Author: saptechnicalguru

SAP buffers and buffer refreshes

This blog will explain the SAP buffer setup and the SAP buffer refresh process.

Questions that will be answered are:

  • What is the use of table buffers?
  • Which tables are buffered?
  • How can I check on my productive system which buffered table is using a lot of memory?
  • How to force a buffer refresh in general?
  • How to force a buffer refresh for a specific table?
  • How to force a buffer refresh on a specific application server?

Background of table buffers

The primary reason of a table buffer is pretty simple: performance improvement.

SAP has a 3 tier setup of:

  1. Front end GUI
  2. Application server
  3. Database server

If data is read from the database server it is processed on the application server. This data is buffered on the application server. If a user asks the same data twice, the application server already has the data. Also very frequently read tables (like company code and plant data) are buffered on the application server.

In transaction SE11 in the technical settings of a table you can see if a specific table is buffered or not, and the type of buffering. Example is for table T000, which is fully buffered:

When to set buffering?

Buffering is extremely useful on small and infrequently changing tables, which have a lot of read access. For these tables buffering will help a lot. That is why a lot of customizing table have buffering activated. You can do the same for your Z tables if they are used for customizing like purposes.

How to check buffering in productive system?

Follow the instructions from OSS note 2806927 – Remove table buffers to check table buffering in production.

Go to transaction AL12:

Then select menu option Monitor, Buffers, Table buffer, All Generic tables. Then sort by size:

How to reset table buffers?

In some specific case you might want to force a buffer reset.

For this reason you can enter specific commands (enter same way like transaction code or the famous /h for debugging):

/$TAB – Resets all the table buffers on the application server

/$TAB <table name> – Resets the TABLE buffers on the application server for that specific table (also consider program TOUCHTAB after transporting a table definition)

/$SYNC Resets the buffers on the application server

/$CUA Resets the CUA buffer of the application server (the CUA buffer is not for central user admin, but holds screen elements like menus, buttons, etc)

/$DYN Resets the screen buffer on the application server

/$ESM Resets the exp/imp shared memory Buffer on the application server

/$PXA Resets the program (PXA) buffer on the application server

/$OBJ Resets the shared buffer of the application server

ST02 buffer overview

You can use transaction ST02 to get an overview of the buffers:

By clicking the button Current parameters you get an overview of the currently set relevant parameters:

Explanation notes:

Other buffer and caching resets

There are other buffer and caching resets:

  • User buffer reset: go to transaction SU53 and select menu Authorization Values / Reset User Buffer
  • User role combination refresh: transaction PFUD, see dedicated blog.
  • FIORI buffers, see dedicated blog.

Security patch day

This blog will explain more on the SAP security patch day.

Questions that will be answered are:

  • What is security patch day?
  • Where can I find the recently released security OSS notes?
  • Where can I find more background information on security patch day?
  • Where to find more information on the CVSS scoring mechanism?
  • What is a practical approach to security patch day and security OSS notes?

Security patch day

Security patch day is every second Tuesday of each month (for more on security patch day itself, you can read the FAQ). The actual OSS notes as summary can be found at the Security response at SAP support security notes page. The patch days themselves are planned and published on this page.

The wiki pages also include a suggested process for dealing with the security patch day OSS notes.

SAP uses the CVSS scoring mechanism to determine the risk a security leak. The scoring mechanism is explained in this blog.

SAP solution manager system recommendations

If you setup SAP solution manager system recommendations, than you will get an always current overview of security notes. With the system recommendations you can mark notes as reviewed, so they don’t appear any more. Applied ABAP notes will be automatically be removed by the tool. Newly released security notes and updated are added to the overview. For setup information on SAP solution manager system recommendations, read this blog.

SAP Focused Run configuration and security validation

SAP Focused Run configuration and security validation can be used to check the application of security notes in your system landscape. For more information, read this blog.

Practical approach to security notes

A pragmatic approach for security notes is the following:

  • Every 6 to 12 months update your SAP kernel
  • Apply every 3 month the ABAP OSS notes which can be done automatically (don’t look at the score, just apply them). Leave them on your test and/or acceptance system. This will normally make sure you have no negative side effects. Then move them to production.
  • Apply every 3 month the ABAP OSS notes with manual actions for the processes you use and for CVSS score you deem high enough to justify the effort of the manual actions

Feel free to increase the frequency of the above proposal.

ABAP update administration

This blog will explain about the ABAP update administration. Questions that can be answered are:

  • How to check if the ABAP update process is active?
  • How to check and fix update errors?

Update administration

You can use transaction SM14 to goto the ABAP update administration:

SM14 overview screen

Update errors

The update errors can be seen with transaction SM13 (do take care to have the right date selection):

SM12 update processing errors

Double clicking on the line will give you more information:

SM13 update processing error detail

Double click again on the error for more information. This information can be used to find the OSS note to fix the issue in case of standard SAP failure. In case of Z code failure, you will have to go to you own ABAP developer to fix it.

Reprocessing

Reprocessing is sometimes possible, and in most cases not. After you have captured the information on a update failure you can delete it.

When reprocessing is possible, check first with the user. He might have posted the data already in a different way. Only when he did not post in different way, you can try to reprocess the failed update.

Alerting

You can set parameter (RZ11) rdsip/vbmail to 1 to activate mail sending. Parameter rdisp/vb_mail_user_list contains the mail addresses (separation by comma).

Automatic deletion

By setting parameter rdisp/vbreorg to 1 the automatic deletion of failed updates is activated. Parameter rdsip/vbdelete is the amount of days the SM13 entries are kept.

Background OSS notes

S4HANA blacklist

With S4HANA SAP has deprecated some parts of their old code. In some weird cases this old code might still be required.

This blog will explain on the S4HANA blacklist. Questions that will be answered are:

  • How do I see a dump is caused by the S4HANA blacklist?
  • Where to find more background information on the S4HANA blacklist?

The S4HANA blacklist dump

If for whatever reason the S4HANA system gives an ABAP dump with the error SYSTEM_ABAP_ACCESS_DENIED, this is a S4HANA blacklist dump. See note 2476734 – Runtime error SYSTEM_ABAP_ACCESS_DENIED. Or a reference to OSS note 2295840 – Outbound / Inbound calls from external to RFC FM are blocked when the FM is blacklisted and the UCON-Check is active.

Blacklisted RFC calls

When calling a blacklisted RFC from an external application you can get similar dump with reference to OSS note 2295840 – Outbound / Inbound calls from external to RFC FM are blocked when the FM is blacklisted and the UCON-Check is active. This note itself is old and refers to newer OSS note 2416705 – Outbound / Inbound calls from external to RFC FM are blocked when the FM is blacklisted using Blacklist Object. You can run program RS_RFC_BLACKLIST_COMPLETE to see which function modules are blacklisted:

2259818 – RFC enabled Function Modules with incompatible signature change compared to its version in ERP are blocked from external access.

What to do when you hit a blacklisted item?

The best approach is to avoid doing what you did and look for the functional alternative provided by SAP. Search for the correct simplification item OSS note. In almost all cases SAP provides a solution.

Activating a blacklisted item

OSS note 2249880 – Dump SYSTEM_ABAP_ACCESS_DENIED caused through Blacklist Monitor in SAP S/4HANA on premise, contains the procedure to activate a blacklisted item. For the RFC calls follow the instructions of OSS note 2408693 – Override blacklist of Remote Enabled Function Modules.

Please make sure you have both the clearance from SAP and the system owner in writing before executing this procedure. Support can be lost and system upgrade in the future can be facing severe blocks. Only execute as last resort after explicit approval.

S4HANA setup FIORI manage KPI tiles

Inside S4HANA there is a very powerful FIORI tile called the Manage KPI and Report function. This blog will explain how to setup this FIORI tile and how to make sure it is working properly.

It is assumed you have already enabled your S4HANA system for FIORI (see this blog).

Note: this blog will only explain the S4HANA 1909 and higher implementation. Previous versions of this functionality have more tiles and setup work.

Activating the Manage KPI and report function

Goto transaction STC01 and select task list SAP_FIORI_CONTENT_ACTIVATION:

In the task list select the business role SAP_BR_ANALYTICS_SPECIALIST:

Now run the task list and wait. If you have issues, please read this blog.

Assign then activated PFCG role SAP_BR_ANALYTICS_SPECIALIST to your user ID.

Checking the KPI and report FIORI tile

Start the FIORI launchpad (transaction /UI2/FLP) and check that the manage KPIs and Reports tile is now available:

Click on the tile and you come into the first screen. Top left you can choose between KPI and Reports. We will first start with inspecting the KPI. We will use Purchase Order Changes as example:

Details of the KPI:

Here you can see the Data source: CDS view C_POITEMCHANGECOUNT.

On the visualize tab you can see a preview of the tile:

Now we will inspect the report:

Here you can see it is a Generic Drilldown on the datasource C_POITEMCHANGECOUNT. Click to open the details:

You can push the button Show Preview to get a preview of the report:

In the section application details you can see the details for the tile:

Very important here is the catalog it belongs to. In PFCG assign the correct business role to your user: SAP_BR_BUYER. You can find this role in the FIORI reference library documentation for this tile.

After the role is assigned, start the FIORI app finder and search for the app:

Now this tile should work:

Background information

There is an excellent OpenSAP course on this topic: link.

More background information can be found on the FIORI reference libary for the Manage KPIs and Report app:

S4HANA rapid activation of FIORI lighthouse apps

This blog will explain how you can execute a rapid activation of a set of FIORI lighthouse apps.

Questions that will be answered are:

  • Which apps can be used for rapid setup?
  • How to execute the rapid activation of FIORI lighthouse apps?

This blog assumes you have finished the basic activation of embedded FIORI on S4HANA, which is explained in this blog.

FIORI lighthouse apps

FIORI lighthouse apps are enabled for rapid activation. On the FIORI reference library site click on the Lighthouse scenario link to get a PDF full of all possible apps you can activate:

In the app finder you can also search for specific lighthouse apps:

Rapid activation of FIORI lighthouse app

We will take the following app as example to execute the rapid activation: app ID F1600A: Manage Purchase Contracts (Version 2):

In the implementation information scroll down to the authorization information section:

For now you can ignore the catalog and business group. Important here is the business role: SAP_BR_PURCHASER.

Go to transaction STC01 and select task list SAP_FIORI_CONTENT_ACTIVATION:

In the scope definition select the needed role SAP_BR_PURCHASER:

In the task list set the mandatory parameters process mode to co-deployment and Prefix to Z. Now start the task list execution and be patient. This might run up to 10 minutes.

This task list will now activate all ODATA services for the app group (not only for this single app, but the complete group!). It will activate all SICF nodes for the app group (yes, again the whole group). And it will generate the PFCG authorization role SAP_BR_PURCHASER.

If the task list is finished, assign the role SAP_BR_PURCHASER to your user ID.

Content activation for catalogs

For some scenarios it might be needed to activate catalog content. To do this, first apply OSS note 3339909 – Fiori Setup: Content Activation for Catalogs. This note delivers STC01 task list SAP_FIORI_FCM_CATALOG_ACTIVATION.

Testing

Start the FIORI launchpad (transaction code /UI2/FLP):

You see that the tile Manage Purchase Contracts is visible. Since we activated a complete group, also the other tiles are immediately visible.

Clicking on the Manage Purchase Contracts tile gives immediate result:

This shows we can activate complete group of apps that immediately work, with minimal effort.

Issue detection

You can use the FIORI app support function to quicly analyze an issue in your newly activated FIORI app. Read more in this blog.

In app extensibility

All the FIORI lighthouse apps are built for in app extensibility. This allows you to change the look and feel of a standard SAP app and to add custom fields to standard SAP app. Read more in this blog.

Transport and activation after transport

After transport everything is present, but in inactive state. You need to perform the activation after transport.

OSS note 2886433 – Fiori Setup: Activation of OData Services in Prod Systems with task lists contains a perfect PDF that describes how to carry out the activation in a productive system using the proper selections in the task list.

Embedded activation and system refresh

If you refresh your sandbox, quality or development system with production copy, read this note 3111069 – Task list clarification post System copy/System Refresh in Embedded deployment on activation of embedded FIORI after the refresh.

OSS notes

Background OSS notes:

Bug fix notes to apply:

Enabling ABAP backend for ABAP Eclipse

This blog will explain the actions you need to perform to enable an ABAP backend for ABAP Eclipse tools (ADT = ABAP Development Tools).

Questions that will be answered are:

  • How to enable ABAP backend for ABAP Eclipse?
  • Where to find more background information on ADT (ABAP Development Tools)

For the installation of the front end tool ABAP Eclipse (ADT tools) read this blog.

Background information

The up-to-date information on the ABAP Development Tools and how to install ABAP Eclipse with the correct versions can be found on the SAP site. This site contains on the ABAP tab also the most up-to-date manual on the backend configuration.

The section below will describe the main steps.

Enabling ABAP backend for ABAP Eclipse

In transaction SICF enable node ADT:

Also activate the ABAP documentation tool nodes:

If not yet active, also activate SICF node wdy_aie_vd_preview.

Now start to test ABAP in Eclipse. Pending on the authorizations it might already work. If it does not work, check the standard SAP manual on the required RFC authorizations you need as ABAP developer to run ABAP in Eclipse.

In the manual you will read about SFW5 switch SRIS_SOURCE_SEARCH. Be very careful to switch this on. It is very resource intensive and there is limited added value.

Bug fix OSS notes

There might be bugs in Eclipse backend code. In SAP OSS search for component BC-DWB-AIE.

Adjusting standard SAP code in S4HANA

In S4HANA the SSCR and developer key procedure are no longer present. This means you have to use proper authorization concept to determine which person is allowed to developer Z ABAP code and which developer is allowed to modify standard SAP ABAP code.

Questions that will be answered in this blog are:

  • Why has the has the procedure been removed?
  • How do I protect code adjustments from unauthorized changes?

S4HANA developer key

The title is a bit misleading. In S4HANA there are no developer keys and object keys any more.

Background of this change be SAP can be found in OSS note: 2309060 – The SSCR license key procedure is not supported in SAP S/4 HANA.

So in S4HANA, you must set up authorizations for S_DEVELOP properly. The development key and SSCR procedure are hacked anyhow (see blog).

With S_DEVELOP you have to set create/change rights for the packages and or objects. For custom code only hand out Z* privileges.

If you hand out a * for the objects or classes, then the developer can also change standard SAP.

Changes to standard SAP in S4HANA

The SCCR procedure is gone in S4HANA. This means if you want to adjust standard SAP code and you have the authorizations, you can without any SSCR screen asking you for the modification key.

Again also here: i you hand out a * for the objects or classes, then the developer can also change standard SAP.

All protection of ABAP code in S4HANA is arranged via authorization.

Developer license measurement in S4HANA

The move away from DEVACCESS has also made the developer license measurement in S4HANA complex. Read more in this blog.

Include usage data in S4HANA custom code migration FIORI app

With the new S4HANA custom code migration FIORI app you can include system usage data (from productive system) to see which code blocks are used and which ones are not.

This blog will give answers to the following questions:

  • How to collect usage data from productive system?
  • How to include the usage data in the S4HANA custom code migration FIORI app?

This blog assumes you have already setup the S4HANA custom code migration FIORI app. If you have not done this, follow the instructions in this blog.

Collecting usage data in production with transaction SUSG

General recommendations for the use of transaction SUSG can be found in OSS note 2701371 – Recommendations for aggregating usage data using transaction SUSG. SUSG assumes you have already activated the SCMON ABAP call monitor. If that is not done, read this blog.

In your productive system start transaction SUSG and activate the usage data aggregation:

If you don’t have sufficient authorizations, you might get this weird screen:

If you see this screen, first check your user authorizations.

SUSG performance impact

SUSG performance impact is negligible. SCMON might have an impact. See the blog on SCMON.

Background: 3100194 – Memory Requirement and Performance Impact of transaction SUSG.

SUSG installation

If SUSG does not start in your productive system it needs to be installed first. To install SUSG apply OSS note 2643357 – Installation of Transaction SUSG. This is a TCI based OSS note (see blog).

After the TCI note also apply these OSS notes:

Creating the snapshot

Now that the data collection and aggregation is activated, you will need to be patient. Let the system collect the data for the next few days. Now goto transaction SUSG and check the log that the aggregation went fine:

Now you can create a snapshot in the Manage Snapshots section:

Create the snapshot and download it to a file on your desktop or laptop. If wanted you can setup RFC connection as well.

The security and basis team normally does not like any RFC going from production system to non-production system. So the file option is normally the best way.

Loading the data into your upgraded S4HANA system

In your S4HANA system where your custom code analysis runs now start transaction SUSG and make sure it is active. Now you can upload the snapshot from the productive server you have downloaded in the previous step.

Please make sure that the OSS notes on both your productive system and your S4HANA system are identical. The notes have changes to file format of the download file. If the notes are notes identically applied, you will have file format upload issues. Recommendation is to apply all recent SUSG note to both your productive server and the S4HANA system.

S4HANA custom code migration app with usage data

Now you can finally launch the S4HANA custom code migration app. Create a new analysis. In the usage data part of the app, you can assign the snapshot you have uploaded in the previous section:

Now start the custom code analysis and let it run.

The end results of code being used or not can be seen in the column Usage Information in the Analyze Findings section:

Background information

More background on SUSG setup can be found on this blog.

Deletion of SUSG data

Deletion can be done after applying OSS note 3130631 – SUSG: Report to delete programs from usage data.

S4HANA setup FIORI my Inbox app

If you have followed all the instruction in the blog about embedded FIORI activation in S4HANA, you will find that the my Inbox app is still not working.

This is correct since extra steps are required to setup the FIOIR my inbox app. This blog will answer the following questions:

  • Which extra steps to perform to activate the FIORI my inbox app?
  • Where to find more background information on the FIORI my inbox app?

Basic setup of FIORI my inbox in S4HANA

After you have finished the embedded FIORI activation in S4HANA (see blog), you must follow the extra steps in OSS note 2902673 – Rapid Activation for SAP Fiori in SAP S/4HANA – Overview. This note refers to specific version like 2834415 – Composite SAP note: Rapid Activation for SAP Fiori in SAP S/4HANA 1909. In this note there is a special section on the extra steps to activate the myInbox.

Goto the following customizing tree entry:

Now setup an extra system alias, name can be freely chosen:

It is very important here to notice 2 things:

  1. The local GW (gateway) tickbox must be set
  2. The software version MUST be set to /IWPGW/BWF

In transaction /IWFND/MAINT_SERVICE activate the service TASKPROCESSING version 2 for the system alias you just created.

It is very important to take version 2 and not the version 1.

In SICF activate the FIORI inbox tile itself: CA_FIORI_INBOX.

In PFCG activate role SAP_BR_MANAGER and assign it to your user.

MyInbox app

Now goto the FIORI launchpad (/ui2/flp transaction) and the MyInbox tile should be visible with the number showing you the amount of workflows:

If you see the number zero, you might not have any workflows assigned to your user. See the blog on S4HANA workflow activation to make sure the workflow system is properly activated and instruction to generate some test items for you.

Background information

The best source of public information is the SAP wiki on myInbox.

Official SAP note: 2676990 – Release Information note for SAP Fiori My Inbox. (this note contains the list of patch notes for the My Inbox FIORI side).

Release information note, which refers to patch notes: 2221151 – Release Information note for SAP Fiori My Inbox 2.0.

Specific useful notes on how-to OSS note for my Inbox FIORI app :