Stumbling blocks, tips and tricks – CTO Balzuweit report on their projects

“Those aren’t dark circles under our eyes, those are the shadows of the project,” said Andreas Geiger and his colleague Björn Unrath from CTO Balzuweit in Stuttgart, introducing their presentation with a wink. After all, the point at the Partner Barcamp was to enter into a dialog with the audience as part of the EASYTalk – Conference for Interaction and Dialog, and illustrate to the interested EASY employees and partners the practical challenges and solutions which arise during a project.
The CTO customer was using SAP HCM, that is the SAP personnel file. They wanted a fully integrated connection to the EASY Archive without a system interruption in order to manage their personnel documents. Furthermore, the EASY Archive should be used as a central document archive for storing the documents.

Missing document type in the file structure

In order to plan the personnel file, CTO first developed a file structure based on the existing analog file structure. Consultants discussed the design with the customer, and then the departments defined the contents. In the final version, the file structure has eight directories, 27 subdirectories, 16 document types, and 115 document subtypes. The first stumbling block CTO identified in the project is the four-level design of the file structure: Directory → Subdirectory → Document type → Document subtype.
When recorded, the document is indexed by document type → document subtype, but is displayed by subdirectory → document subtype. Therefore, the “Document Type” tab is lost as a display criterion. This error caused major uncertainty in the department, which is why the file structure was revised several times. In order to avoid such misunderstandings, the department should present the file structure to the customer without the subdirectory. In addition, the consultant should make the subdirectory synonymous with the document type.
The clear advantage of this solution is an intuitive structure. The employee in the company will not “lose” any information later. This additional level should only be introduced on a specific request or if it seems logical, according to Andreas Geiger from CTO.

Secure connection to the EASY Archive

The second project involved the EASY Archive. The customer wanted a connection to the human resources department for the company-wide document archive, with the complete administration running via SAP Knowledge Provider (KPro) and EASY Archive only serving as revision-proof storage. The challenge for CTO was to deny administrators access to the archive data. Here, CTO undertook several measures which raise the threshold for possible misuse of data:

  • They set up a separate personnel administrator account with a separate personnel administrator role; its password is known only to CTO and the human resources department.
  • In addition, logging of accesses to all archives was set up.
  • Furthermore, documents can only be stored in encrypted form and with the personnel administrator’s key. Since all of the administrative functions are in SAP, searches can also be performed on the highest encryption level.
  • The developers also set up an archive link interface with HTTPS.

Despite these protective measures, an administrator may still be able to access the data, but would need a certain amount of criminal intent, explained Andreas Geiger to the interested audience.

Integration SAP CLOUD 4 Customer – a tough nut for CTO

The starting position: The interface was the merchant and supplier file developed for EASY Documents. Master data were to be imported automatically with file creation. Originally, this was to be taken from the customer’s existing “regular” SAP, but the customer later relied on a Cloud-based solution for all employees, SAP C4C.
The challenge: On the one hand, a way had to be found to import the master data from the existing non-local solution into the local EASY system. On the other hand, an integration had to be created for C4C with which the documents in the local EASY archive could be displayed seamlessly in the Cloud. CTO wanted to find a standardized technology to import the master data securely into the local network. Not an easy feat in the context of local systems, says Andreas Geiger.
The solution: The consultants used the REST-based data exchange protocol OData, which supports data tapping on the SAP C4C side. Put simply, it is SQL for the Web. It allows a standardized data tap via HTTP in an SQL-like query language and can deliver the information in JSON or XML format. CTO developed a connector for this based on CLARC automation, which monitors the data cyclically and updates the merchant and supplier files whenever there are changes. The connector can be used universally and is also suitable for use in other scenarios, or with other data sets and source or target systems. Thus, for example, the customer can also import data from a Microsoft Azure Cloud into an EASY archive.
The customer also expressed the desire of being able to display and archive documents out of C4C. They wanted a fully integrated solution especially designed for this. Further, C4C users should be able to access the EASY Archive with their rights. CTO integrated EASYWARE authentication for this, so that C4C users obtained their rights via the archive rights. In both cases, the customer relied on LDAP integration, which facilitates clear user profile allocation. In addition, documents can be converted via the EASY View Server when viewed, and uniformly displayed as PDF files.
Being able to display documents securely posed an additional challenge. Until now, they had to be represented via separate links. In order to ensure secure data display, links for accessing the documents are provided with one-time OTP tokens.