Setting FIORI gateway time-out and time-out warning

FIORI user use the browser. For security it is important that the browser session has a limited life time. The end user is normally annoyed by this, since when he clicks after a long time, the user gets a server error, which is difficult to understand.

This blog explains how to set up a more user friendly time-out and warning for the FIORI pages.

Questions that will be answered in this blog are:

  • How can I set a time-out for my FIORI tiles?
  • How can I set a warning time for the end users that their FIORI session is about to time-out?

Time-out settings for FIORI

Start transaction /UI2/FLP_SYS_CONF and enter values for these 2 parameters: SESSION_TIMEOUT_INTERVAL_IN_MINUTES and SESSION_TIMEOUT_REMINDER_IN_MINUTES:

Give these the values that are good for your company and press Save.

Time-out for end user

The end result for the end user is a more graceful warning and choice to continue or log out:

ABAP system license verification program

SAP has a bit of a hidden program to verify licenses on an ABAP system: RSUVM080. You can use this program yourself as well to prepare for license measurement and discussion on licenses.

Questions that will be answered in this blog are:

  • How to set up the User Type validation program RSUVM080?
  • How to use it for validation of your licenses?

Installation of program RSUVM080

In very new versions program RSUVM080 is present already. For older versions implement it by applying OSS note 2339166 – Validation of the user classification.

Also check bug fixes notes:

Use of program RSUVM080

If you start program RSUVM080 you see that a file is required for the validation rules:

The file has a specific format. The picture below is an example we use here:

In XLS format:

The actual definition of the file content, you have to do yourself by using common sense! When having discussions with SAP, they might provide the file and ask you to run it. 

Now run the tool in productive system. Output looks like this:

Explanation of the checks

In the details of the input you can see we have provided several checks:

  1. Authorization checks: first 4 lines (check for * in users management, or change or create. 4th line is check for development rights)
  2. Transaction code checks: check for VA01, SE38 and SE11

The checks are shown in the columns on top.

You can see that transaction codes VA01, SE38 and SE11 were executed by the users. When you click on the green icon in the AC check column you can see the details for the AC (anti cheating) checks (more on the AC checks in this blog):

You can see that the user did not only execute VA01, but also did updates to VBAK table. So the user did execute the transaction and created records. Therefore for this user the right license type should be assigned. If the user has rights for VA01, and started it, but never made a posting, this is off course different.

If a user has a DEVACCESS entry, it is marked in the SSCR column. If the user was involved in transports, the transport column is marked.

In the #steps column you can see what other transactions were performed by the user:

Selection of users

It is important to realize that the program only selects the user as Green if one or more of the criteria was met. This can help you focus on the discussion points you are having with SAP (for example around use of VA01 for sales order creation).

You can start with a limited set of rules, and then expand.

First you can give all users the lowest classification. Then you start. For example: start with only the rule for transaction VA01. Assign the users the correct license type. On the selection screen, don’t select the users you already classified, by excluding them in the selection. Then focus on the AC checks: learn from them and see which transactions lead to them. Add this to the rules, and again classify the users correctly. In the next run the classified users are excluded again. This you can do until no AC check box is there. Then randomly validate that the actions left, which are executed by the other users, are indeed part of the lowest license type.