SE16S: generic table and value search

SE16 and SE16N can be used to search specific tables. FIORI search can be used by end users to search business documents for predefined scenarios.

In some cases you might need to search multiple table for a certain value or string. This can be needed from IT point of view or business point of view.

Then transaction SE16S can be your solution: generic table and value search.

Questions that will be answered in this blog are:

  • How does the generic table and value search transaction SE16S work?

Use of SE16S

As example we want to search for the string DE01 in T tables (customizing).

After starting transaction SE16S you are confronted with a big selection screen. In the top part enter the search string:

In the search type select Create Ad Hoc Search String. If you have to execute repetitive searches, you can setup predefined searches with transaction SE16S_CUST.

In the search section enter the search tables you want to search:

In the technical block make the technical settings:

Best to use parallel processing to speed up and also best to show only the tables with hit.

Now start the query by pressing execute and wait a couple of minutes for this query to end.

Results are shown:

Per item you can drill down to the details:

Transaction SE16SL and SE16H

Also transaction SE16SL exists for searching content. This one is bit faster, but less accurate.

SE16H is the HANA based implementation of SE16N and has specific search functions which might be very useful for your use case. More on SE16H in this blog.

Checking usage of SE16 transactions is explained in this blog.

Background

Master reference note: 2002588 – CO-OM Tools: Documentation for SE16S, SE16SL, and SE16S_CUST. This note has a full explanation of all the options.

Role user assignment compression

When you run a system for longer time, you might see that users have roles assigned that are obsolete (end validity date in the past), or having a role assigned multiple times.

With the role user assignment compression program you can clean up.

Role user assignment compression program

Start program PRGN_COMPRESS_TIMES:

Select the Delete Expired Assignments to delete role assignments with validity date in the past as well.

If you want you can first run with the simulation option to see what the program will do, and run without the simulation option to perform the actual clean up.

For issues, do check notes:

Clean up on a CUA managed landscape

If you run a CUA system, the compression program needs to run on the CUA system and not on the local system. See OSS note 1692243 – Report PRGN_COMPRESS_TIMES cannot be used in CUA.

Setting FIORI gateway time-out and time-out warning

FIORI user use the browser. For security it is important that the browser session has a limited life time. The end user is normally annoyed by this, since when he clicks after a long time, the user gets a server error, which is difficult to understand.

This blog explains how to set up a more user friendly time-out and warning for the FIORI pages.

Questions that will be answered in this blog are:

  • How can I set a time-out for my FIORI tiles?
  • How can I set a warning time for the end users that their FIORI session is about to time-out?
  • Can I limit the amount of FIORI sessions?

Time-out settings for FIORI

Start transaction /UI2/FLP_SYS_CONF and enter values for these 2 parameters: SESSION_TIMEOUT_INTERVAL_IN_MINUTES and SESSION_TIMEOUT_REMINDER_IN_MINUTES:

Give these the values that are good for your company and press Save.

OSS note 2955208 – How to set automatic Fiori Launchpad Sign-Out explains also there is a server logout possible.

This function is available as of SAP_UI 7.54 version (see OSS note 3248472 – Why is it not possible to limit browser Fiori sessions?).

Time-out for end user

The end result for the end user is a more graceful warning and choice to continue or log out:

Read OSS note 3034757 – Fiori session timeout setting SESSION_TIMEOUT_INTERVAL_IN_MINUTES does not appear to work accurately to see which actions cause the timer reset.

Limiting amount of sessions

Limiting amount of browser sessions and FIORI sessions per user is not possible. See OSS note 3248472 – Why is it not possible to limit browser Fiori sessions?.

ABAP system license verification program

SAP has a bit of a hidden program to verify licenses on an ABAP system: RSUVM080. You can use this program yourself as well to prepare for license measurement and discussion on licenses.

Questions that will be answered in this blog are:

  • How to set up the User Type validation program RSUVM080?
  • How to use it for validation of your licenses?

Installation of program RSUVM080

In very new versions program RSUVM080 is present already. For older versions implement it by applying OSS note 2339166 – Validation of the user classification.

Also check bug fixes notes:

Use of program RSUVM080

If you start program RSUVM080 you see that a file is required for the validation rules:

The file has a specific format. The picture below is an example we use here:

In XLS format:

The actual definition of the file content, you have to do yourself by using common sense! When having discussions with SAP, they might provide the file and ask you to run it. 

Now run the tool in productive system. Output looks like this:

Explanation of the checks

In the details of the input you can see we have provided several checks:

  1. Authorization checks: first 4 lines (check for * in users management, or change or create. 4th line is check for development rights)
  2. Transaction code checks: check for VA01, SE38 and SE11

The checks are shown in the columns on top.

You can see that transaction codes VA01, SE38 and SE11 were executed by the users. When you click on the green icon in the AC check column you can see the details for the AC (anti cheating) checks (more on the AC checks in this blog):

You can see that the user did not only execute VA01, but also did updates to VBAK table. So the user did execute the transaction and created records. Therefore for this user the right license type should be assigned. If the user has rights for VA01, and started it, but never made a posting, this is off course different.

If a user has a DEVACCESS entry, it is marked in the SSCR column. If the user was involved in transports, the transport column is marked.

In the #steps column you can see what other transactions were performed by the user:

Selection of users

It is important to realize that the program only selects the user as Green if one or more of the criteria was met. This can help you focus on the discussion points you are having with SAP (for example around use of VA01 for sales order creation).

You can start with a limited set of rules, and then expand.

First you can give all users the lowest classification. Then you start. For example: start with only the rule for transaction VA01. Assign the users the correct license type. On the selection screen, don’t select the users you already classified, by excluding them in the selection. Then focus on the AC checks: learn from them and see which transactions lead to them. Add this to the rules, and again classify the users correctly. In the next run the classified users are excluded again. This you can do until no AC check box is there. Then randomly validate that the actions left, which are executed by the other users, are indeed part of the lowest license type.