer | Very small signed, exact whole number |
| INT2 | Integer | Small signed, exact whole number |
| INT4 | Integer | Regular signed, exact whole number |
| LANG | String | Language key |
| LCHR | String | Fixed-length character string |
| LRAW | Binary | Uninterpreted varying-length byte string |
| NUMC | String | Text string |
| PREC | String | Precision of a QUAN field |
| QUAN | Decimal | Quantity of a DEC field |
| RAW | Binary | An uninterpreted byte string |
| RAWSTRING | Binary | Varying-length character string data |
| TIMS | String* | Time value |
| UNIT | String | Units key (referenced by QUAN) |
Since Foundry does not have a dedicated Time data type (distinct from Date or Timestamp), TIMS type is represented as String. It is recommended that a TIMS type field is combined with its respective DATS type field as a first step in a Foundry data transformation pipeline, to form a new Date or Timestamp field.
There are several types of “view” in SAP:
The following steps occur when a data sync runs in Foundry for a given SAP source:
/PALANTIR/ space.Unexpected value encountered in SAP data Failed to parse value XXX in field YYY
Current CPU user load(X%) is higher than the max. CPU user parameter(Y%)., Please increase CPU_USER threshold value!, System resources are below threshold values.
ERROR : User XXXXX does not have enough authorization for this service call.
incrementalField?Ideally, the incremental field provided should be a monotonically increasing value; however, it is not always possible to find such a field. The best option may be a date field (with no time component). For this reason, the system uses a "greater than or equal to" comparison (as opposed to just "greater than"), so that no data is omitted if the previous sync was run midway through a given date. As a result, it is possible that duplicate values may appear in the resultant dataset in Foundry. These duplicate values should be removed as a first step in the data transformation pipeline in Foundry; for example, by checking for duplicate rows by primary key. See incremental updates for more details.
SNAPSHOT to APPEND (to start incremental data syncs)?If a data sync starts off with the SNAPSHOT transaction type, then no incremental state is tracked by the Connector. Subsequently switching to APPEND will cause the first incremental sync to extract all the data from the SAP system before continuing only to extract the "delta" (what has changed since the previous sync). Therefore, it is advisable to plan in advance which data syncs should be incremental, and to start those with the APPEND transaction type.
If a dataset ends up in a state where data has been duplicated due to switching from SNAPSHOT to APPEND, follow the reset incremental sync steps.
There are three different resource checks available:
By default, all resource checks are turned on and those resource checks are applied “continuously”, meaning that a check will be made before each page is requested, not just at the beginning of the sync.
To override the default behavior on an individual data sync level, take the following steps in the Data Connection UI: Extras > Resource Check / Continuous Resource Check > Off.
Data can be extracted from:
At the highest level, the add-on’s content authorization roles can be modified to prevent extraction of entire tables or objects.
Limiting the data that can be extracted at the row level can be achieved using filters, which are applied before the data leaves the SAP system:
There are two methods for limiting data extraction by column (these methods, as with the filters described above, are applied before the data leaves the SAP system):
The SAP-certified add-on provides support for calling SAP functions from Foundry. BAPI (Business API) functions are recommended for their well-defined structure and clear failure messages but the add-on supports calling any type of function module, if required.
To set up writeback, you will need to create a Foundry Webhook. For more details, see Webhooks for an overview and Webhook Configuration - SAP for SAP-specific details.
Yes – this is supported using the OAuth 2.0 Authorization Code flow. In this scenario, the SAP system acts as an OAuth 2.0 Server and Foundry acts as an OAuth 2.0 Client. When the user first attempts to write back to SAP from Foundry, they will be redirected to an authorization dialog in the SAP system to confirm that they are willing to permit Foundry to write back to SAP on their behalf.
See User-attributed SAP writeback with OAuth 2.0 for more details.
You will be provided with a new support package (SP). Follow the documented instructions to upgrade.
There is not a fixed release schedule, but a new support package (SP) is typically delivered every 2-3 months.
Yes, but you will need to enable the relevant housekeeping jobs as these cannot be turned on automatically by the SAINT installation process. For more details, see Set up and configure housekeeping jobs.