Thursday, October 24, 2013

Reporting security issues to SAP

Security in today’s interconnected digital world is very important. There are many hacks, threats, attacks, viruses reported on daily basis. Every year hackers are using more sophisticated methods. As many other software vendors SAP is very much into the security aspects within its software. Basis team of every customer running SAP should regularly monitor security SAP Notes (see service.sap.com/securitynotes). SAP have patch day - Tuesday. It is every second Tuesday of month (so called SAP Security Patch Day).

But purpose of this blog post is intended to provide basic guideline to someone who may find security issue within SAP software and wants to report it to SAP.

So how to report a Security Issue to SAP? Basic advice is provided by SAP at following page:

Basically there are two options depending who you are:

1 SAP Customer:  In case you find out possible security issue report it to SAP via SMP as customer message at service.sap.com/message

2 Independed:  If realize possible security issue, please report it to SAP Product Security Response Team via email mailto:secure@sap.com using PGP for e-mail encryption.



If you are curious how many issues were discovered by independed researchers and who are those people look at following page: http://scn.sap.com/docs/DOC-8218 Page provides that statistics – a kind of hall of fame or acknowledgments to security researchers.

Wednesday, October 23, 2013

SAP BusinessObjects BI platform reference architecture

Recently I found on SDN very interesting content related to BO. It is set of 2 documents describing in brief capability of every SAP BusinessObjects tools.

First document is clickable map of all the tools. You can see the purpose and changes done into the tool within major versions or feature packs. The document comes in Adobe Flash form and it I clickable. In current version all tools from SAP BO BI platform 4.0 Feature Pack 3 are depicted. There is a horizontally split for all the tools:

Client / web / management / storage / processing / data


Second document is related to architecture of client apps / web / processing servers of SAP BO BI platform 4.1. Basically what you can get here is how BO tool is supported by major product and databases. Also you see what database connection / access is supported:


SDN is providing gateway pages to those documents as well. You can find it here.

TA to maintain Variables Screen for Variable Selection of BEx reports run in TA RSRT

Recently I found TA RSLWSPVARSCREEN in SAP NetWeaver BW based systems. I was wondering what purpose it has. At first sight it deals with variable screen of BEx reports. However this is limited to only variants which are used in TA RSRT. So basically if you have some custom functionality build on top of TA RSRT plus you have stored variants of BEx query used in TA RSRT you may use TA RSLWSPVARSCREEN to maintain/adjust variant.

And here’s how you maintain variant:


Selection screen of TA RSLWSPVARSCREEN loos like following:

Off course you can still use TA RSRT to the same.

TA as itself is liked to ABAP report RSL_UTIL_CALL_VARSCREEN. Currently there is only one SAP Note which mentions this TA:

1642127 - Workspace: Variable scrn for variable maintenance (back end)

Tuesday, October 8, 2013

“Last data update” in Analysis Office (AO)

As BusinessObjects Analysis Office (AO) is about to replace Bex in near future there are a lot of features that are being added to AO. One of the features that BEx web reporting has is “Last data update” in web reporting. Basically it shows the latest date and time of loads in all InfoProvider involved in Multiprovider on which particular report is based on. Similar functionality is offered in Analysis Office for MS Excel.


In version 1.3.9.2462 of AO this functionality is accessible from menu Info Field -> Last Delta Update or you can drg&drop it from Information tab of right side toolbar. Basically functionality is built into AO’s Excel add-in as macro and there are 2 functions available:

=SAPGetSourceInfo("DS_1", "LastDataUpdate")
=SAPGetSourceInfo("DS_1", "LastDataUpdateMaximum")
1st function returns the oldest load and 2nd one the newest load. First parameter is always the name of report (AO calls it DataSource) inserted into Excel’s worksheet.

My other posts on AO topic:


Monday, October 7, 2013

How to get rid of GP* reports

So called GP or Generated Programs are behind some BW functionalities like transformations or BW queries. Existence of obsolete GP reports in SAP BW systems may cause problems. Here I’ providing a one example. Imagine a case of transformations when business logic is coded in ABAP includes. If for some reason name of ABAP include changes e.g. because of change in ABAP naming convention a new ABAP include is included in GP. As transformations get reactivated and as it changes it GP* report name we have in system also old GP* where still old ABAP include is included. If we want to delete old ABAP include it is not possible as there is still an old GP* report where old include is included. So we are in in stalemate situation.

What are possibilities to get rid of obsolete GP* report?

1. Run report SAP_DROP_TMPTABLES. However this report has also downside. It will delete all GP* reports in the system. This will cause that almost everything (see 1139396 - Temporary database objects in BW 7.X, 449891 - Temporary database objects in BW 3.x) w/o taking into account whether or not they are still in your system. So you will be in need of regeneration of a lot of objects. Therefor usage of this report is no-go.

2. You can write small ABAP report which will delete obsolete GP*. As template you can use code below. You can have similar program in all the systems in your landscape. But at least put GP* name on selection screen to make this small program re-usable.
DATA: lv_rep TYPE REPID.
lv_rep = 'GP4TV9WHSM6L4CTUFESVKHU9AN8'.
DELETE REPORT lv_rep.
IF sy-subrc = 0.
  WRITE: / 'GP* deletion OK'.
ELSE.
  WRITE: / ' GP* deletion NOK'.
ENDIF.


What would be other options? Hmm… good question. Actually I raised this topic to SAP via tool called Idea Place. So far no progress on this topic. Apparently it was not promoted by enovty people L

Wednesday, October 2, 2013

Max no of records to see in PSA maintenance screen

Recently I needed to check large data set in PSA. I wanted to list all data records that arrived to PSA from source system. Source was getting me over 3 millions of records. On PSA maintenance selection screen there is a possibility to specify no of records that is supposed to be displayed. Even I had approx. 3 millions of records I was not able to get them all into PSA’s output screen.



I tried to debug the functionality which displays the data. I found out that within the code there is limit on no of records to be displayed:
MODULE user_command_0500 INPUT.
...
  
if g_record_max >= 2147483647.
    g_record_max 
2147483646.
  
endif.
...
The limit is 2,147,483,647. Even if I would exceed the number on the screen by entering higher no I would be getting following error:


To be honest I’m not sure why I was not able to pull out all the records. Finally I managed it differently as I went directly to corresponding PSA transparent table via SE11. So at the end it was not an issue; but I’m curious to know why I cannot see more (all) the records.
PS: no 2,147,483,647 is prime number and is one of only four known double Mersenne primes. It has strong significance in computing because it is the maximum value for a 32-bit signed integer (int).

My other posts on PSA topic: