SAP Screen Personas can be used to create variants of SAP GUI transactions. This blog will describe the basis installation and basis configuration part of SAP Screen Personas.
Questions that will be answered are:
- How to install SAP Screen Personas?
- How to perform the basis configuration of SAP Screen Personas?
- How to check the health of SAP Screen Personas?
Installation of SAP Screen Personas
The installation process and prerequisites are clearly listed on the SAP Screen Personas help file for installation.
If you have an older version of SAP netweaver; carefully check the kernel requisites. Newer versions will not have any issue.
Installation of the PERSONAS addon can be done via SPAM/SAINT (simplest way) or via the maintenance planner. Next to the core add on, apply the support packages.
After the addon installation on development system, you need to open the namespace /PERSONAS in SE06. Otherwise you will not be able to apply bug fix OSS notes.
Basis configuration of SAP Screen Personas
Basis configuration of SAP Screen Personas is described on the SAP help file.
Activation steps in SICF:
- Activate SICF nodes personas and personas3
- Activate SICF nodes se (for the slipstream engine)
- Make sure ITS webgui is active in SICF, if not follow the instruction on this blog
In PFCG generate these roles:
Validation of installation and check for new OSS notes
Start transaction /PERSONAS/HEALTH to see the health status and check for new OSS notes:
The first tab has the services status. You might find an issue for WebDynpro Compression. If this is red, goto SCIF node UI5_UI5 and set the compression to Yes:
Next check on the tab System Status:
In case of issues with Transport system synchronization run program /PERSONAS/CONVERT_E071.
On the Notes Status tab press the Check Notes button to see if there are any new relevant OSS notes. Apply the notes and make sure all is ok:
After a support pack, system upgrade or feature pack upgrade, new customizing can be delivered by SAP. To avoid changes to the main client customizing, this new customizing is delivered in client 000. You need to either manually look up the values in client 000, or compare using the tools mentioned below. There is and option to adjust the records after comparison; pull the data from client 000 to the main client and then save it.
Questions that will be answered in this blog are:
- What are the prerequisites for a comparison with client 000?
- How can I compare table entries with client 000?
- How can I adjust table entries with entries from client 000?
Prerequisites for comparison
In order to execute the comparison you need to set up Transaction SCMP can be used to compare entries between the main client and client 000. Prerequisite is that you have setup an RFC from your main client to client 000 with reading right in client 000.
In SCC4 you must set the proper client comparison rights:
SCMP comparison for single table
Transaction SCMP can be used to compare entries between the main client and client 000.
We use table T005 (countries) as example. Run the comparison:
SCMP is only comparison transaction. You cannot adjust entries.
SCU0 or OY19 comparison for multiple tables
If you want to compare multiple tables, use transaction OY19 or SCU0:
Choose selected activities:
Select the IMG node(s) to compare and click the green OK button:
Select the RFC and start:
To adjust the settings, start transaction SM31 for the table view V_T005:
Click maintain and select the entry to adjust. Now select menu option Utilities and option Adjustment. In the popup select the RFC to use:
Select the detailed entry and press copy entry:
Reference OSS notes
As company you are relying on SAP to provide support and services. But how do you know if SAP is doing a good job on this part?
If an internal auditor or external auditor asks you to show or explain the elements of SAP delivered support, where do you get the information?
SAP trust center
SAP has a good site to start with this information: the SAP trust center.
Here you can find:
- Security policies
- Security frameworks
- List of sub-processors employed by SAP to provide services (sub-processor can be on infrastructure level like AWS, Azure, etc, but also manpower like Accenture, TCS, etc.)
- Compliance documents like SOC1, SOC2, ISO 27001, ISO 9001, etc reports (or go directly to the compliance finder)
Not all reports are public. For some you must be customer of the product or service. Some parts require acknowledgement of non-disclosure agreement before you can get the report.
Security white paper
Another good document is the SAP security white paper.
Transaction SM05 can be used to manage HTTPs sessions in an ABAP stack in similar way as GUI sessions in SM04.
SM05 HTTPs session management
Start transaction SM05:
On top you can see % of free sessions.
In the table, you can see the sessions and if needed delete them. The right columns show the logon method (password, SAML, X.509, etc). This might be helpful in investigating issues with logon. The solution could be different per logon method.
OSS notes regarding SM05
Relevant OSS notes:
ABAP programs can be protected from changes by setting the editor lock. Only do this for very critical programs.
This blog will primarily focus on methods to remove the editor lock.
The editor lock is set on the properties of an ABAP program:
The property to set is the Editor Lock tickbox.
When this is set only the author can change the program.
Change user for editor lock
In some cases you have a valid reason to lift the editor lock. If the person has left, or you need to change the program for bug fixing emergency and you can’t wait until the owner is back.
Change editor lock via SE03
As basis administrator you can change the owner of the editor lock in transaction SE03:
Change via SU01 usage
When person left: alter the password for this user in SU01. Log on as this user and remove the editor lock.
Via table editing of table PROGDIR
Goto table PROGDIR and view the content (via SE11). Search for your program and edit the entry:
Remove the EDTX flag and save. Editor lock is gone.
SAP kernel is the central software for the ABAP netweaver stack. It also contains bug and needs patching/updating from time to time.
Unlike support packages and OSS notes, the kernel patching has to be handled with more care.
Questions that will be answered in this blog are:
- What is the SAP kernel deployment strategy?
- When should I patch the SAP kernel?
- What are known pain point in SAP kernel updates?
- Where can I find kernel OSS notes updates?
- Where can I find regressions on kernel updates?
SAP kernel deployment strategy
The full SAP kernel deployment strategy can be found as document on this link.
The basic strategy:
- Update kernel with support package upgrade or main version upgrade
- Apply kernel updates only when you experience issues
This is a sound approach. The kernel is quite black and white in updating. It is fully updated or not. Each new kernel might contain new bugs or unwanted side effects. If not properly tested you need to roll back the kernel update.
SAP kernel versions and SAP kernel patch levels
Versions and levels can be found in OSS note 2083594 – SAP Kernel Versions and SAP Kernel Patch Levels.
Known pain points in kernel updates
If you upgrade your SAP kernel, please pay attention to the following items:
- Use of ITS webgui
- Use of handheld scanners using the ITS webgui
- Portal and other external integration of ITS webgui
- Browser applications using ITS webgui
- Logon issues:
- LDAP connector
- SAP screen personas and other screen scraping tools like robotics process automation tools
- ACF framework (do not use if possible, see blog)
Best practice is to assemble these test scenarios in your company. This way you know next time which tests to perform when applying a kernel patch or kernel update. The tests you execute on an acceptance or quality system before applying the kernel update to your productive system.
Kernel regression OSS note
SAP OSS note 1802333 – Finding information about regressions in the SAP kernel describes how to find the needed regression note for your SAP kernel. The regression notes describe the unwanted side effects and bugs in the kernels.
Kernel roadmap OSS notes
Roadmap OSS notes:
Business suite EHP8 and S4HANA till 1710: 1969546 – Release Roadmap for Kernel 74x and 75x.
S4HANA 1809, 1909 and 2020: 2907361 – Release Roadmap for Kernel 77x and 78x.
Kernel update information
News update on kernel are published on SAP wiki for kernel.
In some cases you need detailed information on TCP/IP ports for SAP. This blog will also refer to notes from SAP with regards to network issues.
TCP/IP ports for SAP
All ports for SAP are listed on the SAP help site https://help.sap.com/viewer/ports.
When is this list important?
- When you have to setup firewall rules
- When you are doing changes: for example, changing from http to https, installation of web dispatcher, switch towards SNC
Other relevant TCP/IP related OSS notes:
SAP FIORI is used more and more. In some cases you need information about how much the FIORI tiles are actually used.
This might be interesting for IT management, but also for license measurement.
Listing users that have used SAP FIORI gateway
Weird but true, SAP does not out-of-the-box delivers a program to list the users that are using SAP FIORI. Install the Z program delivered in OSS note 2446887 – How to get a list of users that have used SAP Gateway to get this report.
SAP netweaver gateway comes with an onboard set of metering transactions and programs. These are unfortunately not widely known. Background OSS note is 2237375 – SAP Netweaver Gateway Metering FAQ.
Program /IWFND/R_METERING_VIEW can be used to view the metering data for FIORI ODATA calls:
This measures which calls are made, duration of the calls, size of the calls, user that made the call, browser type from which the call came, etc.
Report /IWFND/R_METERING_AGGREGATE is used to aggregate this data. /IWFND/R_METERING_DELETE can be used to delete old data.
User measurement on FIORI
User measurement program USMM is firing function module /IWFND/METERING_AUDIT to retrieve information about usage of FIORI in your system.