Tuesday, February 22, 2022

Simplifying ABAP short dumps

ABAP dumps are very useful sources of an information about what went wrong in execution of particular ABAP code. When the code runs into runtime error due to e.g. an uncaught exception, an exit message, a failed assertion, missing authorization to access the object etc. there is the ABAP dump generated. The dup can be viewed in t-code ST22. The dump itself carries a lot of information about the SAP system and its environment. Be it: hostnames and or IP addresses of DB server, app server, terminal, user names, version of SAP system, kernel, DB, memory, even the data can be exposed in ABAP variables, internal tables etc.

In order to prevent a leak of potentially sensitive information like above mentioned an ABAP dump could be simplified. Instead of all information, only two parts of the dump can be presented to the user:

·        What happened? – shows brief description of the place where the code was aborted

·        What can I do? – shows basic information of what can be analyzed further


Technically the simplified ABAP dumps are displayed in case the user has no below authorization assigned to its profile:

Authorization object: S_DEVELOP

Activity:                  03

Object type:            ST22

The authorization check is performed in method CHECK_USER_AUTHORIZATION_ST22 of class CL_ST22_TOOLS.


More information:

2306423 - Hiding sensitive information from Short Dumps (ABAP)

No comments: