Something about SAP Application Interface Framework (AIF)

In 2010 SAP introduced new solution for monitoring of interfaces from business perspective. It is called SAP Application Interface Framework (AIF) and it enables decoupling of technical and business aspects of interfaces. By this business users can perform error handling and other corrective actions for interfaces in single framework.

While implementing a new interface with utilizing of the AIF there is an implementation framework. Within the framework there are configurable tools where mapping of business values and implementation of business validation rules take place. Following the implementation the mapping and validation are made available in a monitoring cockpit of AIF. In the cockpit the business users can monitor and fix an issue occurred in the interface.

Technically it is delivered as add-on into SAP ERP (ECC, CRM, ..) solution. The lowest version of SAP NetWeaver which is supported by AIF is 7.0 SP17 of Basis and ABAP component.

Basic transactions:

Main costuming of the AIF Use transaction code takes places in TA /AIF/CUST. Value mapping is maintained in TA /AIF/VMAP. Monitor is to be done in TA /AIF/IFMON.

More information:

Online docu

SCN space related to AIF

SAP Application Interface Framework Cookbook

1757038 - Developer Cookbook for SAP Application Interface Framework

1530212 - SAP Application Interface Framework FAQ

1529247 - Release strategy for the ABAP add-on AIF

Scanning custom ABAP code for security risks

Similarly as SAP is during security checks of the standard software that they are delivering they offering tools enabling doing of the same for customers. There is a tool called "SAP NetWeaver Application Server add-on for code vulnerability analysis" or also known as Code Vulnerability Analyzer (CVA).  The tool carries out a static analysis of the custom ABAP source code in order to reveal possible security risks.

The tool is available in NetWeaver ABAP Stack based deployments starting with version:

7.0 NetWeaver: in EHP2 SP 14 or higher

7.0 NetWeaver: in EHP3 SP 09 or higher

7.3 NetWeaver: in EHP1 SP 09 or higher

7.4 NetWeaver: in SP05 or higher

 

In order to use the CVA tool first execution of system wide security checks needs to be enabled with report RSLIN_SEC_LICENSE_SETUP. Afterwards in standard ABAP code checking tools like: ABAP Test Cockpit (ATC), Code Inspector (SCI), and extended program check; the security checks are available. Option of these checks is usually called: "Security Analyses in Extended Program Check". Also notice that the tool has several limitations -> see SAP Notes below for details.

Notice that usage of the security check features for custom code is licensed separately and there are additional costs incurred.

- update 2022NOV22-

There are following other tools that can be used to scan ABAP code:

- t-code CODE_SCANNER (prog AFX_CODE_SCANNER)

- program RS_ABAP_SOURCE_SCAN

- program RS_B4HANA_CODE_SCAN – specific to BW systems, included in BW/4 Starter-Addon 

More information:

1855773 - Security checks for customer-specific ABAP programs

1697494 - Customer Code Scans

1841643 - Customer Security Vulnerability Scans

1949276 - Code vulnerability analyzer: Restrictions

Inserting data into InfoProviders manually

Usually in case of need for manual input of data we speak about planning applications in BW area. There are technologies like BW-SEM (Strategic Enterprise Management), BPS (Business Planning and Simulation) BW-IP (Integrated Planning) where those applications are being developed for specific needs of business users. Of course there are more planning offering from SAP I just mentioned here a few.

Although it is quite rare situation BW developers sometimes face situation where customers are demanding function to enter the data into InfoProviders manually even application is completely not related to planning. In this case it means to have a possibility to insert the data into BW’s InfoProvider w/o any InfoPackage/DTP any transformation/update rule. The requirement like this may sound strange. To name few situations where this can be applicable can be: lack of data in development/test/QA environment and no time to develop regular BW flow to populate the data. Also one could create planning function to the manual entry but again we do not want anything from planning be involved in here.

So given this there are following options available in BW to insert the data manually:

1. TA RSINPUT (Manual Data Entry) – supports cube and DSO objects but cube must be type of real-time and DSO must be type of direct update. There are 2 steps that need to be carried out. First you can configure which fields will be marked as for selection, maintenance, no entry, mandatory and as default value.  This is done on CONFIGURE screen. On next screen which is CHANGE/CREATE screen we can actually enter the data. ALV type layout is displayed for convenient entering of the data.

2. ABAP report CUBE_SAMPLE_CREATE – works with the cube regardless of its type. It can be “Standard InfoCube” or “Real-Time InfoCube” However the report works only for cubes no other infoproviderrs (e.g. DSOs are supported).

Values can be populated into the cube in following modes:

A) Generated Values – all values are randomly generated just to fit the type of infoobjects used.

B) Vales from Master Data Table – values from corresponding Master Data tables are used to fill up the data.

C) Ready-For-Input ALV – Only values that are entered by user are saved in the cube. User gets ALV input screen and can freely add the data as he/she wishes.

3. Custom ABAP report – One can create custom report similar to option no 2. This can be tailored only for specific cube and can be designed to run in background. You can use FM CUBE_SAMPLE_CREATE_NEW to see how data should be processed and FM RSDRI_CUBE_WRITE_PACKAGE to insert the data.

Additional info:

Step by Step Procedure: Creating Sample Data for InfoCube

NetWeaver Unified Connectivity (UCON)

See also part two of UCon here: Unified Connectivity (UCon) framework part 2

UCON is new connection framework in SAP NetWeaver aiming to deal also with security aspects of RFC (Remote Function Calls) calls from outside systems into SAP NetWeaver systems. The UCON framework reduces no of Remote Function Modules (RFM) which can be accessed or let say called from outside systems.

SAP ERP solution contains approximately 38k of RFMs. By default one can call all of them without any issues. As typically in customers production systems only few of them are needed so by utilizing UCON one can limit those RFMs which are needed.

What needs to be done in order to deploy the UCON?

- NetWeaver system where UCON will be used must have following system profile parameter UCON/RFC/ACTIVE set to 1.

- Set up and generate communication assembly (CA) in TA UCONPHTL.

- Schedule batch job SAP_UCON_MANAGEMENT to collect RFC statistic recording.

Notice that UCON is only available as of SAP NetWeaver version 7.4.

Further information:

UCON online docu

How-to videos

SCN doc about UCON

UCON overview presentation

What is SAP_LOCAL_DOWNPORT_ASSISTANT ?

There are many occurrences of term SAP_LOCAL_DOWNPORT_ASSISTANT across a SAP Notes and in ABAP reports delivered by SAP via the SAP Notes. One who is searching for the SAP Notes can observe this term very often. It was also my case.

Usually in the SAP Note there is a ABAP report mentioned in format NOTE_*. Where asterisk is a placeholder for not number (e.g. NOTE_2036310). After ABAP report is implemented there is a following text in its source code (example taken from the Note: 2042755 - Prerequisites: ABAP Dictionary enhancements, messages, and report texts for SAP Note 2036310):

* Generated by SAP_LOCAL_DOWNPORT_ASSISTANT Version 4.53 on 16.07.2014

* The individual coding starts at 'FORM update.' ( line 3.131 )

* Perform global search (menu edit - find) for "-- to get a complete list of changed objects

* Generation done for objects found in one of the following transports:

* BR1K053972

To me this indicates that the SAP_LOCAL_DOWNPORT_ASSISTANT is most likely internal SAP tool to migrate ABAP source code between different versions of NetWeaver ABAP stack.

Feel free to share your experience or observation about the SAP_LOCAL_DOWNPORT_ASSISTANT in the comments of this blog post.

Unlock InfoObjects option in cube maintenance

I was recently changing structure of one info cube in BW system. I had to remove one infoobject and add other one. For no particular reason I didn’t want to use Remodeling functionality to do that. What I did was just I simply put right click on desired IO to be removed and choose Delete option. However nothing happened and my IO stayed in the cube’s structure. I was sure that cube had no data loaded. I also checked aggregates and indexes. None of them existed. I had suspicion that there are still some data left in the cube. But how come as also dimension tables were deleted.

Moreover I observed that some of my IOs in the cube’s dimension are blue ones and on other hand some of them are black. Again blue ones were those I suspected having the data.

After some examination I found out one option. There is a function called Unlock InfoObjects available in TA RSA1 and RSDCUBE. While I went to cube maintenance screen in menu “Extras” there I found this function. 

What actually this function just did? It released those blue IOs in the cube. Seems it did action kind of deletion cube data also from the IOs which had still same data. After using the function it should be possible to add and/or delete IO from the cube’s structure.

To complete this blog post I need to mention that technically function is implemented in class CL_RSD_STRUCT_MAINT and in method SET_GET_IOBJ_LOCD.

How to reorganize Process Chains log’s table

Questions about fast growing tables in SAP systems are very often asked in SCN forums. Such a tables consumes disk space and even more importantly processing large volumes of data in these tables slows down the system. This also true in area of BW systems. Therefore it is common for SAP Basis guys to do housekeeping on regular basis of these tables. There are SAP Notes available which deals with those tables and advise how to reorganize them. Perfect example of such a Note is 706478 - Preventing Basis tables from increasing considerably. There are many tables discussed in the Note per different areas and also BW areas.

One of them depicts table related to process chains log - RSPCLOGCHAIN.

The table holds logs of Process Chains. In large BW systems running many chains on daily basis table can increase its volume very easily. One of the tables involved in logging of process chains runs is RSPCLOGCHAIN. Regular way of how to get rid of the log of process chains run is to do it from transactions like RSPC or RSPC1. In the log view there is Delete functionality available in the menu:

To you this functionality in automated way an ABAP report RSPC_LOG_DELETE needs to be utilized.  You can set up the job running this report on regular basis for particular chains with selection on logs from date/time or Log ID. I found this report quite useful in BW housekeeping tasks.

Report RSOS_CHECK_REPAIR Check and Repair of BW Search Settings

Basically what the report RSOS_CHECK_REPAIR does is check of TREX Searches for BW Repository Objects. Technically it is searching following tables and tries to find:

RSOSCHNOBJQUEUE - Queue for changed Objects (Search), records which do have no change done to search attributes

RSOTLOGOSEARATR - Searchable attributes for Object Types, records which do have attribute of a TLOG Object for Advanced Search equal to space

Subsequently entries that are found in those two above mentioned tables are looked up in table RSOBJS_OBJ_TYPES. That’s the table which holds object types of BW objects like infoproviders (infoobjects, multiproviders, cubes, DSOs, etc), BEx elements (queries, workbooks, web items, etc), infopackages/DTPs, etc. basically all the BW objects.

If there are some BW’s search objects that are not search-relevant but they have entries in those two tables means those should be removed. You can do this clean up by running same ABAP report with Repair flag enabled.

Missing report RSIM_CHECK_REP_DATA in your BW system

Recently I was activating BI statistics into newly installed BW system.  While I was doing so I set couple of standard BW process chains to run. One of them called Check Report Data Availability [0TCTHC_CHECK_REP_DATA] which uses ABAP report RSIM_CHECK_REP_DATA in its ABAP process variants has failed.

I was looking why that happened. Output of failed chain was a red process and behind it an ABAP dump “Internal session terminated with a runtime error LOAD_PROGRAM_NOT_FOUND (see ST22)”.  The dump said “Program "RSIM_CHECK_REP_DATA" not found.”

At first sight it looks completely strange that standard SAP program is missing in BW system. But so it was the case. Report RSIM_CHECK_REP_DATA was not there. Reason being is very simple. SAP decided that for standalone BW systems as of 730 and higher releases this report is not needed. The report was/is present only in BusinessByDesign (ByD) systems. In SAP Note “1890206 - Process Chain 0TCTHC_CHECK_REP_DATA is failed” it is also said that references to above mentioned chain will be removed from standard delivery of the further BW releases.

How to run NWBC NetWeaver Business Client?

After download and installation of NWBC I wondered how to run it. To be precise I had no idea what to enter into the logon screen as parameters. By default screen comes like this in version 4.0 of NWBC:

You need to maintain fields Name and URL. Alternatively you can put description of SAP system connection from your SAP GUI. This would go to field: “SAP GUI Logon Description”. Right after you save entry you can access it. After that you get logon screen:

Clicking on Log On button will display pop-up where you enter user’s logon credentials. In my case I got following error:

However if you have everything configured you should be directly connected to SAP System via NWBC. As per instruction in the error I tried to access NWBC client via web browser with following URL:

http(s)://:8014/sap/bc/nwbc/nwbc_test?sap-client=800

So it looked that everything was running in the browser. I went through all the checks on server side that are required as per online documentation. So I had to make sure that:

1. HTTP(s) service was up and running in my system. I checked that in TA SMICM

2. Service /sap/bc/nwbc  and all its subnodes were active in TA SICF.

3. Fully Qualified Domain Name (FQDN) was established as per profile parameter icm/host_name_full in my system.

4. System security settings: parameter login/accept_sso2_ticket = 1 and login/create_sso2_ticket was equal to 3 but it should be set to 2. So I changed it to 2.

Here’s how same transaction (SE16) looks like in NWBC:

Once I tried to run NWBC I got different screen where I could enter user credentials directly to the screen instead of pop-up. Afterwards I was logged into NWBC:

Finally I want to mention transaction NWBC. This may help you also to identify possible issue with NWBC.

Further information:

900000 - Netweaver Business Client – FAQ

NWBC Online documentation

SAP NetWeaver Application Server ABAP 7.02 SP11 with Gateway SP04 Trial - Ready for SAP Gateway

Last week I blogged about installation of SAP NetWeaver App Server 7.03 SP03 - which can be used (among other things) to develop ABAP objects in Eclipse. Today I took a look at another distribution of SAP NetWeaver which can be used to evaluate another SAP technology – SAP Gateway. By using the Gateway we can expose SAP’s system functionality as REST-based OData (Open Data Protocol) services. So we can share data residing in SAP to external world like other platforms, devices etc to consume it. The Gateway is delivered as add-on to ABAP based NetWeaver system which is available right in this specific distribution. Note that this is on-premise installation which you can put on your machine. Of course there are also cloud based deployments of the Gateway but this is blog is not related to them. Refer to this link to see all the options.

Content:

1. Download of NetWeaver ABAP 7.02 SP11 with Gateway 2.0 SP04

2. Installation of the same

3. OData demo application development

Regarding HW and SW I used – please refer to my installation of SAP NetWeaver App Server 7.03 SP03.

1. Download of NetWeaver ABAP 7.02 SP11 with Gateway 2.0 SP04

To get installation files I had to download it from store.sap.com. I searched for: SAP Gateway. Actually I downloaded the installation files some weeks earlier. Today I could not find it at the store. However I believe files are still somewhere out there. Alternatively you can use SCN space SAP NetWeaver Gateway Developer Center which has a links to the installation media: SAP NetWeaver ABAP Trial with SAP NetWeaver Gateway 2.0 (installer). I’m not going to provide the link in here as it doesn’t work at the moment.

As usual once I found my media on SAP store I clicked on Trial version button. This offered me a registration form that I filled up. After this I received email with link to the installation file. See all the registration process in details at my previous blog. That was the file I downloaded:

ABAP_Trial_7_02_SP11_Win_64_bit_Version_with_Gateway_2_0_SP04.rar

2. Installation of NetWeaver ABAP 7.02 SP11 with Gateway 2.0 SP04

After unpacking the file to installation folder it had size of 3.9GB. Right after this I downloaded and installed JAVA (jre-7u67-windows-x64.exe, download it from java.com) as it is prerequisite to run SAP installation. I started the installation as itself by executing sapinst.exe file:

I got first screen of installation wizard where I choose that I wish to install: Central System. 

Of course obligatory log-off and relog-on of my user:

I accepted license – notice I needed to scroll to very down to get the radio button:

 I set master password for all the SAP users that are created during the installation:

Then I got obligatory warning about some of installation criteria that were not met on my system. However it is usually the case while installing demo/trial SAP NetWeaver systems that those warnings can be just ignored. Anyway you have a possibility to revise your parameters in order to remove the warnings and re-execute the checks.

 As next I reviewed all the settings (I just changed SID of the system being installed from default ID NSP to NWG, to reflect that it is SAP gateway system and also to distinguish from earlier installed NSP) and kicked off installation phases:

Oooopps while processing phase no 16 I got stuck with following error. I looked that one of DLLs belonging to MaxDB was missing:

I located the reported DLL libSQLDBC77.dll and I put it folder where it was into PATH variable: C:\sapdb\NWG\db\pgm

I got through this issue and the installation continued for while with next phases.

Next issue happened in phase no 21. It appeared to be quite strange one. I reviewed log (there is a View Log button) and seems it had something to do with not maintained DB type in system default profile. So I entered into file c:\usr\sap\NWG\SYS\profile\DEFAULT.PFL and added following line in here:

dbms_type = ada

After that the installation continued and successfully finished:

 Meanwhile I installed SAP GUI – version witch wasn’t contained in the installation files but I had it from my previous installation. There it was located under folder: 
Frontend&tools \ SAP_GUI_for_Windows_7.20_ Patchlevel_7_SDN_version_ 20110701_1428.exe

Being logged in the system I set password for user BCUSER in transaction SU01. From now on I used that user to login to the system.

3. OData demo application development

Below I created very simple Read (part of CRUD) operation as service in Gateway. As it is really very simple it does nothing else just lists out users that are created in my newly installed Gateway system. Really notice that mu aim was just to try out it is working instead really focus on what The Gateway system can do. Therefore example is very simple.

First I created Gateway Data Model. I did it in TA SE80 -> GW Data Model.

Here I entered my new Data Model and filled up following pop-up:

 Followed by next pop-up:

 Now I entered into part where I introduced my Query operation. In my case query performs call of BAPI called BAPI_USER_GETLIST. I hit Search icon and entered the BAPI:

For the BAPI I needed to create mappings. I just highlighted the BAPI on left side and selected “Create Mapping” button:

Here I just selected one field that I was interested in: USERNAME.

I changed mapping for selected field into key field of structure: S_COR_ID-VALUE. 

Then I just generated the data model:

Next was to create Consumption Model. This is done again in SE80:

I entered description as well:

Now I added GW Data Model into Consumption one:

I searched for my previously created GW Data Model:

Once I had it I tried to see metadata of my service:

 Here it is, URL http:// 169.254.80.194:8000/sap/opu/sdata/sap/Z_GW_DM01/$metadata is opened in the web browser:

 In order to really run the service and get the data I changed URL to following one:

http://169.254.80.194:8000/sap/opu/sdata/sap/Z_GW_DM01/z_gw_dm_01Collection?sap-client=001&$format=xml

So I got six entries:

In order to validate it I ran separately same BAPI (BAPI_USER_GETLIST) in SAP GUI. I got also six entries:

 This concludes development of small SAP Gateway service.

In next part of my blog I name few issues I faced while development.

1. First I needed to customize System Alias. This can be done in transaction SPRO -> SAP NetWeaver -> Gateway -> OData Channel -> Configuration -> Connection Settings -> Manage SAP System Alias):

2. I had also an issue with user BCUSER. The thing was that I could not get activated my Data Model. It was caused by wrong developer key of my user. Correct developer key is 14421119653247674476. I found it by a lot of goggling at forum post. I even created forum post for this issue J

3. Also if service name, URl etc is for some reason not generated you got to do it manually. Transaction /IWFND/MAINT_SERVICE must be used in here.

4. It may happen that Gateway in your system is not activated. You have to activate it in customizing under following path: transaction SPRO -> SAP NetWeaver -> Gateway -> OData Channel -> Configuration -> Connection Settings -> Activate of Deactivate SAP Gateway.

Where to go next:

SAP Gateway -- knowing all essentials and how to build apps in 5 min

Getting Started with SAP NetWeaver Gateway

Gateway Documentation

Learn Gateway at your own pace

Installing and Configuring SAP NetWeaver Gateway 2.0