Author: saptechnicalguru

SE16S: generic table and value search

SE16 and SE16N can be used to search specific tables. FIORI search can be used by end users to search business documents for predefined scenarios.

In some cases you might need to search multiple table for a certain value or string. This can be needed from IT point of view or business point of view.

Then transaction SE16S can be your solution: generic table and value search.

Questions that will be answered in this blog are:

  • How does the generic table and value search transaction SE16S work?

Use of SE16S

As example we want to search for the string DE01 in T tables (customizing).

After starting transaction SE16S you are confronted with a big selection screen. In the top part enter the search string:

In the search type select Create Ad Hoc Search String. If you have to execute repetitive searches, you can setup predefined searches with transaction SE16S_CUST.

In the search section enter the search tables you want to search:

In the technical block make the technical settings:

Best to use parallel processing to speed up and also best to show only the tables with hit.

Now start the query by pressing execute and wait a couple of minutes for this query to end.

Results are shown:

Per item you can drill down to the details:

Transaction SE16SL and SE16H

Also transaction SE16SL exists for searching content. This one is bit faster, but less accurate.

SE16H is the HANA based implementation of SE16N and has specific search functions which might be very useful for your use case. More on SE16H in this blog.

Checking usage of SE16 transactions is explained in this blog.

Background

Master reference note: 2002588 – CO-OM Tools: Documentation for SE16S, SE16SL, and SE16S_CUST. This note has a full explanation of all the options.

Role user assignment compression

When you run a system for longer time, you might see that users have roles assigned that are obsolete (end validity date in the past), or having a role assigned multiple times.

With the role user assignment compression program you can clean up.

Questions that will be answered in this blog are:

  • How can I remove roles from expired users?
  • How can I remove duplicate roles from users?
  • How can I remove overlapping date ranges for roles assigned to users?

Role user assignment compression program

Start program PRGN_COMPRESS_TIMES:

Select the Delete Expired Assignments to delete role assignments with validity date in the past as well.

If you want you can first run with the simulation option to see what the program will do, and run without the simulation option to perform the actual clean up.

For issues, do check notes:

Clean up on a CUA managed landscape

If you run a CUA system, the compression program needs to run on the CUA system and not on the local system. See OSS note 1692243 – Report PRGN_COMPRESS_TIMES cannot be used in CUA.

Setting FIORI gateway time-out and time-out warning

FIORI user use the browser. For security it is important that the browser session has a limited life time. The end user is normally annoyed by this, since when he clicks after a long time, the user gets a server error, which is difficult to understand.

This blog explains how to set up a more user friendly time-out and warning for the FIORI pages.

Questions that will be answered in this blog are:

  • How can I set a time-out for my FIORI tiles?
  • How can I set a warning time for the end users that their FIORI session is about to time-out?
  • Can I limit the amount of FIORI sessions?

Time-out settings for FIORI

Start transaction /UI2/FLP_SYS_CONF and enter values for these 2 parameters: SESSION_TIMEOUT_INTERVAL_IN_MINUTES and SESSION_TIMEOUT_REMINDER_IN_MINUTES:

Give these the values that are good for your company and press Save.

OSS note 2955208 – How to set automatic Fiori Launchpad Sign-Out explains also there is a server logout possible.

This function is available as of SAP_UI 7.54 version (see OSS note 3248472 – Why is it not possible to limit browser Fiori sessions?).

Time-out for end user

The end result for the end user is a more graceful warning and choice to continue or log out:

Read OSS note 3034757 – Fiori session timeout setting SESSION_TIMEOUT_INTERVAL_IN_MINUTES does not appear to work accurately to see which actions cause the timer reset.

Limiting amount of sessions

Limiting amount of browser sessions and FIORI sessions per user is not possible. See OSS note 3248472 – Why is it not possible to limit browser Fiori sessions?.

ABAP system license verification program

SAP has a bit of a hidden program to verify licenses on an ABAP system: RSUVM080. You can use this program yourself as well to prepare for license measurement and discussion on licenses.

Questions that will be answered in this blog are:

  • How to set up the User Type validation program RSUVM080?
  • How to use it for validation of your licenses?

Installation of program RSUVM080

In very new versions program RSUVM080 is present already. For older versions implement it by applying OSS note 2339166 – Validation of the user classification.

Also check bug fixes notes:

Use of program RSUVM080

If you start program RSUVM080 you see that a file is required for the validation rules:

The file has a specific format. The picture below is an example we use here:

In XLS format:

LincensesInputDownload

The actual definition of the file content, you have to do yourself by using common sense! When having discussions with SAP, they might provide the file and ask you to run it.

Now run the tool in productive system. Output looks like this:

Explanation of the checks

In the details of the input you can see we have provided several checks:

  1. Authorization checks: first 4 lines (check for * in users management, or change or create. 4th line is check for development rights)
  2. Transaction code checks: check for VA01, SE38 and SE11

The checks are shown in the columns on top.

You can see that transaction codes VA01, SE38 and SE11 were executed by the users. When you click on the green icon in the AC check column you can see the details for the AC (anti cheating) checks (more on the AC checks in this blog):

You can see that the user did not only execute VA01, but also did updates to VBAK table. So the user did execute the transaction and created records. Therefore for this user the right license type should be assigned. If the user has rights for VA01, and started it, but never made a posting, this is off course different.

If a user has a DEVACCESS entry, it is marked in the SSCR column. If the user was involved in transports, the transport column is marked.

In the #steps column you can see what other transactions were performed by the user:

Selection of users

It is important to realize that the program only selects the user as Green if one or more of the criteria was met. This can help you focus on the discussion points you are having with SAP (for example around use of VA01 for sales order creation).

You can start with a limited set of rules, and then expand.

First you can give all users the lowest classification. Then you start. For example: start with only the rule for transaction VA01. Assign the users the correct license type. On the selection screen, don’t select the users you already classified, by excluding them in the selection. Then focus on the AC checks: learn from them and see which transactions lead to them. Add this to the rules, and again classify the users correctly. In the next run the classified users are excluded again. This you can do until no AC check box is there. Then randomly validate that the actions left, which are executed by the other users, are indeed part of the lowest license type.

Setup of LOCL printing

This blog will explain the setup of the LOCL printer in SAP. Any output send to the LOCL printer will use the SAP GUI to call the windows printer list on your laptop or desktop and send the print there.

Setup of LOCL printer

Start transaction SPAD and create printer LOCL (with short name as well LOCL):

And on the access method tab enter this information:

Save now and the LOCL printer is ready to use.

Set up background can be found in SAP help pages.

Use of LOCL printer

If you print, choose the LOCL printer. The screen will refresh and give a dropdown list for the printers installed on you local laptop or desktop:

Restrictions of LOCL printer

LOCL needs a connection to the SAP GUI. It can therefore not be used for:

  • Printing spool in the background
  • Printing in RFC

If you still try to spool to LOCL printer, this is the output:

See oss note 2244868 – Front-end printing spool request is not printed.

SAP support portal security: mail filtering

SAP support portal is used in your company for many items: EWA’s, reporting issues, downloading software.

Protection of the accounts on SAP support portal for your company is required.

This blog will explain the setup of the security feature for mail filtering.

If you don’t set this up, your user overview will continuously show this warning:

Setting up mail filtering

Go to the support page for mail filtering:

Use the Add Domain button to add a new domain.

Domains to add:

  • Your company mail domain(s)
  • sap.com domain (for support from SAP)
  • Domain of your supplier maintaining your SAP system, in case they use their own mail ID

Background

Background of this feature can be found in OSS note 3025172 – How to add or remove email domains for my customer number – SAP ONE Support Launchpad.

Measurement of developer licenses

Every year SAP measures the licenses. The developer licenses are the most expensive licenses and also the ones which are under continuous debate with SAP.

Questions that will be answered in this blog are:

  • What is a developer and why is it so hard to measure?
  • How can I go back to the DEVACCESS measurement on my non-S4HANA systems?
  • What are the complexities on S4HANA with measuring developers?

Developer definition

Most likely the definition in your contract clearly states developer is only for creation and changing custom code (Z code). And not for applying OSS notes. The measurement should follow the definition.

Developer measurement on non-S4HANA system

On a non-S4HANA based system, the developer key concept still exists. This means a developer key needs to be called off at sap support site for keys. This mechanism is hackable, but in the end in the system table DEVACCESS is filled with everybody who has filled in the keys.

SAP has given update notes on the USSM user measurement programs that use the S4HANA logic, which is described below.

By applying OSS note 3225435 – USMM2: Development Workbench check – Restore old version, you can revert back to the original way of working that measures entries in DEVACCESS table and changes to REPOSRC.

The measurement of developers has to run on the development system. For security reasons, you should delete all entries in DEVACCESS table in all non-development systems.

When a developer is leaving, you should also delete the corresponding entry in DEVACCESS table to avoid it from being counted in the license measurement.

Read this blog on the deletions of entries in DEVACCESS table.

S4HANA logic (or better no logic)

In S4HANA SAP removed the developer key (see this blog). In the USMM measurement program SAP has put in logic to measure a developer as everybody who creates a transport entry of type Workbench. Text from the word document attached to note 3038370 – USMM2: Development Workbench Check alte Version wieder herstellen:

"In the current version of the check all users are shown that have made an entry of type K (workbench request) or S (development/correction) in the field TRFUNCTION in the table E070 within the last year."

Note 3038370 is now obsolete and replaced with OSS note 3225435 – USMM2: Development Workbench check – Restore old version.

This means also the following actions are counted as developer:

  • Basis team applying OSS note
  • Consultant making a client independent customizing
  • Many more actions that lead to entries in workbench request

This logic of SAP does not make any sense. As customer you can have big debates with SAP on this.

It is really unclear why SAP is not simply checking the REPOSRC changes on S4HANA system done on Z code last year. This will simply give list of real changes done on custom code by whom. That would be fair measurement.

SAP, if you read this, you can take over this idea.

OSS notes with or without manual instructions

Some OSS notes have manual instructions to create SAP Z programs or to alter SAP objects. To avoid discussions with SAP, it is best if you carry out these instructions by an ABAP developers, rather than a basis consultant. Not only does the ABAP developer has a better clue on what the impact is, it also makes sure that the Z coding and changes to standard SAP are registered in the system and transport on the ABAP developers name. This will avoid discussions on developer licenses.

If basis applies the automatic OSS notes, these are not core custom developments. Check if these are counted by the measurement program. Then check the definition in your contract. Most likely the definition in your contract clearly states developer is only for custom code (Z code). And not for applying OSS notes.

SSCR key listing and developer license

You can run program RSUVM080 to quickly get overview of developer SSCR keys in development system or view in table DEVACCESS. More on RSUVM080 in this blog.

LUI: license utilization information

The LUI (license utilization information) is a new tool provided by SAP to help you better manage the insights into your current utilization.

Questions that will be answered in this blog are:

  • How do I use the LUI tool?
  • Where do I find more information on the LUI tool?
  • Does the LUI tool work for on premise systems and cloud systems?

Use of the LUI tool

The LUI tool is part of the support pages of SAP and can be reached using this link.

Open opening the link and logging on, you start with the overview screen:

As you can see the overview is both for On Premise as well as Cloud based solution licenses.

You can zoom into the details per license to see the trend:

This can help you to detect since when (and then you will check why) you are crossing the line of having utilized too much. This enables you to either take actions to go back, or simply procure more licenses.

For the SAP cloud products, the actual usage is automatically added by SAP. If you want to add usage data for the on premise systems, you will need to upload the LAW files.

Background information

Main LUI tool page can be found here.

LUI introduction video can be found here.

LUI FAQ can be found here.

Manual for using LUI can be found here.

Manual for preparation of measurement data for on premise systems can be found here.

SO10 standard text

With transaction SO10 you can maintain standard texts. These texts can be used in SapScript, SmartForms and your own ABAP code.

Questions that will be answered in this blog are:

  • How to create a standard text in SO10?
  • How to set default editor for SO10?
  • How to transport SO10 standard texts?
  • How to call SO10 standard text in ABAP code?
  • How to insert hyperlink into SO10 text?

Create standard text

Start transaction SO10, enter the text name and press the create button:

Now enter the text in the editor and save it:

Transporting standard texts

After saving the standard text the tool just saves the text without prompting for transport. This is as designed. The text can be maintained directly in production this way. Either by IT or even by business users.

If you do want to transport the standard texts, use program RSTXTRAN to add the standard text to the transport:

Read standard text from ABAP code

You can read the standard text from your own ABAP code by calling function module READ_TEXT

Example code:

DATA: IT_TLINES type table of TLINE.

REFRESH IT_TLINES.

CALL FUNCTION 'READ_TEXT'
      EXPORTING
*       CLIENT                        = SY-MANDT
        ID                            = 'ST'
        LANGUAGE                      = 'E'
        NAME                          = 'Z_DEMO_TEXT'
        OBJECT                        = 'TEXT'
*       ARCHIVE_HANDLE                = 0
*       LOCAL_CAT                     = ' '
*     IMPORTING
*       HEADER                        =
      TABLES
        LINES                         =  IT_TLINES
*     EXCEPTIONS
*       ID                            = 1
*       LANGUAGE                      = 2
*       NAME                          = 3
*       NOT_FOUND                     = 4
*       OBJECT                        = 5
*       REFERENCE_CHECK               = 6
*       WRONG_ACCESS_TO_ARCHIVE       = 7
*       OTHERS                        = 8.

Inserting graphic in SO10

Follow the instructions in OSS note 2918753 – How to insert graphic in SO10.

Inserting hyperlink in SO10

First create hypertext in transaction SO72. Select type CHAP:

In SO10 now select the menu option Insert / Text / Hypertext:

Hyperlink is now inserted into SO10:

Changing the editor

Many people don’t like the word tool as editor. It is not precise enough. You can run program RSCPSETEDITOR to change the setting for everybody:

Untick the MS word as editor and press the Activate button.

Relevant OSS notes:

S4HANA security parameter baseline changes

If you convert your ECC system to S4HANA or upgrade a S4HANA system to a higher version, you should check the security parameters. A lot of parameters have a different recommendation in S4HANA.

Questions that are answered in this blog are:

  • Where can I find information on security parameter changes after S4HANA conversion or upgrade?
  • How can I check if the changed security parameter are properly implemented in my S4HANA system?

Security parameter changes S4HANA

OSS note 2926224 – Collection Note: New security settings for SAP S/4HANA and SAP BW/4HANA using SL Toolset and SUM is the master note. This note contains an important excel attachment that is listing all the changes and recommendations per S4HANA target version.

This note is also referring to OSS note 2926224 – Collection Note: New security settings for SAP S/4HANA and SAP BW/4HANA using SL Toolset and SUM, in which more details are explained on the background.

Checking implementation of security parameter changes in the system itself

After your upgrade to S4HANA, you can run program RSPFRECOMMENDED to check how well the security parameters are implemented: