SE95 modification overview

Transaction SE95 can be used to get an overview of modifications in your SAP system.

Questions that will be answered in this blog are:

  • What is the definition of a modification?
  • How can I list all modifications in my system?
  • How can I make a download of all the modifications in my system?
  • How can I filter on real modifications and exclude the modifications caused by OSS notes?

Definition of modifications

This is the most tricky question: how many modifications are in your system? A question that will be asked to you every now and then. The answer can very between a very small number and a very large number. Even with the same system. This is because the way SAP is measuring modifications. OSS notes applied count as modifications. Classical user exits like MV45AFZF also count as modifications. Condition records (VOFM routines starting with RV) also count as modifications. But you can still consider the system as 100% standard.

Real modifications are only those where the customer willingly changed the SAP coding and its functionality, which is not based on an instructions from an OSS note.

In many cases with discussion on system quality, the number of modifications is misused! Be careful to check how your analysis figures will be used.

Modification browser

Start transaction SE95 to reach the modification browser initial screen:

You can now see the SE95 result list:

You can drill down based on the objects.

For a view per package, check the Packages display option on the first screen:

Listing for download

SE95 has a major setback: the list is very hard to export. The modifications are stored in database view SMODIDEVC (which is a view on SMODILOG and TADIR).

From here do select only the MOD (modifcations):

The resulting output list can be easily downloaded into an excel format.

SE95 OSS notes

2971944 – Resetting program modifications in SE95 also resets SAP Note corrections

RFC connections with fast serialization

Fast serialization is an option in the RFC settings to increase performance.

Questions that will be answered in this blog are:

  • What is required to use RFC fast serialization?
  • When to use RFC fast serialization?
  • How can I switch to fast serialization without touching the RFC in SM59?
  • How do I make the settings for RFC fast serialization?

Fast serialization

Fast serialization is available since release Basis 7.51. Downport might be possible, but think twice if you want to do this. Background OSS note on fast serialization is 2372888 – Fast serialization in RFC.

The whole goal of fast serialization is simply to increase the performance.

The fast serialization option is set in the RFC destination on the tab Special Options at the bottom:

Note that in S4HANA destination NONE is using fast serialization by default. Keep it that way.

Switching to fast serialization without touching SM59

In SM59 when you touch the RFC it might request you to re-enter the password. You can still switch the existing RFC without touching SM59. The instruction is in OSS note 2315100 – Activation of new RFC serialization on client side. Run program SFASTRFCMAINTENANCE:

When to use fast serialization

Fast serialization can be used when both the sender and receiver side of the RFC connection supports it.

Fast serialization in custom or standard RFC function modules

In SE37 SAP can set an RFC enabled function module Interface Contract to Fast serialization required. If you have build custom RFC function module that also only works with Fast serialization you should set this option:

Bug fix OSS notes

3315843 – Shortdump when using fast serialization for t/qRFC

SAP tutorial navigator

SAP and senior developers have set up quite a lot of nice tutorials. The tutorials are very good in explaining a how to execute a specific development or basis task. There are many tutorials on the SAP cloud products which can be new for a lot of ABAP and basis persons.

The SAP tutorial navigator is a good starting point exploring the tutorials.

Questions that will be answered in this blog are:

  • How to use the SAP tutorial navigator to find a tutorial that interests me?

SAP tutorial navigator

The SAP tutorial navigator can be started via the URL https://developers.sap.com/tutorial-navigator.html.

The main page will open:

You can search or filter based on the key words:

If you select the tutorial, the detailed tutorial will open now:

On the details page there is learning content and pre-requisites. On the right hand side you can navigate through the steps.

Then you can start with the step by step tutorial in a click here, click there easy to follow style:

SAP API business hub

SAP has collected all their web services and ODATA services on one central page.

Questions that will be answered in this blog are:

  • How to use the SAP API business hub to find an SAP interface for my use case?

SAP API business hub

Start the SAP API business hub by going to the URL api.sap.com:

Let’s zoom in to SAP S4HANA:

Now search for Sales Order and select the Sales Order ODATA:

For each method you can zoom into the details:

On the main details tab you can download the API specification, for example in JSON format:

Also it tells you how to build the URL to be called.

A bit below on the same screen is the link to the online documentation:

Which links to the actual help.sap.com helpfile:

SAP reference

SAP reference blog can be found here.

SAP icons

SAP uses many icons in the SAP GUI and on their web applications. This blog will explain how to find them.

Questions that will be answered in this blog are:

  • How can I find SAP icon codes for SAP GUI use?
  • How can I find icons for SAP web applications and FIORI?

Icons in SAP GUI

To get a list of icons in SAP GUI, start transaction ICON:

If you want to search more specific or have a different sorting, you can start report SHOWICON:

With result screen:

Another icon program is RSTXICON:

SAP web applications

There is also an online icon explorer for SAP web applications and FIORI. Follow this URL:

and detailed screen:

BRF+ transport issues

BRF+ rules are nice for developers to use, but can give you some serious issues at transport level.

Questions that will be answered in this blog are:

  • Which tools and analysis programs are available in case I have issues with BRF+ transports?
  • How to recognize BRF+ transport issues?
  • Which relevant OSS notes to check in case of transport issues?

BRF+ transport issue detection

BRF+ rules can cause both issues at export (RC-8) and at import (RC-8 or content not updated while transport shows RC-0 or RC-4). Check the transport for BRF+ rules: they start with FDT.

Troubleshooting BRF+ with FDT_HELPERS

The main basis troubleshooting transaction is FDT_HELPERS.

FDT helpers start screen

It contains many tools that can assist in issue solving.

BRF+ transport issue support programs

BRF+ versioning and transport information is not displayed by default. You have to switch to expert mode first. See OSS note 2830979 – Versioning and transport information missing in the BRF+ workbench.

Support program FDT_TRANS can be used to put BRF+ rule into a transport (the person that runs this program must be owner of the transport as well):

FDT_TRANS

For mass checking run program FDT_TRANS_MASS_CHECK:

FDT_TRANS_MASS_CHECK

RC-8 upon export

If somebody is still in Edit mode in the BRF+ transport you want to release, then the transport export of the BRF+ transport will end in an RC-8. This is quite hard to detect in the RC-8 export log of the transport. So in case you are faced with export RC-8 of BRF+: ask everybody to go away from the BRF+ edit modes and re-export the transport.

Transport issue OSS notes

You can also check the following OSS notes:

SAP logon user exit hack

In SAP there is a user exit just behind the logon of a user. This can be used correctly, but also used for hacking.

Questions that will be answered in this blog are:

  • How to switch on the user exit after logon?
  • What is good use of the user exit after logon?
  • How to use the user exit for hacking?

Activation of the user exit

In transaction SMOD you can call up user exit SUSR0001:

This exit has only one component:

Double click on the exit to go to the Z code include:

To activate the exit, create a project in CMOD and and include this enhancement. Then double click on the include code ZXUSRU01 to activate the code.

Good use of the user exit

The user exit itself is described in OSS note 37724 – Customer exits in SAP logon. Example of good use it to restrict multiple logons in case you cannot switch on parameter login/disable_multi_gui_login. See OSS note 142724 – Prevention of multiple SAPGUI logons.

The exit is also used a lot by GRC and firefighter type of tools.

For ITS webgui the calling of the logon user-exit can be skipped with a URL parameter. See OSS note 1465767 – Logon user exit SUSR0001 not called.

The user exit logon hack

In the user exit code, you can put in your own stuff.

As hacking example: copy function module PASSWORDCHECK and the screen that belongs to it to your own ZPASSWORDCHECK.

Modify the screen logic a bit. This is the original code:

Now change the code: the password is always reported back as ok. And the user input you catch in the field password is yours: you can mail it or store it somewhere for you to pick up later.

Put the altered code in the user-exit with logic:

IF SY-UNAME = 'target user name' and not capture before.    
  CALL Z function ZPASSWORDCHECK.    
  Store capturing.     
  Set capture flag.
ENDIF.

This looks as follows at runtime:

Many end users (and even auditors) will enter their password without thinking twice.

Alternatively you can use function module POPUP_GET_USER_PASSWORD as a basis for your copy: this has also clear text password:

The password field can be stored.

This has the following look and feel:

Detection and protection

It is wise to shield off this user exit from improper use and to yearly check the content of what is inside this user exit.

APC: Abap push channel

The ABAP push channel (APC) is the ABAP implementation of websockets. It’s goal is to enable the ABAP stack to send push messages to registered web clients.

This blog will answer the following questions:

  • How to setup an ABAP push channel?
  • How to implement the ABAP push channel?
  • How to test the ABAP push channel?
  • Where to find more background and examples on ABAP push channel?

Setting up an ABAP push channel

To setup an ABAP push channel go to transaction SE80 and right click, select create / connectivity / ABAP push channel notification.

Now press the Generate Class and Service button. The classes and services will now be generated as placeholders. Save your work.

If you try to activate the service at this point in time you get this error message:

The reason is that we didn’t implement two methods of the new class yet: the ON_START and ON_MESSAGE.

Implementing the actual APC class

To do this, we go to SE24 and lookup the generated class and we select the ON_START method:

Press the redefine button to redefine the method.

Use this code in the method:

TRY.
* send the message on WebSocket connection
DATA(lo_message) = i_message_manager->create_message( ).        lo_message->set_text( |ON_START has been successfully executed !| ).
i_message_manager->send( lo_message ).
CATCH cx_apc_error INTO DATA(lx_apc_error).
MESSAGE lx_apc_error->get_text( ) TYPE 'E'.
ENDTRY.

This basically confirms the push channel registration.

Now redefine the ON_MESSAGE method:

TRY.
* create the message object
DATA(lo_message) = i_message_manager->create_message( ).
* send message
lo_message->set_text( |Hello World !| ).
i_message_manager->send( lo_message ).
CATCH cx_apc_error INTO DATA(lx_apc_error).
MESSAGE lx_apc_error->get_text( ) TYPE 'E'.
ENDTRY.

It simply pushes the message: ‘Hello World’.

Save and generate the class in SE24.

Now we can go back to the SE80 ABAP push channel we have created and activate it as well. You can run the consistency check to see all is fine:

Testing the ABAP push channel

Now you can test the ABAP push channel by hitting the test button in the SE80 screen of the ABAP push channel. The test service will launch an ABAP webdynpro screen.

If the ABAP webdynpro screen does not launch, activate in SCIF transaction the following 2 nodes: WDR_TEST_APC and WDR_TEST_APC_WSP.

Test result:

As an alternative to SE80 you can also use transaction SAPC:

Background information

Excellent blogs on ABAP push channels are:

SAP interfacing: REST

The SAP ABAP stack can also interface using REST protocol. To support this interface protocol SAP has developed special classes in the ABAP stack.

Questions that will be answered in this blog are:

  • How do I create a REST interface in ABAP stack?
  • How do I test a REST interface in ABAP stack?
  • Which tools to use to developer REST interface?

REST in ABAP

SAP delivers in the ABAP netweaver stack the ABAP REST library. The full specification can be found on the SAP help portal. The help portal also contains a small tutorial. Next to the pre-delivered REST library classes there are no tools for you available to faster develop REST in ABAP. It is coming down to SE24 and SE80.

Good reference blog is the SAP blog on usage of REST in Netweaver 7.4. This also explains the generic REST architecture implementation in ABAP.

Creating REST service in ABAP

We will create a simple Hello World REST service in ABAP. There are 2 main classes in REST ABAP: the application class handling the URL and the resource class where the logic is.

Start transaction SE24 and create a new class inheriting from the SAP delivered class CL_REST_HTTP_HANDLER:

REST create class

important here to press the inheritance button! Fill out CL_REST_HTTP_HANDLER as superclass:

REST create class as inheritance

It is mandatory to redefine the GET_ROOT_HANDLER method:

For now just leave the method empty. Save and generate.

Now create the REST resource class based on inheritance of CL_REST_RESOURCE:

REST define resource class

Now redefine the GET method:

REST resource class redefine GET method

No we add a simple implementation by simply adding the text ‘Hello World’:

REST resource class GET method implementation

Save and activate this class.

Now we go back to the previous class: the application class. In here we now edit the GET_ROOT_HANDLER implementation we left empty earlier:

REST implementation of root handler

If the URL is getting the input /hello then the handler class (our resource class) ZCL_HELLO_WORLD_RES_REST is called. This class will return the string.

Save and activate again. The coding work is done.

Runtime implementation

Now we need to make a runtime implementation. Goto transaction SICF and select the main node default_host first. Then select from the menu Service/Host the option Create Service:

REST SICF create service

Fill out the name of the service and click ok. In the next screen give a description and in the Handler List section refer to the application class ZCL_HELLO_WORLD_REST:

REST SICF handler

Save the service. The service is created but not active. To activate right click on the service and select Activate:

REST SICF activate service

Testing the service

From the previous SICF screen right click the service again and select the option Test Service. A screen will come that says “No suitable resource found”. Now modify the URL by adding /hello after the test in the URL, and press enter again:

REST SICF test service

The URL build up: the test is the name defined in SICF. The /hello was defined in the application class.

Authorizations and security

The REST library has no specifics about authorization and security. So you have to take care your self.

Business authorization security: has to be built in via AUTHORITY-CHECK statements at the correct spots.

Technical security is provided in the Logon Data tab on the SICF node. Here you can set requirements for the technical logon method and if you only allow https.

REST versus ODATA

ODATA is based on REST and has more features. If you have a choice, you best use ODATA. ODATA exposing is described in this blog.

In SAP REST is supported, but you have to code a lot, and limited tools are available. For ODATA much more development and monitoring tools are available.

SAP interfacing: ODATA

In the previous blog we have setup RFC enabled function module. If you want to expose this function module as ODATA service you can use the wizard in transaction SEGW. This blog assumes the basis ODATA basis activation has been performed (see this blog).

Questions that will be answered in this blog are:

  • How do I generate an ODATA service based on a RFC function module?
  • How do I test if the ODATA service is properly working?

Set up of the ODATA service

Start transaction SEGW and create a new project:

Now start the RFC import wizard by right clicking on Data Model and selecting the option Import and then RFC/BOR interface:

Now select the data parameters:

And enter which field is key field:

After pressing finish the wizard will generate the needed classes.

Save your work and press the check button to validate if everything is ok:

Now we need to map the implementation to the RFC module. Right click on the GetEntitySet below ZODATADEMOENTITYSet and select Map to Data Source:

Now map the fields (you can use drag and drop):

Now you need to map the data fields correctly and press check.

Save your work.

Generation of objects

You can see that the Runtime Artifacts section is still empty.

Now press the button Generate Runtime Artifacts:

Wait for the generation to finish:

Now the runtime artifacts are generated, but the service maintenance is not done yet. Open the section Service maintenance and double click on the system:

Now press the Register Service button:

Accept settings and assign package for transport:

Now the registration status is green.

Testing the ODATA service

Press the button SAP Gateway Client (or start transaction /IWFND/GW_CLIENT directly, and then enter the correct service):

The test client starts:

Enter the correct inputdata: /sap/opu/odata/SAP/ZODATADEMO_SRV/ZODATADEMOENTITYSet(‘1’)

And check the output:

Attention points

The example above seems simple, but you will face more issues in real live implementation when you need to add tables and more complex structures. In those cases additional configuration and many times extra coding in the methods of the generated classes is required.

Nice blogs to start with:

ODATA security

The user calling the ODATA service needs a special right in SAP to be allowed to call the ODATA service.

Start transaction PFCG and create a new role. On the menu tab select the option Authorization Default. Then select type Tadir and object type IWSV gateway business suite enablement. Now you can finally search for our own developed and activated ODATA service:

Now save the role and assign it to the user(s) needing to call this ODATA service.

The application security relies on the function security authorization check inside the RFC function module.

ODATA V2 and V4

SAP is now moving from ODATA V2 towards ODATA V4. Read more on ODATA V4 activation in this blog.