S4HANA blacklist

With S4HANA SAP has deprecated some parts of their old code. In some weird cases this old code might still be required.

This blog will explain on the S4HANA blacklist. Questions that will be answered are:

  • How do I see a dump is caused by the S4HANA blacklist?
  • Where to find more background information on the S4HANA blacklist?

The S4HANA blacklist dump

If for whatever reason the S4HANA system gives an ABAP dump with the error SYSTEM_ABAP_ACCESS_DENIED, this is a S4HANA blacklist dump. See note 2476734 – Runtime error SYSTEM_ABAP_ACCESS_DENIED.

What to do when you hit a blacklisted item?

The best approach is to avoid doing what you did and look for the functional alternative provided by SAP. Search for the correct simplification item OSS note. In almost all cases SAP provides a solution.

Activating a blacklisted item

OSS note 2249880 – Dump SYSTEM_ABAP_ACCESS_DENIED caused through Blacklist Monitor in SAP S/4HANA on premise, contains the procedure to activate a blacklisted item.

Please make sure you have both the clearance from SAP and the system owner in writing before executing this procedure. Support can be lost and system upgrade in the future can be facing severe blocks. Only execute as last resort after explicit approval.

Enabling ABAP backend for ABAP Eclipse

This blog will explain the actions you need to perform to enable an ABAP backend for ABAP Eclipse tools (ADT = ABAP Development Tools).

Questions that will be answered are:

  • How to enable ABAP backend for ABAP Eclipse?
  • Where to find more background information on ADT (ABAP Development Tools)

Background information

The up-to-date information on the ABAP Development Tools and how to install ABAP Eclipse with the correct versions can be found on the SAP site. This site contains on the ABAP tab also the most up-to-date manual on the backend configuration.

The section below will describe the main steps.

Enabling ABAP backend for ABAP Eclipse

In transaction SICF enable node ADT:

Also activate the ABAP documentation tool nodes:

If not yet active, also activate SICF node wdy_aie_vd_preview.

Now start to test ABAP in Eclipse. Pending on the authorizations it might already work. If it does not work, check the standard SAP manual on the required RFC authorizations you need as ABAP developer to run ABAP in Eclipse.

In the manual you will read about SFW5 switch SRIS_SOURCE_SEARCH. Be very careful to switch this on. It is very resource intensive and there is limited added value.

Adjusting standard SAP code in S4HANA

In S4HANA the SSCR and developer key procedure are no longer present. This means you have to use proper authorization concept to determine which person is allowed to developer Z ABAP code and which developer is allowed to modify standard SAP ABAP code.

Questions that will be answered in this blog are:

  • Why has the has the procedure been removed?
  • How do I protect code adjustments from unauthorized changes?

S4HANA developer key

The title is a bit misleading. In S4HANA there are no developer keys and object keys any more.

Background of this change be SAP can be found in OSS note: 2309060 – The SSCR license key procedure is not supported in SAP S/4 HANA.

So in S4HANA, you must set up authorizations for S_DEVELOP properly. The development key and SSCR procedure are hacked anyhow (see blog).

With S_DEVELOP you have to set create/change rights for the packages and or objects. For custom code only hand out Z* privileges.

If you hand out a * for the objects or classes, then the developer can also change standard SAP.

Changes to standard SAP in S4HANA

The SCCR procedure is gone in S4HANA. This means if you want to adjust standard SAP code and you have the authorizations, you can without any SSCR screen asking you for the modification key.

Again also here: i you hand out a * for the objects or classes, then the developer can also change standard SAP.

All protection of ABAP code in S4HANA is arranged via authorization. 

Include usage data in S4HANA custom code migration FIORI app

With the new S4HANA custom code migration FIORI app you can include system usage data (from productive system) to see which code blocks are used and which ones are not.

This blog will give answers to the following questions:

  • How to collect usage data from productive system?
  • How to include the usage data in the S4HANA custom code migration FIORI app?

This blog assumes you have already setup the S4HANA custom code migration FIORI app. If you have not done this, follow the instructions in this blog.

Collecting usage data in production with transaction SUSG

General recommendations for the use of transaction SUSG can be found in OSS note 2701371 – Recommendations for aggregating usage data using transaction SUSG.

In your productive system start transaction SUSG and activate the usage data aggregation:

If you don’t have sufficient authorizations, you might get this weird screen:

If you see this screen, first check your user authorizations.

SUSG installation

If SUSG does not start in your productive system it needs to be installed first. To install SUSG apply OSS note 2643357 – Installation of Transaction SUSG. This is a TCI based OSS note (see blog).

After the TCI note also apply these OSS notes:

Creating the snapshot

Now that the data collection and aggregation is activated, you will need to be patient. Let the system collect the data for the next few days. Now goto transaction SUSG and check the log that the aggregation went fine:

Now you can create a snapshot in the Manage Snapshots section:

Create the snapshot and download it to a file on your desktop or laptop. If wanted you can setup RFC connection as well.

The security and basis team normally does not like any RFC going from production system to non-production system. So the file option is normally the best way.

Loading the data into your upgraded S4HANA system

In your S4HANA system where your custom code analysis runs now start transaction SUSG and make sure it is active. Now you can upload the snapshot from the productive server you have downloaded in the previous step.

Please make sure that the OSS notes on both your productive system and your S4HANA system are identical. The notes have changes to file format of the download file. If the notes are notes identically applied, you will have file format upload issues. Recommendation is to apply all recent SUSG note to both your productive server and the S4HANA system.

S4HANA custom code migration app with usage data

Now you can finally launch the S4HANA custom code migration app. Create a new analysis. In the usage data part of the app, you can assign the snapshot you have uploaded in the previous section:

Now start the custom code analysis and let it run.

The end results of code being used or not can be seen in the column Usage Information in the Analyze Findings section:

Background information

More background on SUSG setup can be found on this blog.

Activating and using the S4HANA custom code migration FIORI app

This blog will explain about the S4HANA custom code migration FIORI app. Questions that will be answered in this blog are:

  • How to set up the S4HANA custom code migration app?
  • How to run the S4HANA custom code migration app?
  • How do the results of the S4HANA custom code app look like?

Activation of the S4HANA custom code migration FIORI app

The custom code app official specification can be found on the FIORI reference library.

First make sure the basis setup of embedded FIORI in general are done on your S4HANA system. See this blog for background.

And make sure the ATC settings for S4HANA code migration are done. See this blog for background.

Next step: in transaction PFCG create a new role (for example Z_CUSTOM_CODE_APP). Add catalog SAP_BASIS_TCR_T as a launchpad catalog:

Save and activate the role. Assign the users to the role.

In transaction /IWFND/MAINT_SERVICE add the following services (and activate them):

Component External Technical Name
Custom code migration projects SYCM_APS_C_PROJECT_CDS
Analysis of SAP S/4HANA custom code check findings SYCM_APS_C_ATC_FIND_ALP_CDS
Custom code scoping by request entry points SYCM_APS_C_SCP_BY_EP_CDS

Custom code scoping by packages SYCM_APS_C_SCP_BY_PK_CDS

In transaction SICF activate the following nodes:

NW_APS_CCM_PRJ

NW_APS_EXT_LIB

NW_APS_LIB

The core activation actions are now done.

Start transaction /UI2/FLP to start the FIORI launchpad. You will not find the tile. Change the homepage and add the following tile from the catalog:

Before starting, make also sure that in ATC setup the RFC object providers are setup:

You can name the ID, description and group ID the same if you want. Make sure to use RFC destination none.

Creating a project in the app

Now you can start creating a project in the app. Click on the + symbol to add a project;

In the destination fill out the system you have put into the ATC object provider configuration. Than save the project and let it run. In the background the full ATC check is now carried out. This can take some time. You can refresh the project to see the status:

Analyzing the results

When the run is done, you can now analyze the results on the Analysis tab:

Important here is that you have to press the Analyze Findings button to go into the detailed analysis overview:

On the top are the graphical overviews. In the bottom is the detailed list:

You can use the download to excel button for further processing.

During the custom code clean up you can redo the same project, by rerunning the analysis. Or you can decide to run a new project.

Including usage data from productive system

You can also add actual usage data from a productive system in the custom code management app. See this blog.

Known issues and bug fixes

For UI bugs check OSS note 2809550 – Custom Code Migration App – Correction bundle for S/4HANA 1909.

Setting up S4HANA custom code adjustments

You have just upgraded to S4HANA in your sandbox or development system. SPAU and SPAU_ENH processing are done. Next step is the S4HANA custom code adjustments.

Questions that will be answered in this blog are:

  • How to import the SCI variants for S4HANA custom code adjustments?
  • How to import the latest simplification database into your system?
  • How to

Importing the SCI variants

Goto transaction SCI and select the option Utilities and then Import Check Variants. This action will import the required variants. Check that the variants are present now.

In the SCI variant, you can leave everything as delivered out-of-the-box with the exception of the material length option. If you keep the material field business wise to 18 (which most customers do), you need to change the variable from 40 to 18.

Setting up the simplification database

Follow the instructions of OSS note 2241080 – SAP S/4HANA: Content for checking customer specific code, to download the latest content for the simplification database.

Use transaction SYCM to upload the file. Select option Simplification Database and then Import from ZIP File.

Running the ATC tool

Now you can start to setup the ATC tool. For details see this blog.

The ATC variant to run should like like this:

Important here:

  • Select the desired S4HANA readiness check SCI variant
  • Set the package to Z* to select your custom code
  • Tick the box for Calculate quick fix proposals

Now you can start the ATC run:

Set the results to Active to see all the results in Eclipse as well. Pending on your system size lower the default number of processes from 10 to for example 5.

If you run into ATC tool issues for the S4HANA custom code adjustments run: first increase memory parameter rsdb/obj/buffersize in RZ11 to at least 150 MB. Then run again.

Processing the results

The ATC tool will now give a lot of results:

The results from the ATC tool can be distributed to more members by changing the Contact Person. To do this select one or more findings and right click on the Contact Person column, and select the option Change Contact Person.

The basic order of processing the results:

  1. Check simplification OSS note
  2. Fix code
  3. Apply relevant pragma (directly or in Eclipse via quick fix)
  4. Apply exemption

For the exemptions: you can raise them, but different person needs to approve them.

When you are using Eclipse, you might run into issue with exemption request. See OSS note 2815887 - ATC: No Possibility to Request Exemptions in Eclipse for the fix.

Statistics from the ATC runs

If you run the ATC tool weekly, you can use it to track the progress. In the ATC results screen there is a specific button Statistics View:

Default sorting is by type of issue to be solved:

This view can also be sorted on Contact Person. This will enable you to check the progress of each developer with his or her work list.

Using quick fixes with Eclipse

Using quick fixes with Eclipse is a fast way of going through the list. The Eclipse list is based on Contact Person and active results. So you only see in Eclipse the results for your user account.

In Eclipse first select the appropriate views:

Now you can start processing. You will get online help and you can apply the quick fix proposed automatically in stead of keying it in by hand.

You might run into an initial bug with a dump, which is solved by applying OSS note 2647710 - Simple transformation: Inconsistent ST loads. 

The quick fixes are updated with both bugs and new functions. Please check out the new versions of the following OSS notes:

Nice blog on the quick fixes: follow this link.

To enable ABAP backend for Eclipse: follow this link.

Using the S4HANA custom code migration app

You can also use the S4HANA custom code migration app. After completing the setup above and activating the S4HANA embedded FIORI (see this blog), you follow the step in this blog for the setup.

Further background information

More information can be found:

SAT ABAP runtime analysis

The SAT ABAP runtime analysis tool can be used to identify performance problems in ABAP programs.

Questions that will be answered in this blog are:

  • How to run the SAT tool?
  • How to read the results of the SAT tool?

Starting the SAT tool

The SAT ABAP runtime analysis tool can be started with transaction SAT:

Top left there is a Tips & Tricks button. This will bring you the to the following tool:

Here you can compare the optimal and not optimal way of coding. By hitting measure runtime button you can actually compare in real time the difference between the 2 methods.

The performance issue program

To test the tool, we first write a simple test program:

REPORT zperftest2.

DATA: zlt_vbak TYPE TABLE OF vbak.
DATA: zls_vbak TYPE vbak.
DATA: zlt_vbap TYPE TABLE OF vbap.
DATA: zls_vbap TYPE vbap.
DATA: zls_vbap2 TYPE vbap.

SELECT * FROM vbak INTO TABLE zlt_vbak UP TO 100 ROWS.

LOOP AT zlt_vbak INTO zls_vbak.
  SELECT * FROM vbap INTO zls_vbap.
    DO 10000 TIMES.
      zls_vbap2 = zls_vbap.
    ENDDO.
  ENDSELECT.
ENDLOOP.

Now we start the SAT tool, enter the program name. Make sure the tick box evaluate immediately is on and press Execute.

Now the measurement will start.

Result of the trace tool

The result of the trace tool is as follows:

On the left side you see the split in where the program spends it time. Here you can see that most of the time is spend on internal processing and not on SQL statements. SQL statement can be analyzed from the SAT tool or from the ST05 SQL trace tool.

By double clicking on the the internal access the right hand side of the screen is filled. Here you can see in which code blocks the most net and gross time is spent. It does not always point you to the exact statements that are not ok, but it can point you to the program that is causing the biggest delay.

In our case the DO 10000 TIMES loop is the performance killer. With only SQL tracing this cannot be found.

Relevant OSS notes

Check and if needed you can apply these OSS notes to solve bugs in the SAT tool:

2737535 – Slow listing of traces in SAT (ABAP Runtime Analysis)

2779153 – Export/Import not working for large ABAP traces in SAT

2825334 – Remove user specific time reference in transaction SAT (use of SY-ZONLO)

2838533 – Runtime Error in SAT during trace analysis (CL_ATRA_EXPAND)

Delete ABAP developer keys

This blog will answer the following questions:

  • How to delete old ABAP developer keys from my system?

ABAP developer keys clean up

If ABAP developers leave their key is still in your system and could potentially misused. Also when SAP comes to measure licenses they might peek in table DEVACCESS to see which developer keys are present.

Unfortunately SAP does not deliver a standard program delete an unused ABAP key. See OSS note 1710320 – How to delete SSCR Object and/or Developer Keys – SAP ONE Support Launchpad.

So you simply have to write your own customer program with a code that looks like:

DELETE FROM DEVACCESS WHERE UNAME EQ '<USERNAME>'.

Maintenance view on DEVACCESS

Alternative solution is to create a maintenance view on table DEVACCESS. This will require a once off modification key. Then you can delete and insert developers keys via the normal SM30 table maintenance transaction.

Developer key hack

The developer keys are not safe, so don’t rely on them. See this blog.

Analyzing code before upgrade or support package: CDMC toolset

This blog will explain on the use of the CDMC toolset you can run analyzing your custom code, before starting upgrade or support package.

CDMC toolset

Start transaction CNV_CDMC to goto the CDMC overview.

Goto ad hoc analysis:

CNV_CDMC start screen

Start SAP modification run

Determine SAP modifications run

Wait for run to finish. If done, click the Display Results.

Run ready

View results:

Run results

Setback of the modification overview: also OSS notes are marked as modifications.

Other useful runs: Syntax check and Inactive customer objects.

If you run these checks before an upgrade you can save quite some annoying issues during the upgrade itself.

OSS notes

Relevant OSS notes:

2772644 – ST-PI/CDMC: Clearing analysis alv error

Generating substitution and validation rules

In the FICO module the consultant can define substitution and validation rules. These rules must be generated before they are active.

Questions that will be answered in this blog are:

  • How can I generate substitution and validation rules?
  • Where can I find more background on substitution and validation rules?

Substitution and validation rules generation

Goto SE38 and start program RGUGBR00:


Substitutions and validations

Simple select the correct application are indicated by the FICO consultant (this area can be FI, CO, etc). Select Generate validations and Generate Substitutions. Now execute.

Transport and system copies

You will need to run program RGUGBR00 locally on the system after the transport import is done.

Also after a system copy program RGUGBR00 must be run again.

Background on substitutions and validations

The full functional background on substitution and validation can be found this SAP wiki.