Saturday, August 29, 2015

t-code STAUTHTRACE

I recently faced authorization issue. As usually I sent an output of t-code SU53 which is evaluate of authorization check to SAP security team. As colleague from the security had some issues with finding the objects which authorization was missing to be granted for my user we sat together to see the issue. While we were working on it he showed my new interesting t-code of which existence I wasn’t aware before. It is the t-code STAUTHTRACE.

The t-code allows system-wide trace evaluation. This solves very common issue in case of system with multiple application servers. In such a case you need to perform analysis of authorization checks on particular server where user is logged to.
The trace in the t-code is very detailed. It basically shows all trace (similarly to t-code SU22) needed for analyze any kind of AUT issues. The trace so detailed but is limited authorization checks only.


The new t-code is available as of following NW releases: NW Basis 700 SP27, 701 SP12, 702 SP12, 730 SP8, 731 SP5 and NW 74+.


More information:
1707841 - STAUTHTRACE: System-wide trace evaluation
1603756 - Using StAuthTrace to record authorization checks

Saturday, August 8, 2015

Where to find information about SAP Security?

Every day SAP admins are facing many challenges. One of them is related to security. Also someone one may not consider security as an issue. But according surveys like here or here we can see that security is very important in SAP systems as well. Within this post I want to highlight few pages where we can learn about different aspects about security within SAP systems.


SAP Security Notes: service.sap.com/securitynotes

Patch Day MM/YYYY Notes - SAP releases security notes (a fixes of wide range of security issues discovered within SAP software) within SAP Notes that are called Patch Day Notes; search for patch day at service.sap.com/notes

service.sap.com/support -> Help & Support -> Search for SAP Notes and SAP Knowledge Base Articles -> SAP Security Notes -> White Papers or access it via direct link: SAP Security Recommendations

1536783 - SAP SECURITY RECOMMENDATIONS - PROTECTING JAVA- AND ABAP BAS

Failed transport contains objects related to new source system

Recently I faced one strange transport issue. I developed a new data flow related to newly created source system. That source system had complete setup from basis point of view in target BW system as well. It correctly appeared under Source Systems area in Modeling of TA RSA1.  Even Check connection functionality (available at right click on source system name) worked for the new source system in the target system. However my transport with had the flow using the source system (so called “source system dependent objects”) failed with following errors:

Transformation 0G2M3XTZUMRNTOQTV4EH6PK6VGDNVHLD inactive; action cannot be executed      Message No. RSBK260
Saving Objects with Type Data Transfer Process
Saving Data Transfer Process DTP_00O2SPBAQDZQZ6KPQH9N4U2NT
Transformation 0G2M3XTZUMRNTOQTV4EH6PK6VGDNVHLD inactive; action cannot be executed
Error while saving Data Transfer Process DTP_00O2SPBAQDZQZ6KPQH9N4U2NT
End of after import methode RS_DTPA_AFTER_IMPORT (Activation mode) - runtime: 00:00:00

As per error I checked TRFN and DTP but they both were fine. I also reactivated the TRFN via report RSDG_TRFN_ACTIVATE but error was still there. I even checked corresponding entries in table RSTRAN and active version was there.

Then I finally got an idea to check table RSLOGSYSMAP. This table contains mapping entries of logical systems. It is used while import phase of transport takes in place. If there is a BW object related to source sys (e.g. datasource) in the transport the table is used to map source system in source BW system to target source system in target BW system. If the source mapping is not maintained then the transport fails as in my case. The problem is that from the error which is shown in the transport log it is not possible to find out this root cause. Notice that the table RSLOGSYSMAP must have the entries for the system conversion in target BW system of the transport.

Tuesday, August 4, 2015

Converting Oracle DB format of date to SAP date format

There are many data flows picking up the data from "external database" based source systems in BW. One of most used DB system is Oracle. To connect BW system to Oracle DB a technology called DB Connect is very often used. As Oracle and SAP are different systems designed by two different companies there are many differences in there while comparing each other. The differences are there as well as from date and time related fields representation.

Therefore there are challenges while integrating data from Oracle DBs into SAP BW. Especially when converting date and time fields in Oracle and into format compatible with SAP BW. Let's take an Oracle date format for example. It has a format as DD-MMM-YY means it has 7 characters (e.g. today's date is represented by: 03-AUG-15). Whereas SAP format is 8 characters long in format YYYYMMDD (see Data Element SYDATUM; Domain SYDATS or Data Type DATS). If we just simply assign Oracle date field to SAP one it won't get proper data because the fields are not compatible.

Now; how to solve this? On SCN there are many discussions (e.g. here or here) on this. Most of it suggest parsing value as they come from Oracle and concatenate it at the end to field in SAP format of date. However this is not proper approach. The way how Oracle produce the format of the data field depends on national language settings (NLS) used with the database connection. Therefore the date field can come in many different flavors as per many configuration settings. What actually needs to be done is to force Oracle to produce the date field in desired format. This can be achieved by adding function TO_CHAR into e.g. SELECT statement while we extracting the data. E.g. a separate view can be created in Oracle to add TO_CHAR function. Such a SELECT statement would look like:

select  to_char(,'YYYYMMDD') as dat from where ;


For more information see:

518241 - DB Connect in BW for an external Oracle database

Wednesday, July 22, 2015

How to find the table size in SAP system from SAP GUI

1. t-code DB02 -> Space -> Segments -> Detailed Analysis -> enter values into fields:

Segment / Object = table name
Type = TABLE




2. t-code DBACOCPIT -> Space -> Segments -> Detailed Analysis -> enter values into fields:

Segment / Object = table name
Type = TABLE



3. ABAP report RSTABLESIZE. On it selection screen just specify table into field "Table Name ". Notice this doesn't work for BW objects e.g. starting with prefix /BIC/* for which do DB statistics wasn't calculated yet.


4. Table DBSTATTORA which displays actual size of tables on the database. Just enter the table name into the field TNAME. Table size is shown in field OCCBL - Used blocks of a table in KB. Again to have this value in the table DB statistics must be up2date.


5. t-code TANA. Start first table analysis for desired table. Once it is finished display the analysis with the same t-code. Notice this t-code just gets no of entries of the table instead of table size.


6. Function module GET_TABLE_SIZE_. This is DB specific function. As SAP systems are basically "Any DB" systems which mean several major DB vendors are supported you just need to find proper FM for your DB.

Adabas/SAP DB                  ada/sdb         GET_TABLE_SIZE_ADA
Microsoft SQL Server          mss              GET_TABLE_SIZE_MSS
Oracle                                        ora               GET_TABLE_SIZE_ORA
IBM DB2/390                     db2              GET_TABLE_SIZE_DB2
IBM DB2/400                     db4              GET_TABLE_SIZE_DB4
IBM DB2 UDB                    db6              GET_TABLE_SIZE_DB6
Informix                           inf                GET_TABLE_SIZE_INF
Sybase ASE                       syb               GET_TABLE_SIZE_ALL
HANA Database                  hdb              GET_TABLE_SIZE_ALL


PS: let me know in case you are aware of any other options of how to find out table size form SAP GUI.

Tuesday, July 21, 2015

DB specific BW functions implementations

SAP BW system is similarly to SAP ECC "any" DB system. This means it support several DB platforms. In order to optimize performance of SAP system on particular DB platform some of its functions are specifically written for target DB platform. There can be optimization of SQL statements done in DB specific Native SQL or things that leverage other DB specific features. These "DB specific" codes are delivered in multiple development packages. Below I briefly introduce few main development packages specific for particular DB platforms.

pack:           description:                                        component:

RSSYB - SAP BW on Sybase ASE                           BW-SYS-DB-SYB
RSHDB - BW Porting HDB - HANA DB                    BW-SYS-DB-SDB
RSORA - BW: Oracle Porting                                 BW-BEX-OT
RSMSS - Microsoft SQL Server Porting                   BW-SYS-DB-MSS
RSADA - BW Porting MaxDB                                 BW-SYS-DB-SDB
RSDB2 - BW: Porting DB2-z/OS                            BW-SYS-DB-DB2
RSDB4 - SAP NW BW on IBM i (DB4) - AS400        BW-SYS-DB-DB4
RSDB6 - BW: Port DB6                                         BW-SYS-DB-DB6

SDBA_TERADATA - Teradata Monitoring & Admin  BW-SYS-DB-TD

Setting up password expiration time in SAP NetWeaver ABAP stack

Once new SAP user is created in SAP NetWeaver ABAP stack and password is generated it can get its expiration time. This is supposed to be a temporary password type of thing as it is expected that user will change it soon. Expiration time may vary as it governs by SAP instance parameter. Name of the instance parameter is:

login/password_expiration_time

The password expiration time or validity period of passwords is given in days. There may be following values specified in parameter. If the value is 0 it means user is not forced to change the password. If there is any value different from 0 it means the number of days after which users must change the password. Maximum permitted value is 1000 days.


The value of the parameter can be maintained in t-code RZ11.

Running webdynpro in SAP GUI

Even it is not very usual there is a possibility to run webdynpro application in SAP GUI. Or we can say to trigger webdynpro app in SAP GUI. There is a t-code WDYID - Display Web Dynpro Application which by help of ABAP function group SAPLWDY_PRGN_NODES (screen no 400) runs it. On its selection screen we can enter particular WD app into field "Applicatn" and then simply by hitting Enter key it runs. User is not prompted to login to the application. This is being because SAP GUI will generate a SSO ticket off of the user current SAPGUI login.


There is also possibility to create custom transaction codes to enable running webdynpros in SAP GUI. As per online documentation it should be type of "Transaction with parameters (parameter transaction)" and should point to t-code WDYID and should have screen = 0. Finally you need to specify two default values for new t-code with following names:

STARTMODE = GUI
APPLICATION= your_wd_app_name





Monday, July 20, 2015

Versions of SAP Java Connector (JCo)

I introduced SAP JAVA Connector (JCo) in my previous post. While integrating JAVA and SAP applications one may come to issue because of usage of different version of JCo with combination of different Java JDK/JRE versions. Therefore in this post I briefly go via versions of JCo. In table below see different version of the JCo delivered over the years. Notice that is cases of some versions release dates are just approximate.

Release
Release Date
Note
Maintenance ends
1.x or 1.1
Pre 2002
n/a
December 31, 2003
2.0.2
18.06.2002
December 31, 2008
2.0.3
26.07.2002
2.0.4
12.08.2002
2.0.5
02.09.2002
2.0.6
04.11.2002
2.0.7
09.12.2002
2.0.8
31.03.2003
2.0.9
22.07.2003
2.0.10
19.11.2003
2.0.11
16.12.2003
2.0.12
20.07.2004
2.1.1
06.08.2003
March 31, 2013
2.1.2
20.11.2003
2.1.3
10.03.2004
2.1.4
13.10.2004
2.1.5
10.02.2005
2.1.6
20.07.2005
2.1.7
19.05.2006
2.1.8
05.09.2006
2.1.9
06.03.2009
2.1.10
26.04.2010
3.0.1
18.11.2008
December 31, 2017
3.0.2
16.04.2009
3.0.3
15.09.2009
3.0.4
10.11.2009
3.0.5
16.02.2010
3.0.6
22.09.2010
3.0.7
05.05.2011
3.0.8
03.11.2011
3.0.9
09.01.2012
3.0.10
31.07.2012
3.0.11
30.09.2013
3.0.12
09.05.2014
3.0.13
14.04.2015



To download the newest version of JCo see directory "SAP Java Connector" - "Tools & Services" at SMP quick link: service.sap.com/connectors or see Note 1672418 - Downloading the SAP JCO or 1944049 - Old release of SAP Java Connector (SAP JCo) download.

SAP Java Connector (JCo)

SAP JAVA Connector (JCo) is an API that allows bidirectional communication of a Java application with any SAP system. It is very much used while interfacing SAP application from JAVA based applications. It allows Java programs to connect to SAP systems and invoke Remote Function Modules (BAPI). It also allows parsing of IDocs (SAP Intermediate Documents) amongst other things. Both types (in/outbound) of the communication are supported.

The SAP Connector leverages following out-of-box libraries provided by SAP:

SAP JAVA Connector - is an API that allows bidirectional communication of a Java application with any SAP system

SAP JAVA IDoc Class Library – a suite of libraries providing an API which helps navigating, reading, filling, and modifying IDocs.


Both SAP libraries are part of JCo. The JCo libraries are coming licensed without additional license fees as part of the respective SAP solution or SAP component license for SAP customers.


More information:

service.sap.com/connectors -> SAP Java Connector (SAP JCo)
SMP component: BC-MID-CON-JCO