Author: saptechnicalguru

Linux versions and support for Linux

Many SAP system use Linux as operating system.

It is important that you check you run a supported combination of Linux OS, database and application.

SAP HANA OS support

For SAP HANA database, the master note is 2235581 – SAP HANA: Supported Operating Systems. This note contains the references to all the version specific OSS notes.

Checking kernel and LINUX version in SAP system

To check your kernel and LINUX version, go to System Status and then open the Other Kernel Info button:

Another option is to run function module TH_SAPREL3 in SE37:

Translating the version

You have to use the RedHat or SUSE site to translate the kernel number into the LINUX OS version.

Example:

This version

Translates to:

So RedHat version 8.7.

CVA: Code vulnerability analysis

CVA is a licensed SAP tool to scan custom code for potential security issues.

CVA is built in code inspector and analysis is run via the ATC tool.

Questions that will be answered in this blog are:

  • What checks does CVA perform?
  • How to activate CVA?
  • Is CVA licensed?
  • Where to find more information on CVA?

Activating CVA

SAP CVA Code Vulnerability Analysis is a licensed tool. You need to activate it before you can use it. To activate run program RSLIN_SEC_LICENSE_SETUP:

The activation refers to OSS note 1855773 – Security checks for customer-specific ABAP programs which explains the license, restrictions, etc.

Call to SAP: if you really think security is important for your customers and their custom programs, don't ask money for CVA tool, but allow free usage!

Check the bug fix OSS notes below. Apply them before your first run.

Checks in detail

The SAP CVA checks can be seen in SCI variant SLIN_SEC:

And then open the variant and click the information button for details:

A full list of checks can also be found on this SAP blog.

And per netweaver version the checks are listed in OSS note 1921820 – SAP Code Vulnerability Analyzer – support package planning.

Setting up ATC variant and run

Start transaction ATC and press Schedule Run:

First create a new variant and refer to SCI variant SLIN_SEC:

Now schedule the run for your Z code:

The run can take a few hours.

More on ATC set up and running can be found in this blog.

Run results

Start transaction ATC and go to the results part:

Select your run:

The ATC result screen will show, but list can be very long:

Both Z programs and user exits will be shown (starting with S or X).

Press the Statistics View button top right to get a better overview:

The result list is now sorted per security item:

Don't let yourself be impressed by high numbers of the first run. Most issues are in old code: consider clean up. Focus on the priority 1 and priority 2 first. Finetune result set for priority 3 to lower the numbers.

Now you can zoom in to the issue per item by clicking on the line:

The details show the issue: hard coded user name. Clicking on the underlined code name in column Object Name will zoom into the code point to fix:

In this case hard coded break for a user. Fix is easy: delete the line of code.

Remote analysis

It is possible to use ATC remote analysis (see blog) for CVA. The full setup is explained in this SAP online help link. See also OSS note 2232083 – ATC/CI: SAP NetWeaver Application Server add-on for code vulnerability analysis – remote check runs – installation.

Checking license usage

Run program RSLIN_SEC_LICENSE_SETUP to check license usage:

Or run this from transaction SLIN_ADMIN.

SAP reference material

Generic presentation on SAP CVA can be found on this link.

CVA FAQ: follow this link.

CVA full list of checks: follow this link.

CVA as part of CI/CD development pipeline: follow this link.

ABAP code security issues explained: follow this link.

Bug fix and improvement notes

Bug fix and improvement OSS notes:

Data archiving: Financial documents

This blog will explain how to archive financial documents via object FI_DOCUMNT. Generic technical setup must have been executed already, and is explained in this blog.

Object FI_DOCUMNT

Go to transaction SARA and select object FI_DOCUMNT.

Dependency schedule:

No dependencies.

Main tables that are archived:

  • BKPF (accounting document header)
  • BSAD (accounting document secondary index for customers)
  • BSAK (accounting document secondary index for vendors)
  • BSAS (accounting document secondary index for GL accounts cleared items)
  • BSEG / RFBLG (cluster for accounting document)

Technical programs and OSS notes

Write program: FI_DOCUMNT_WRI

Delete program: FI_DOCUMNT_DEL

Post processing program: FI_DOCUMNT_PST

Read program: read program in SARA refers to FAGL_ACCOUNT_ITEMS_GL. This program you can use with online data and archive files as data source

Reloading of FI_DOCUMNT was supported in the past, but not any more: 2072407 – FI_DOCUMNT: Reloading of archived data.

Relevant OSS notes:

Application specific customizing

In the application specific customizing for FI_DOCUMNT you can maintain the document retention time settings:

Executing the write run and delete run

In transaction SARA, FI_DOCUMNT select the write run:

Select your data, save the variant and start the archiving write run.

Give the archive session a good name that describes the company code and year. This is needed for data retrieval later on.

After the write run is done, check the logs. FI_DOCUMNT archiving has average speed, and high percentage of archiving (up to 90 to 99%). Most of the items that cannot be archived is about open items.

Deletion run is standard by selecting the archive file and starting the deletion run.

Post processing

It is important to run the post processing of FI_DOCUMNT. After the archiving BSAK, BSAS and BSIS secondary table records are still present with the field ARCHIV marked with ‘X’. See notes 2683107 – Archived items still exist in BSAK and 2775018 – Archived items still exist in BSAK.

Standard SAP will deal correctly with this field. But custom made reports and the average BI data analyst will not.

So run post processing directly after the deletion run.

Data retrieval

For FI_DOCUMNT multiple read programs are available. To select them press the F4 search:

Start the program and select the button Data Source, tick the archive as well and select the archive files to read:

Due to data volume the query might run long. Select the archive files with care.

Most finance programs to list data use this Data Source principle.

SARI infostructure issues

If you get issues for sessions which are in error in SARI for infostructure SAP_FI_DOC_002, read the below potential work around.

The reason we see the errors for the archive session when we attempt to refill is that there are a number of documents that already exist in the infostructures, and there cannot be duplicates in the infostructure table.

The most common cause is that the variant for the WRITE program was set so the same document got archived twice into different archive files.

What can be done? If it is OK to have the same document in different files, you can ignore the archive session entries with error in SARI if the case is as above. To avoid having duplicate keys in the infostructure in future, you can add the filename as an extra key field to the infostructure. This can be done as follows:

  • SARI -> Customizing -> SAP_FI_DOC_002 -> Display
  • Technical data
  • Change the field “File Name Processing” from ‘D’ to ‘K’.

This is untested method.

Parallel processing

There is an option to archive Financial documents in parallel processing mode. This is an advanced development option. It uses archiving object FI_DOC_PPA. For more information read OSS note 1779727 – FI_DOCUMNT: Integrating parallel process with archiving.

If your data volume is manageable and you can archive during nights and weekends, keep it simple and use FI_DOCUMNT.

DST daylight saving time

3277061 – ABAP Date/Time Conversion with DST for SELECT_MESSAGES

DST (daylight saving time) starts in the spring (= a loss of one hour) and ends in the fall (= a gain of one hour ). For clock adjustment, one must remember “Spring forward, Fall back”.

Spring forward:

Fall backward:

Method 1: shut down the system

During the switch, simply shutdown the SAP system, for the entire duration of the double hour, and bring it up only after the double hour has passed. Thus, the SAP Kernel software does not have to deal with any possible mismatch of standard time and local time. The big setback off course is that you have work shutting down and starting up the systems in the middle of the night. And the business cannot work during this time. Long running weekend jobs might be interrupted as well and need to be redone.

Method 2: zero downtime by slowing down the time

Slow down the time by half, during the double hour, so that the 2 hour period is treated as one hour.

In SAP, executing this is easier than it appears by setting the parameter zdate/DSTswitch_contloctime = on which is default in the latest kernel release 6.40 and higher, so that you can make your SAP system see a continuous time with a deviation of 30 minutes.

During the conversion from summer time to winter time, there is a “doubled” hour.  In Europe, for example, the summer time is reset to winter time on the last Sunday in October between 2 a.m. and 3 a.m.

1:00    1:30    2:00    2:30    2:00    2:30    3:00 official time

–+——+—–x+xxxxx+xxxxxx+xxxxxx+xxxxxx+x—

How to check the time zone at different levels

  • Run the report from SA38: TZCUSTHELP (trouble shooting time zone)
  • Run the report from SA38: RSDBTIME (time diagnosis)
  • Run this function module in SE37: TZ_SYSTEM_GET_TZONE
  • Run this report fromSA38: TZONECHECK 

DST in non-ABAP systems

For DST in non-ABAP systems check these notes:

References

Excellent blog from SAP: Daylight Saving Time and Slowing Down The Time.

Reference OSS notes:

ABAP programming DST specific notes:

BTE events

BTE events are Business Transaction Events. These events can be used to put custom specific logic in ABAP code interface when this event occurs.

It is used by standard SAP, partner software, and you can create your own interfaces.

Pros and cons

The BTE can solve business specific issues in a graceful way with custom code. This is a large pro.

The biggest con is that the technique is hardly known. When there are issues inside the Z coding for BTE, they are tough to spot and to detect. Good documentation is required of the event usage (both on paper specification and inside the Z code).

BTE events

The main transaction for BTE events is FIBF:

The screen is indeed empty.

The main parts are below Settings and Environment.

To list all the events, choose Environment, Info System (P/S):

And the result screen:

If you select a line and press the Display Act Comp button, you can see the details, including the existence of a customer implementation:

Background and references

Many good blogs already exist. So no need to repeat here.

List of blogs and sites:

SAP profile parameters

This blog will give tips and tricks for SAP profile parameters.

List of all profile parameters

Program RSPARAM will list all profile parameters:

The system default, the user defined value and the description is listed.

Program RSPFPAR can be used for a selective set of parameters.

Explanation note: 3202666 – The RSPARAM report usage.

Changing profile parameters

Transactions RZ10 and RZ11 can be used to change the profile parameters. If lost after restart, check OSS note 2228845 – RZ10: New or changed value is not active after restart.

Check also OSS note 2789094 – Maintaining ASCS profiles using RZ10.

Checking history of profile parameters

Transaction TU02 will list the profile parameter changes:

A different way to check the history is using SAP Focused Run configuration validation. Read more on this feature in this blog.

Technical tables and routines

Table TPFET contains the current parameters.

Table PAHI is keeping the history of parameter changes (if not updated, read note 3205243 – PAHI Table data is not updated).

RFC enabled function module TH_GET_PARAMETER can be used to read a profile parameter value.

Search transaction for user-exit and BADI

As ABAP developer you need to search for a user-exit and/or BADI for a certain transaction.

The helper program below can help you here. Copy and paste the source code and run the program:

Enter the transaction code and let the program search. Results will show:

You can click on the exit or badi name to jump to the definition.

The program to search for BADI or user-exit

REPORT zbadi NO STANDARD PAGE HEADING.
*& Enter the transaction code that you want to search through in order *
*& to find which Standard SAP User Exits exists. *

TABLES : tstc, "SAP Transaction Codes
         tadir, "Directory of Repository Objects
         modsapt, "SAP Enhancements - Short Texts
         modact, "Modifications
         trdir, "System table TRDIR
         tfdir, "Function Module
         enlfdir, "Additional Attributes for Function Modules
         tstct, "Transaction Code Texts
         rsstcd,
         trkey.
*&---------------------------------------------------------------------\*
*& Definition of Types *
*&---------------------------------------------------------------------\*
TYPES: BEGIN OF t_badi_list,
         obj_name TYPE sobj_name,
         devclass TYPE devi_class,
         dlvunit  TYPE dlvunit,
         imp_name TYPE exit_imp,
         packname TYPE devclass,
         dlvunit2 TYPE dlvunit,
         text     TYPE sxc_attrt-text,
       END OF t_badi_list.
TYPES: BEGIN OF t_badi_list2,
         obj_name TYPE sobj_name,
         devclass TYPE devi_class,
         dlvunit  TYPE dlvunit,
       END OF t_badi_list2.
*&---------------------------------------------------------------------\*
*& Data Declaration *
*&---------------------------------------------------------------------\*
DATA: lt_badi_list  TYPE TABLE OF t_badi_list,
      lt_badi_list2 TYPE TABLE OF t_badi_list2,
      ls_badi_list  TYPE t_badi_list OCCURS 0 WITH HEADER LINE,
      ls_badi_list2 TYPE t_badi_list2.
RANGES: r_badi FOR tadir-obj_name ,
rt_badi FOR tadir-obj_name .
*&---------------------------------------------------------------------\*
*& Variables *
*&---------------------------------------------------------------------\*
DATA : jtab    LIKE tadir OCCURS 0 WITH HEADER LINE,
       p_trkey LIKE trkey.
DATA : field1(30),
badiname(20),
count TYPE p.
DATA : v_devclass  LIKE tadir-devclass,
       p_devclass  LIKE tadir-devclass,
       p_old_langu LIKE sy-langu,
       p_mod_langu LIKE sy-langu.
*&---------------------------------------------------------------------\*
*& Selection Screen Parameters *
*&---------------------------------------------------------------------\*
SELECTION-SCREEN BEGIN OF BLOCK a01 WITH FRAME TITLE TEXT-001.
SELECTION-SCREEN SKIP.
PARAMETERS : p_tcode LIKE tstc-tcode OBLIGATORY.
SELECTION-SCREEN SKIP.
SELECTION-SCREEN END OF BLOCK a01.
*&---------------------------------------------------------------------\*
*& Start of report *
*&---------------------------------------------------------------------\*
START-OF-SELECTION.
* Validate Transaction Code
  SELECT SINGLE * FROM tstc WHERE tcode EQ p_tcode.
*Find Repository Objects for transaction code
  IF sy-subrc EQ 0.
    SELECT SINGLE * FROM tadir WHERE pgmid = 'R3TR'
    AND object = 'PROG'
    AND obj_name = tstc-pgmna.
    MOVE: tadir-devclass TO v_devclass.
    IF sy-subrc NE 0.
* This section is used if a FGR is involved\!
      CALL FUNCTION 'RS_ACCESS_PERMISSION'
        EXPORTING
          global_lock             = 'X'
          object                  = p_tcode
          object_class            = 'TRAN'
          mode                    = 'SHOW'
          language_upd_exit       = 'RS_TRANSACTION_LANGUAGE_EXIT'
          suppress_language_check = space
        IMPORTING
          new_master_language     = p_old_langu
          modification_language   = p_mod_langu
          transport_key           = p_trkey
          devclass                = p_devclass
        EXCEPTIONS
          canceled_in_corr        = 1
          OTHERS                  = 2.
      IF sy-subrc = 0. " Success
        MOVE: p_devclass TO v_devclass.
      ELSE. " For the case that nothing is found\!
        SELECT SINGLE * FROM trdir WHERE name = tstc-pgmna.
        IF trdir-subc EQ 'F'.
          SELECT SINGLE * FROM tfdir WHERE pname = tstc-pgmna.
          SELECT SINGLE * FROM enlfdir WHERE funcname = tfdir-funcname.
          SELECT SINGLE * FROM tadir WHERE pgmid = 'R3TR'
          AND object = 'FUGR'
          AND obj_name = p_devclass.
          MOVE: tadir-devclass TO v_devclass.
        ENDIF.
      ENDIF.
    ENDIF.
*Find SAP Modifactions
    SELECT * FROM tadir INTO TABLE jtab
    WHERE pgmid = 'R3TR'
    AND object = 'SMOD'
    AND devclass = v_devclass.
    SELECT SINGLE * FROM tstct WHERE sprsl EQ sy-langu
    AND tcode EQ p_tcode.
    FORMAT COLOR COL_POSITIVE INTENSIFIED OFF.
    WRITE:/(19) 'Transaction Code - ', 20(20) p_tcode, 45(50) tstct-ttext.
    FORMAT COLOR COL_POSITIVE INTENSIFIED ON.
    SKIP.
    WRITE:/1 'The application area is:', v_devclass.
    SKIP.
    IF NOT jtab[] IS INITIAL.
      WRITE:/(95) sy-uline.
      FORMAT COLOR COL_HEADING INTENSIFIED ON.
      WRITE:/1 sy-vline, 2 'Exit Name', 21 sy-vline, 22 'Description', 95 sy-vline.
      WRITE:/(95) sy-uline.
      LOOP AT jtab.
        SELECT SINGLE * FROM modsapt
        WHERE sprsl = sy-langu
        AND name = jtab-obj_name.
        FORMAT COLOR COL_NORMAL INTENSIFIED OFF.
        WRITE:/1 sy-vline, 2 jtab-obj_name HOTSPOT ON, 21 sy-vline , 22 modsapt-modtext,
        95 sy-vline.
      ENDLOOP.
      WRITE:/(95) sy-uline.
      DESCRIBE TABLE jtab.
      SKIP.
      FORMAT COLOR COL_TOTAL INTENSIFIED ON.
      WRITE:/ 'No of Exits:' , sy-tfill.
      SKIP.
      WRITE:/(83) sy-uline.
      FORMAT COLOR COL_HEADING INTENSIFIED ON.
      WRITE:/1 sy-vline, 2 'Badi Name', 22 sy-vline, 23 'Description', 83 sy-vline.
      WRITE:/(83) sy-uline.
* select the BAdI Definitions from the tables sxc_exit and sxc_attr
      SELECT t~obj_name t~devclass tc~dlvunit sx~imp_name sat~text
      INTO CORRESPONDING FIELDS OF TABLE lt_badi_list
      FROM ( ( ( ( tadir AS t
      INNER JOIN
      tdevc AS tc ON t~devclass = tc~devclass )
      INNER JOIN
      sxc_exit AS sx ON sx~exit_name = t~obj_name )
      INNER JOIN
      sxc_attr AS sa ON sx~imp_name = sa~imp_name )
      INNER JOIN
      sxc_attrt AS sat ON sx~imp_name = sat~imp_name )
      WHERE t~pgmid = 'R3TR'
      AND t~object = 'SXSD' "means BAdI
      AND t~devclass = v_devclass "narrow down seach with Dev.Class
      AND sat~sprsl = sy-langu.
      SORT lt_badi_list.
      DELETE ADJACENT DUPLICATES FROM lt_badi_list.
* create Ranges
      LOOP AT lt_badi_list INTO ls_badi_list .
        r_badi-sign = 'I' .
        r_badi-option ='EQ' .
        r_badi-low = ls_badi_list-imp_name .
        r_badi-high = ls_badi_list-imp_name .
        APPEND r_badi TO rt_badi .
      ENDLOOP.
* select the implementations
      SELECT t~obj_name t~devclass tc~dlvunit
      INTO CORRESPONDING FIELDS OF TABLE lt_badi_list2
      FROM tadir AS t
      INNER JOIN
      tdevc AS tc ON t~devclass = tc~devclass
      FOR ALL ENTRIES IN rt_badi
      WHERE t~obj_name = rt_badi-low
      AND t~pgmid = 'R3TR'
      AND t~object = 'SXCI'.
      FORMAT COLOR COL_NORMAL INTENSIFIED OFF.
      WRITE:/(83) sy-uline.
      count = '0'.
      LOOP AT lt_badi_list INTO ls_badi_list .
        WRITE:/1 sy-vline, 2 ls_badi_list-obj_name HOTSPOT ON, 22 sy-vline,
        23 ls_badi_list-text, 83 sy-vline.
        count = count + 1.
      ENDLOOP.
      WRITE:/(83) sy-uline.
      DESCRIBE TABLE ls_badi_list.
      SKIP.
      FORMAT COLOR COL_TOTAL INTENSIFIED ON.
      WRITE:/ 'No of BADIs:' , count.
    ELSE.
      FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
      WRITE:/(95) 'No User Exit exists'.
    ENDIF.
  ELSE.
    FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
    WRITE:/(95) 'Transaction Code Does Not Exist'.
  ENDIF.
*&---------------------------------------------------------------------\*
*& Call SMOD or SE18 to lead the user to the selected exit or badi *
*&---------------------------------------------------------------------\*
AT LINE-SELECTION.
  GET CURSOR FIELD field1.
  IF field1(4) EQ 'JTAB'.
    SET PARAMETER ID 'MON' FIELD sy-lisel+1(10).
    CALL TRANSACTION 'SMOD' AND SKIP FIRST SCREEN.
  ELSEIF field1(12) EQ 'LS_BADI_LIST'.
    CALL FUNCTION 'SXO_BADI_SHOW'
      EXPORTING
        exit_name = sy-lisel+1(20)
                    EXCEPTIONS
                    action_canceled
                    access_failure
                    badi_not_exixting.
  ELSE.
  ENDIF.

Period end shift

The finance module works with periods. Mostly this is a calendar month, but it can also be a period of 4 or 5 weeks.

In a productive system the business Finance team will take care of month end closing and opening of new financial period.

In a sandbox or development system this might not be done. As a result logistical postings might fail with a message that the financial period must be opened.

Initialization of financial periods: MMPI

To initialize the periods in a newly installed system, start transaction MMPI:

Only run in newly installed systems!

Background and warning notes:

Period shift: MMPV

The shift the period with one month, start transaction MMPV:

MMPV relevant OSS notes:

Test slow network speed for FIORI and web developments

If you are working with users across the globe you will be faced with performance complaints for your FIORI apps and web developments.

To analyze these user complaints you need to throttle you network speed so it is behaving like a far way computer:

  • Lower bandwidth
  • Higher ping response times

The applications you develop close to the server on fast network can become very sluggish when used by distant users. It is your job as developer to analyze this issues and to improve your design to have less roundtrips.

Network throttling in Chrome

The full details of Chrome network throttling can be found here.

Short instruction:

  1. Open the developer tools with F12 and go to the Network settings

2. Select the No throttling and create a new profile:

3. Now select your profile:

Enjoy the new end user experience. Don’t forget to switch back to your normal speed!

Code and table generation

In some cases you need to regenerate specific coding and tables. An SGEN is too extensive for your situation.

Regenerate programs

Use program TOUCHSRC:

Or worst case program TOUCHALL:

Regenerate tables

For table regeneration run program TOUCHTAB:

And TOUCHINC for includes in table structures:

Background

Background OSS notes:

Best practice notes: