Category: Basis

basis

SNOTE revamp

After many years of faithful service, SNOTE got a revamp from SAP.

Questions that will be answered in this blog are:

  • How does the new revamp of SNOTE look like?
  • How can I get this new revamp of SNOTE?
  • Can I download latest versions of OSS notes in batch mode?

If you update main SNOTE OSS note 1668882 – Note Assistant: Important notes for SAP_BASIS 730,731,740,750,751,752,753,754,755,756, you will get this message:

New revamp SNOTE

OSS note 3051466 – Simplified Note Assistant: SNOTE Revamp describes the main functions and background of the revamp of SNOTE.

Main changes listed in the note:

  • A new Home screen, where the user work list and Note Browser is integrated in a single screen. The work list and search results are displayed in tabs to improve usability
  • Possibility to perform a Note Search for Valid Notes in SAP ONE Support Launchpad, and then download it from the search results 
  • Provision to mark/unmark Notes as your ‘Favorite’
  • Option to set up background jobs which will automatically look for and if required, download newer version of Notes which are already in your system
  • Implementation of Notes has been streamlined with lesser pop-ups and better error handling
  • Improved display of Manual Text during a Note implementation. It will now also be displayed during de-implementation of a Note.
  • Changes in the Note Display screen, including a compact header section, provision to display only valid corrections and only the actions that will be possible for the given Note will be displayed
  • An improved display of Note Log 
  • Provision to launch reports which will show the details of all the prerequisite and successor Notes, or the list of repository objects affected by the Note
  • Ability to customize the Note Assistant using the ‘Note Assistant User Settings’. The Note download procedure can also be provided here
  • Additionally, the tool will now automatically remember some of the user choices made in the user interface

Starting SNOTE now looks like this:

The settings button shows easily you can set your own preferences:

Updating OSS notes versions is possible now via the menu Download latest version of Notes, and then you can choose to run in foreground or (new great function) in background.

For the last update run you now can get a nice overview of the results of the updates:

Installation of new SNOTE revamp version

The new revamp version of SNOTE is standard in S4HANA 2021. You can also install it separately.

Steps to follow:

  1. First apply the prerequisite notes listed in OSS note 3051466
  2. Make sure the TCI file of OSS note 3051466 is placed in your system (read more on TCI notes in this blog)
  3. Apply OSS note 3051466
  4. Apply OSS note 3092620 – SNOTE – Adapting Download of Latest Version of SAP Notes in Background for Revamped Note assistant
  5. Check if newer bug fix notes are present (search for SNOTE Revamp as key word in component BC-UPG-NA)

Regularly update note 3093855 – Note Assistant: Important SAP Notes for the Revamped Note Assistant as well. This is containing all fixes for the revamped SNOTE.

EWA tips & tricks

SAP early watch (EWA) contains information on your system that might already or in the future impact performance and security.

A periodical review of the EWA is needed.

This blog contains tips & tricks for the technical working of the EWA reports.

For other frequently asked questions, read the note 1257308 – FAQ: Using EarlyWatch Alert.

SAP EWA generation

The EWA can be generated from SAP solution manager itself. Or you can use SAP Focused Run or Solution manager as data collection system, and than relay the information to SAP. The end result can then be seen on the online EWA workspace in the SAP support portal. More information on the EWA workspace can be found in this blog.

Since most new functions are added in the EWA workspace it is the best way forward. It is also less maintenance work. The only thing to do is to keep sending the data. Any new reporting function is done by SAP. SAP will also take care to have the content updated.

So all in all, if you are currently doing the EWA generation directly in SAP solution manager, consider to switch to the model where you send the data to the SAP EWA workspace via solution manager or via SAP Focused Run.

Setup in SAP Focused Run

A good manual for SAP Focused Run for EWA setup can be found on these reference sites:

Troubleshooting guide for EWA in SAP Focused Run, follow this link.

Also check OSS note 2715504 – Configure Early Watch Alert Job.

EWA in solution manager

General activation process of EWA in solution manager is described in OSS note 2729186 – General Process of EWA Generation in SAP Solution Manager 7.2. If an add hoc extra EWA needs to be generated, follow the steps in OSS note 2357073 – How to Create an Ad Hoc EarlyWatch Alert SAP – Solution Manager 7.2.

Adding email receivers is explained in OSS note 2282944 – EarlyWatch Alert: Solution Manager 7.2 how to setup/configure EWA reports or add email recipients.

Content update of SAP EWA content in SAP solution manager is required at regular intervals. The procedure is described in OSS note 2732608 – How to replace the Service Content (AGS_UPDATE).

EWA workspace

EWA’s can be found the SAP EWA workspace. Read more in this blog.

EWA alert solutions

If you are only interested in the alerts from the EWA’s, there is a dedicated SAP tool for this: the EWA alert solutions page on the me.sap.com space. Read more in this blog.

Known issue list for EWA

The known issue for EWA is kept as list by SAP on this page. And OSS note 3138592 – Known Issues with the EarlyWatch Alert (EWA).

Troubleshooting when EWA is not sent to SAP

When you have issues that the EWA data is not sent to SAP properly, follow the checks in OSS note 1684537 – EarlyWatch Alert not sent to SAP: troubleshooting guide.

Removing unwanted secondary HANA database from the EWA

If you setup a secondary HANA database in DBCO, that database might appear in the EWA of the primary system. To get this unwanted information out of the EWA follow the steps as described by SAP in this page. Basically add the description NON_EWA_ in the secondary connection:

Setting up the BKF section in the EWA

OSS note 2282310 – Business Key Figures for EWA report contains the steps to get the BKF chapter activated.

Make sure in the managed system the user running the EWA data collection has the special role SAP_MANAGED_BPOANA_DIS. This is cause number 1 of issues.

If you make the settings, you would have to wait 3 weeks before the data is filled properly.

To gain speed, you can use the Express option. This option is explained in OSS note 2821062 – BKF Express Option/Manually running the BPMON job.

The UI of Business key figures Chapter Setting settings in the EWA is terrible. Please use the scroll bars to go to the right part. And the instruction mentions that you need to double click on a button or tab. This is correct. If you click once, nothing will happen. You really need to double click. This is completely counter-intuitive. But if you don't do it, it will not work, and you loose a lot of time.

If it still does not work, don’t hesitate to raise a message to SAP for component SV-SMG-SER-EWA.

SAP might ask you to apply the note 2477832 – SAP EWA Special Content BKF – on demand data collection (routine update & ZReport) as a workaround.

Generic background information

EWA wiki of SAP: link.

Generic background information on EWA can be found in these OSS notes and blogs:

SE16S: generic table and value search

SE16 and SE16N can be used to search specific tables. FIORI search can be used by end users to search business documents for predefined scenarios.

In some cases you might need to search multiple table for a certain value or string. This can be needed from IT point of view or business point of view.

Then transaction SE16S can be your solution: generic table and value search.

Questions that will be answered in this blog are:

  • How does the generic table and value search transaction SE16S work?

Use of SE16S

As example we want to search for the string DE01 in T tables (customizing).

After starting transaction SE16S you are confronted with a big selection screen. In the top part enter the search string:

In the search type select Create Ad Hoc Search String. If you have to execute repetitive searches, you can setup predefined searches with transaction SE16S_CUST.

In the search section enter the search tables you want to search:

In the technical block make the technical settings:

Best to use parallel processing to speed up and also best to show only the tables with hit.

Now start the query by pressing execute and wait a couple of minutes for this query to end.

Results are shown:

Per item you can drill down to the details:

Transaction SE16SL and SE16H

Also transaction SE16SL exists for searching content. This one is bit faster, but less accurate.

SE16H is the HANA based implementation of SE16N and has specific search functions which might be very useful for your use case. More on SE16H in this blog.

Checking usage of SE16 transactions is explained in this blog.

Background

Master reference note: 2002588 – CO-OM Tools: Documentation for SE16S, SE16SL, and SE16S_CUST. This note has a full explanation of all the options.

Setting FIORI gateway time-out and time-out warning

FIORI user use the browser. For security it is important that the browser session has a limited life time. The end user is normally annoyed by this, since when he clicks after a long time, the user gets a server error, which is difficult to understand.

This blog explains how to set up a more user friendly time-out and warning for the FIORI pages.

Questions that will be answered in this blog are:

  • How can I set a time-out for my FIORI tiles?
  • How can I set a warning time for the end users that their FIORI session is about to time-out?
  • Can I limit the amount of FIORI sessions?

Time-out settings for FIORI

Start transaction /UI2/FLP_SYS_CONF and enter values for these 2 parameters: SESSION_TIMEOUT_INTERVAL_IN_MINUTES and SESSION_TIMEOUT_REMINDER_IN_MINUTES:

Give these the values that are good for your company and press Save.

OSS note 2955208 – How to set automatic Fiori Launchpad Sign-Out explains also there is a server logout possible.

This function is available as of SAP_UI 7.54 version (see OSS note 3248472 – Why is it not possible to limit browser Fiori sessions?).

Time-out for end user

The end result for the end user is a more graceful warning and choice to continue or log out:

Read OSS note 3034757 – Fiori session timeout setting SESSION_TIMEOUT_INTERVAL_IN_MINUTES does not appear to work accurately to see which actions cause the timer reset.

Limiting amount of sessions

Limiting amount of browser sessions and FIORI sessions per user is not possible. See OSS note 3248472 – Why is it not possible to limit browser Fiori sessions?.

ABAP system license verification program

SAP has a bit of a hidden program to verify licenses on an ABAP system: RSUVM080. You can use this program yourself as well to prepare for license measurement and discussion on licenses.

Questions that will be answered in this blog are:

  • How to set up the User Type validation program RSUVM080?
  • How to use it for validation of your licenses?

Installation of program RSUVM080

In very new versions program RSUVM080 is present already. For older versions implement it by applying OSS note 2339166 – Validation of the user classification.

Also check bug fixes notes:

Use of program RSUVM080

If you start program RSUVM080 you see that a file is required for the validation rules:

The file has a specific format. The picture below is an example we use here:

In XLS format:

LincensesInputDownload

The actual definition of the file content, you have to do yourself by using common sense! When having discussions with SAP, they might provide the file and ask you to run it.

Now run the tool in productive system. Output looks like this:

Explanation of the checks

In the details of the input you can see we have provided several checks:

  1. Authorization checks: first 4 lines (check for * in users management, or change or create. 4th line is check for development rights)
  2. Transaction code checks: check for VA01, SE38 and SE11

The checks are shown in the columns on top.

You can see that transaction codes VA01, SE38 and SE11 were executed by the users. When you click on the green icon in the AC check column you can see the details for the AC (anti cheating) checks (more on the AC checks in this blog):

You can see that the user did not only execute VA01, but also did updates to VBAK table. So the user did execute the transaction and created records. Therefore for this user the right license type should be assigned. If the user has rights for VA01, and started it, but never made a posting, this is off course different.

If a user has a DEVACCESS entry, it is marked in the SSCR column. If the user was involved in transports, the transport column is marked.

In the #steps column you can see what other transactions were performed by the user:

Selection of users

It is important to realize that the program only selects the user as Green if one or more of the criteria was met. This can help you focus on the discussion points you are having with SAP (for example around use of VA01 for sales order creation).

You can start with a limited set of rules, and then expand.

First you can give all users the lowest classification. Then you start. For example: start with only the rule for transaction VA01. Assign the users the correct license type. On the selection screen, don’t select the users you already classified, by excluding them in the selection. Then focus on the AC checks: learn from them and see which transactions lead to them. Add this to the rules, and again classify the users correctly. In the next run the classified users are excluded again. This you can do until no AC check box is there. Then randomly validate that the actions left, which are executed by the other users, are indeed part of the lowest license type.

Setup of LOCL printing

This blog will explain the setup of the LOCL printer in SAP. Any output send to the LOCL printer will use the SAP GUI to call the windows printer list on your laptop or desktop and send the print there.

Setup of LOCL printer

Start transaction SPAD and create printer LOCL (with short name as well LOCL):

And on the access method tab enter this information:

Save now and the LOCL printer is ready to use.

Set up background can be found in SAP help pages.

Use of LOCL printer

If you print, choose the LOCL printer. The screen will refresh and give a dropdown list for the printers installed on you local laptop or desktop:

Restrictions of LOCL printer

LOCL needs a connection to the SAP GUI. It can therefore not be used for:

  • Printing spool in the background
  • Printing in RFC

If you still try to spool to LOCL printer, this is the output:

See oss note 2244868 – Front-end printing spool request is not printed.

SAP support portal security: mail filtering

SAP support portal is used in your company for many items: EWA’s, reporting issues, downloading software.

Protection of the accounts on SAP support portal for your company is required.

This blog will explain the setup of the security feature for mail filtering.

If you don’t set this up, your user overview will continuously show this warning:

Setting up mail filtering

Go to the support page for mail filtering:

Use the Add Domain button to add a new domain.

Domains to add:

  • Your company mail domain(s)
  • sap.com domain (for support from SAP)
  • Domain of your supplier maintaining your SAP system, in case they use their own mail ID

Background

Background of this feature can be found in OSS note 3025172 – How to add or remove email domains for my customer number – SAP ONE Support Launchpad.

Measurement of developer licenses

Every year SAP measures the licenses. The developer licenses are the most expensive licenses and also the ones which are under continuous debate with SAP.

Questions that will be answered in this blog are:

  • What is a developer and why is it so hard to measure?
  • How can I go back to the DEVACCESS measurement on my non-S4HANA systems?
  • What are the complexities on S4HANA with measuring developers?

Developer definition

Most likely the definition in your contract clearly states developer is only for creation and changing custom code (Z code). And not for applying OSS notes. The measurement should follow the definition.

Developer measurement on non-S4HANA system

On a non-S4HANA based system, the developer key concept still exists. This means a developer key needs to be called off at sap support site for keys. This mechanism is hackable, but in the end in the system table DEVACCESS is filled with everybody who has filled in the keys.

SAP has given update notes on the USSM user measurement programs that use the S4HANA logic, which is described below.

By applying OSS note 3225435 – USMM2: Development Workbench check – Restore old version, you can revert back to the original way of working that measures entries in DEVACCESS table and changes to REPOSRC.

The measurement of developers has to run on the development system. For security reasons, you should delete all entries in DEVACCESS table in all non-development systems.

When a developer is leaving, you should also delete the corresponding entry in DEVACCESS table to avoid it from being counted in the license measurement.

Read this blog on the deletions of entries in DEVACCESS table.

S4HANA logic (or better no logic)

In S4HANA SAP removed the developer key (see this blog). In the USMM measurement program SAP has put in logic to measure a developer as everybody who creates a transport entry of type Workbench. Text from the word document attached to note 3038370 – USMM2: Development Workbench Check alte Version wieder herstellen:

"In the current version of the check all users are shown that have made an entry of type K (workbench request) or S (development/correction) in the field TRFUNCTION in the table E070 within the last year."

Note 3038370 is now obsolete and replaced with OSS note 3225435 – USMM2: Development Workbench check – Restore old version.

This means also the following actions are counted as developer:

  • Basis team applying OSS note
  • Consultant making a client independent customizing
  • Many more actions that lead to entries in workbench request

This logic of SAP does not make any sense. As customer you can have big debates with SAP on this.

It is really unclear why SAP is not simply checking the REPOSRC changes on S4HANA system done on Z code last year. This will simply give list of real changes done on custom code by whom. That would be fair measurement.

SAP, if you read this, you can take over this idea.

OSS notes with or without manual instructions

Some OSS notes have manual instructions to create SAP Z programs or to alter SAP objects. To avoid discussions with SAP, it is best if you carry out these instructions by an ABAP developers, rather than a basis consultant. Not only does the ABAP developer has a better clue on what the impact is, it also makes sure that the Z coding and changes to standard SAP are registered in the system and transport on the ABAP developers name. This will avoid discussions on developer licenses.

If basis applies the automatic OSS notes, these are not core custom developments. Check if these are counted by the measurement program. Then check the definition in your contract. Most likely the definition in your contract clearly states developer is only for custom code (Z code). And not for applying OSS notes.

SSCR key listing and developer license

You can run program RSUVM080 to quickly get overview of developer SSCR keys in development system or view in table DEVACCESS. More on RSUVM080 in this blog.

LUI: license utilization information

The LUI (license utilization information) is a new tool provided by SAP to help you better manage the insights into your current utilization.

Questions that will be answered in this blog are:

  • How do I use the LUI tool?
  • Where do I find more information on the LUI tool?
  • Does the LUI tool work for on premise systems and cloud systems?

Use of the LUI tool

The LUI tool is part of the support pages of SAP and can be reached using this link.

Open opening the link and logging on, you start with the overview screen:

As you can see the overview is both for On Premise as well as Cloud based solution licenses.

You can zoom into the details per license to see the trend:

This can help you to detect since when (and then you will check why) you are crossing the line of having utilized too much. This enables you to either take actions to go back, or simply procure more licenses.

For the SAP cloud products, the actual usage is automatically added by SAP. If you want to add usage data for the on premise systems, you will need to upload the LAW files.

Background information

Main LUI tool page can be found here.

LUI introduction video can be found here.

LUI FAQ can be found here.

Manual for using LUI can be found here.

Manual for preparation of measurement data for on premise systems can be found here.

S4HANA security parameter baseline changes

If you convert your ECC system to S4HANA or upgrade a S4HANA system to a higher version, you should check the security parameters. A lot of parameters have a different recommendation in S4HANA.

Questions that are answered in this blog are:

  • Where can I find information on security parameter changes after S4HANA conversion or upgrade?
  • How can I check if the changed security parameter are properly implemented in my S4HANA system?

Security parameter changes S4HANA

OSS note 2926224 – Collection Note: New security settings for SAP S/4HANA and SAP BW/4HANA using SL Toolset and SUM is the master note. This note contains an important excel attachment that is listing all the changes and recommendations per S4HANA target version.

This note is also referring to OSS note 2926224 – Collection Note: New security settings for SAP S/4HANA and SAP BW/4HANA using SL Toolset and SUM, in which more details are explained on the background.

Checking implementation of security parameter changes in the system itself

After your upgrade to S4HANA, you can run program RSPFRECOMMENDED to check how well the security parameters are implemented: