saptechnicalguru – Page 31 – Saptechnicalguru.com

STAUTHTRACE: improved authorization trace

If you are still using the old classic ST01 authorization trace, do keep on reading and you will want to switch to the new STAUTHTRACE improved authorization trace.

Questions that will be answered in this blog are:

How to run the new STAUTHTRACE tool?
What are the major improvements in STAUTHTRACE tool?

For long term user tracing there is a different tool: STUSERTRACE. Read more in this blog.

Running new STAUTHTRACE tool

To run the new tool start transaction STAUTHTRACE. If the transaction code is too complex, add it as favorite to your start screen.

From the start screen you see the immediate benefits. You can start the authorization trace for:

All application servers in one go (this is highly useful in an authorization issue with RFC users or background users where you have no control on which application server it will run): just record on all servers
Specific user only, but errors only: this will reduce your logging footprint to errors only
Filter the results to not show duplicate entries

Results

The result screen from STAUTHTRACE is similar to ST01 trace

But the result is more comprehensive, since it can take errors only, with duplicates filtered and take data from all application servers. This make the result complete and more easy to catch authorization issues.

Background

The background and all feature of STAUTHTRACE are kept in SAP OSS note 2577291 – How to get trace of authorization checks using transaction STAUTHTRACE. Main note with references: 1603756 – Using STAUTHTRACE to record authorization checks.

Bug fix notes:

Generating substitution and validation rules

In the FICO module the consultant can define substitution and validation rules. These rules must be generated before they are active.

Questions that will be answered in this blog are:

How can I generate substitution and validation rules?
Where can I find more background on substitution and validation rules?

Substitution and validation rules generation

Go to SE38 and start program RGUGBR00:

Simple select the correct application are indicated by the FICO consultant (this area can be FI, CO, etc). Select Generate validations and Generate Substitutions. Now execute.

Transport and system copies

You will need to run program RGUGBR00 locally on the system after the transport import is done.

Also after a system copy program RGUGBR00 must be run again.

See OSS note 1793212 – Transport validation or/and substitution.

Background on substitutions and validations

The full functional background on substitution and validation can be found this SAP wiki.

Licenses for SAP solution manager

SAP solution manager licenses have been renewed last few years by SAP.

Questions that will be answered in this blog are:

Do I need a user license for solution manager users?
If I run solution manager on HANA, do I need to pay HANA database licenses?
How can I get Focused Build and Focused Insights?
What about Focused Run licenses?

User licenses for SAP solution manager

Since 1.1.2018 the requirement of having named users was dropped by SAP.

HANA database licenses

If you want to run HANA database below SAP solution manager as database, you need to procure the infrastructure. The HANA database rights are included in SAP solution manager. This is the only exception SAP has. For all other use case you need to pay for HANA as database as well.

Using SAP solution manager for non-SAP components

You can use SAP solution manager to manage non-SAP components as well. Especially the ITSM service desk component can be used for this. When you use this function for non-SAP components, you will need SAP enterprise support rights for SAP solution manager in stead of the SAP standard support.

Focused Insights and Focused Build

SAP offers Focused Insights and Focused Build as extra options on top of SAP solution manager. Both are installed as add-on. Focused Insights brings extra dashboard building capabilities. With Focused Build you can get an extra grip on your solution build process.

As of 01.01.2020 both solutions are part of standard maintenance contract. See also OSS note 2361567 – ST-OST Usage Rights and Support.

If you want to try out these solutions, you can use the available free SAP demo system. Read more about this in the following blog.

SAP Focused run now also covers the functionality of Focused Insights, but in a far superior and more performing way. Read more in this blog.

Focused Run

Focused Run is separate solution with separate license to optimize the running of large SAP landscapes. Focused run does NOT run on SAP solution manager. It runs on a separate environment and only runs on SAP HANA. You cannot combine a Focused Run and SAP solution manager on one single installation. More information on Focused Run can be found on the SAP site. And on the specialized SAP Focused Run Guru site.

For licenses of Focused Run, read this dedicated blog.

Despite the fact that Focused Run is a paid solution, it offers by far the most sophisticated and added value product.

More background information

More information can be found on the SAP solution manager usage rights website.

Transaction SPOOL

Transaction SPOOL can be used as a central starting place for all printing and spool related settings, tools, error analysis.

Simply start transaction SPOOL:

Now switch from Standard Mode to Expert Mode to enable all tool.

Double clicking on the line will start the tool. On the right hand side are the transaction codes and the OSS note numbers for specific additional explanation.

Background OSS note: 2359477 – Transaction SPOOL.

Bug fix note: 2763159 – Transaction SPOOL: Short dump for missing authorization.

SAP support backbone update

The SAP support backbone update is live per 1.1.2020. Blocking started as of 8.1.2020. If you did not prepare your systems for it, you might loose support functions.

Per 31.07.2020 the sending of EWA’s via RFC towards SAP will no longer work. See OSS note 2923799 – Final Shutdown of RFC Connections From Customer Systems to SAP. At the same date OSS notes downloads via RFC will be fully blocked. Also the RTCCTOOL will stop to work (see oss note 2934203 – ST-A/PI 01T* SP01 – 01U SP00: SAP backbone connectivity for RTCCTOOL on basis 700-731 after RFC shutdown).

You can get or will already get messages like:

SAP note 2847665 – OSS RFC Connection fails will refer you to the SAP Backbone connection update site.

Also on the main SAP support site there is this warning message:

Which refers to first-aid kit OSS note: 2874259 – First Aid Kit for Problems Related to SAP’s Support Backbone Switch-Over Starting on 8 January 2020 .

Questions that will be answered in this blog are:

Where can I find more background information on the SAP support backbone update?
Why can I find first aid support?
Do I need to upgrade SAP solution manager?
How to switch to digitally signed OSS notes?
Do I need to change my OSS RFC’s?
What else do I need to do?
How to check the correct setup in the SAP EWA report?
Where can I find a checklist to see if I am completely done?

Background information on SAP support backbone update

The landing page for SAP support backbone update can be found by following this link.

The webinar recording explaining all the highlights can be found by following this link.

The official OSS note is 2737826 – SAP Support Backbone Update / upcoming changes in SAP Service and Support Backbone interfaces (latest) in January 2020.

2 important OSS notes for quick start of actions:

And the new first aid kit OSS note:

2874259 – First Aid Kit for Problems Related to SAP’s Support Backbone Switch-Over Starting on 8 January 2020

Quick overview of all your systems in SAP service marketplace

SAP now provides the overview of your systems which are not ok in a special online overview. Follow this link. Your result can look like this:

What will change per 1.1.2020?

Basically the connection from SAP solution manager and the on premise SAP systems connection to the SAP backbone will change. This will impact many areas like OSS notes, EWA’s, landscape planning etc.

What do you need to do if you don’t want to loose any functionality?

Solution manager

If you don’t want to loose any functionality in SAP solution manager you will need to upgrade to Solution manager 7.2 to support package 7 or 8. If you are on 8 you have to do less manual work than on 7. On solution manager support packs 5 and 6 some functions will work, but with manual work and limitations. On solution manager 7.1 and solution manager 7.2 up to support pack 3, the connection to SAP support backbone will be lost on 1.1.2020. You can already upgrade to SP8 now and prepare solution manager.

For the automatic configuration of the connectivity follow the instructions in OSS note 2738426 – Automated Configuration of new Support Backbone Communication.

OSS notes

For OSS notes there are 2 changes: the RFC to SAP and digitally signed OSS notes.

For the RFC connection read and follow the instructions from OSS note 2740667 – RFC connection SAPOSS to SAP Service & Support backbone will change (latest) in January 2020.

OSS notes via SNOTE must be switched to digitally signed OSS notes. How to do this: see blog.

Next to this, you will need to change the OSS note RFC destination. The generic user will no longer work. You will need to change it to named technical user, or change to the connection from RFC to https connectivity.

If you setup digitally signed OSS notes there is an option for fallback to insecure.

Attention: this fallback will no longer work after 1.1.2020.

ANST

ANST is a great function to help you find OSS notes relevant for your issue. For more explanation on ANST look at this blog. The ANST reaches out to the SAP support backbone to check for recent notes. To keep the function working you need to setup a new webservice in SOAMANAGER (if the SOAP runtime is not active follow instructions in this blog). To setup the specific webservice follow the instructions in oss note 2730525 – Consuming the Note Search Webservice. Then apply OSS note 2732094 – ANST- Implementing SOAP Based ANST Note Search and 2818143 – SEARCH_NOTES- Implementing SOAP Based Note Search.

While switching to new SAP support backbone you might get a connection error. Follow the instructions from OSS note 2781045 – ANST / ST22 note search “Connection cannot be established” to solve it.

Other calls

See OSS note 2722027 – Certain OSS RFC APIs calls replaced with corresponding web service calls.

Online checklists

SAP has now published online checklists, based on your solution manager version. You can find the checklists on this link.

Support backbone configuration check in EWA report

If you install ST-A/PI 01T sp02 or higher in your system (see OSS note 2827332 – Service Data not Complete due to ST-A/PI not Up-to-date), the EWA report of that system will give information about the correct connection to SAP support backbone and correct use of technical user for the communication.

Example:

In the process OSS note 2802999 - SDCCN activation fails without errors or red icons in Migrate tab might need to be applied as well to solve an SDCCN error.

All background information can be found in OSS note 2823658 – EWA Checks for SAP Backbone Connectivity.

SDCCN error notes

SAP is having some issues with the SDCCN coding for the backbone connectivity. If you experience issues there, check out the following OSS notes:

Requirements and formulas

This blog will explain on post processing for requirements and formulas.

Questions that will be answered are:

How do requirements and formulas work?
How does generation via program RV80HGEN work?
How to automate RV80HGEN in transport?

VOFM: formulas

Formulas are maintained in transaction VOFM.

The start screen is just a menu:

The background of VOFM for all its options is explained in OSS note 327220 – VOFM function and its objects.

In this example we will code a new requirement for pricing (one of the most used topics for VOFM). Select the menu entry Requirements and then pricing:

If you build you own routines the have to use the 900 series. Unfortunately the call off requires an SCCR object key. Save your 900 series entry.

Now double click on the routine to go into the editor:

Now you can insert the custom code for your routine. Since system regards it as modification you will have to use the modification editor.

Program generation

After you finish the routine, you have generate it. Run program RV80HGEN to regenerate the routines. If you don’t do the generation run, your routine (or updated routine) will not be called.

Generation after transport

After you transport the routine to a quality or productive system the newly generated routine is not generated. So you need to run RV80HGEN in the target system. You can automate this by putting in an XPRA action for program RV80HGEN in the transport. Then as final step after import the RV80HGEN run will be triggered automatically.

To do this: go to your transport request or task. Switch to Change mode. Insert row. Enter program ID R3TR, object type XPRA, object name RV80HGEN, hit enter. Now save the transport again.

OSS note 598475 – XPRA RV80HGEN when transporting VOFM objects contains a modification to automate this for newly created routines. But this does not work for changes of routines.

Relevant OSS notes

In case of issues, check these OSS notes:

ABAP developer keys and object keys hack

A lot of basis and ABAP people feel protected by the ABAP keys and object keys for standard SAP changes. They have to be called off at SAP marketplace keys section.

Let me already give away the clue: since quite some time there is a KeyGen for ABAP and object keys. The protection is gone.

This blog will answer following questions:

Where can I download the ABAP keygen?
How to run the ABAP keygen?
How should I protect my system from unwanted ABAP changes?
S4HANA does not use developer keys and object keys any more, how should I protect my S4HANA system from unwanted ABAP changes?

Online version of key generator

A new site is now available for key generation. Use at own risk.

Read this blog.

Where can I download the ABAP keygen?

Google for SAP IWR Object key generator. Or click here for a copy:

SAPKeygen1.70 Download

Upon download: rename the file to .zip and unzip it.

New version W10 compliant, but not scanned (download and use at own risk!)

saplicw10 Download

Credits for this version: Hugos.

Running ABAP keygen

Running the executable is simple. But you need to run it in Windows 7 compatibility mode.

Fill out the data and hit generate…. that’s all.

The use of this tool is at your own risk. Most admins don't like you to use this tool at all.

The whole idea of this blog is to show not to rely on the developer key procedure.

How should I protect developments?

The best way to protect your development is to carefully grant the S_DEVELOP privilege. Only give it to the right people and only give it to develop Z* range of code.

Deletion of old developer keys is still relevant. Read the dedicated blog on deletion of developer keys.

S4HANA developer key

The title is a bit misleading. In S4HANA there are no developer keys and object keys any more.

Background of this change be SAP can be found in OSS note: 2309060 – The SSCR license key procedure is not supported in SAP S/4 HANA.

So in S4HANA, you must set up authorizations for S_DEVELOP properly.

With S_DEVELOP you have to set create/change rights for the packages and or objects. For custom code only hand out Z* privileges.

If you hand out a * for the objects or classes, then the developer can also change standard SAP.

For more background and further information, read this dedicated blog on ABAP protection in S/4HANA.

DMIS plugin notes analyzer

When you are using DMIS plugin for SLT data replication you will need to regularly apply OSS notes to solve bugs. This blog will explain how to quickly analyze the needed notes using the DMC note analyzer program.

Questions that will be answered in this blog are:

How to install the DMC note analyzer programs?
How to run the DMC note analyzer programs?

Installation of the DMC note analyzer programs

The new DMC note analyzer programs are delivered via OSS note 3016862 – Note Analyzers with separated scenarios for ABAP-based Migration and Replication Technology (DMIS2011/DMIS2018/DMIS2020/SAP S/4HANA). Minor manual work is required.

These new programs are replacing the old DMC_NOTE_ANALYZER program.

The new programs are separated by function:

Scenario	Report name
Object Based Transformation (OBT)	CNV_NOTE_ANALYZER_OBT
ABAP Integration for SAP Data Intelligence (DI)	CNV_NOTE_ANALYZER_DI
S4HANA Migration Cockpit (MC)	CNV_NOTE_ANALYZER_MC_EXT
SAP Landscape Transformation (SLT) Replication Server	CNV_NOTE_ANALYZER_SLT
Near Zero Downtime Technology (NZDT)	CNV_NOTE_ANALYZER_NZDT

Running the new program for use case SLT

With transaction SE38 start program CNV_NOTE_ANALYZER_SLT:

Now start the run.

After the run is done the missing notes are listed:

Installation of the old DMC note analyzer program

The DMC note analyzer program is delivered via SAP oss note 2596411 – SLT / NZDT / S4HANA Migration Cockpit (DMIS2011 SP11-SP15; DMIS2018; S/4HANA 1610, 1709 & 1809) – Note Analyzer.

Minor manual work is needed for the implementation of this OSS note.

Running the old DMC note analyzer

With transaction SE38 start program DMC_NOTE_ANALYZER. On the start screen select whether you want to check for the central system or the source system:

DMIS notes analyzer program start screen

Now start the run.

After the run is done the missing notes are listed:

From the overview you can start to download the notes and apply them.

SGEN: code generation

After any support pack and upgrade you want to check and make sure the ABAP code in the system is ok and pre-compiled for business use. The SGEN code generator tool does the job for you.

Questions that will be answered in this blog are:

How to run SGEN?
How can I see the result behind SGEN?

Running SGEN

Starting SGEN is simple by starting the transaction code SGEN. The initial screen looks like this:

Select the option you want to use. The most common feature option is the Regenerate after SAP system upgrade. Press continue. You now reach the load generator screen to distribute the load across many parallel processes:

Select the servers and press continue.

SGEN is a resource intensive process: performance during the run will be pretty low....

In the load monitor you now release the job and you can start to monitor it:

You can also monitor in SM37 the batch job for program RSPARAGENER8M .

Data behind SGEN

Table GENSETM contains the results of the generation run. The field GENSTATUS is the generation status. Values of this field:

X = generated

E or S = error

I = initial

Touch single program or table

SGEN is a mass transaction for large amounts and can run quite long. If you only need to regenerate single program or table, read this blog.

Background

More background information on SGEN can be found in the FAQ note: 1989778 – FAQ: SGEN.

Other notes:

Custom ABAP set original system system

After a copy of a system to a new system (like a sandbox) you will find out the custom objects have a different original system and all changes will result into modification editor in stead of the normal ABAP editor.

Questions that will be answered in this blog are:

How to change original system of an object?
How to mass change original system of all Z objects in one shot?

Changing original system of an object

To change on original system of an object first start transaction SE03 to go to the transport organizer tools:

Select the tool Change Object Directory Entries:

Change object directories selection screen

Here you can select a specific program, function group, etc. In our case, we do a selection on the original system. This will give list of all objects with that original system:

If you select an object and press the Change Object Directory button, you can change the original system of a single object.

Mass change

To execute a mass change you need select the top node first and then give in a command (not a menu option): key in mass in the command part:

Then hit enter and a new hidden popup will come:

Now enter the new original system and press Ok. All is change in one shot now.

See also OSS note 2690211 – Mass change of Original System.

Emergency program

If for some reason it does not work you can use the below emergency program:

DATA: zlt_tadir TYPE TABLE OF tadir.

DATA: zls_tadir TYPE tadir.

SELECT * FROM tadir INTO TABLE zlt_tadir WHERE srcsystem EQ 'SRC'.
LOOP AT zlt_tadir INTO zls_tadir.
zls_tadir-srcsystem = 'TAR'.
MODIFY  tadir FROM zls_tadir.
WRITE sy-subrc.
ENDLOOP.