SE95 modification overview

Transaction SE95 can be used to get an overview of modifications in your SAP system.

Questions that will be answered in this blog are:

  • What is the definition of a modification?
  • How can I list all modifications in my system?
  • How can I make a download of all the modifications in my system?
  • How can I filter on real modifications and exclude the modifications caused by OSS notes?

Definition of modifications

This is the most tricky question: how many modifications are in your system? A question that will be asked to you every now and then. The answer can very between a very small number and a very large number. Even with the same system. This is because the way SAP is measuring modifications. OSS notes applied count as modifications. Classical user exits like MV45AFZF also count as modifications. Condition records (VOFM routines starting with RV) also count as modifications. But you can still consider the system as 100% standard.

Real modifications are only those where the customer willingly changed the SAP coding and its functionality, which is not based on an instructions from an OSS note.

In many cases with discussion on system quality, the number of modifications is misused! Be careful to check how your analysis figures will be used.

Modification browser

Start transaction SE95 to reach the modification browser initial screen:

You can now see the SE95 result list:

You can drill down based on the objects.

For a view per package, check the Packages display option on the first screen:

Listing for download

SE95 has a major setback: the list is very hard to export. The modifications are stored in database view SMODIDEVC.

From here do select only the MOD (modifcations):

The resulting output list can be easily downloaded into an excel format.

System log messages and audit log messages

System and audit log message are used in many different ways and applications.

When you have a system log message code or audit log message code, you might want more information, or in some cases change the severity level of the code.

Questions that will be answered in this blog are:

  • Where can I find the definition of the system log message codes and their long text?
  • Where can I find the definition of the audit log message codes and their long text?
  • How can I change the severity of system log and audit log messages?

Maintenance of system log and audit log messages

Maintenance of system and audit log messages is done with transaction SE92:

You can now get a list of messages:

And per message you can see the details:

In the details you can see the short text, long text and the Severity. The severity will determine the traffic light in the SM21 system log overview.

Related OSS notes

OSS notes:

RFC connections with fast serialization

Fast serialization is an option in the RFC settings to increase performance.

Questions that will be answered in this blog are:

  • What is required to use RFC fast serialization?
  • When to use RFC fast serialization?
  • How do I make the settings for RFC fast serialization?

Fast serialization

Fast serizalization is available since release Basis 7.51. Downport might be possible, but think twice if you want to do this. Background OSS note on fast serialization is 2372888 – Fast serialization in RFC.

The whole goal of fast serialization is simply to increase the performance.

The fast serialization option is set in the RFC destination on the tab Special Options at the bottom:

Note that in S4HANA destination NONE is using fast serialization by default. Keep it that way.

When to use fast serialization

Fast serialization can be used when both the sender and receiver side of the RFC connection supports it.

Fast serialization in custom or standard RFC function modules

In SE37 SAP can set an RFC enabled function module Interface Contract to Fast serialization required. If you have build custom RFC function module that also only works with Fast serialization you should set this option:

SAP tutorial navigator

SAP and senior developers have set up quite a lot of nice tutorials. The tutorials are very good in explaining a how to execute a specific development or basis task. There are many tutorials on the SAP cloud products which can be new for a lot of ABAP and basis persons.

The SAP tutorial navigator is a good starting point exploring the tutorials.

Questions that will be answered in this blog are:

  • How to use the SAP tutorial navigator to find a tutorial that interests me?

SAP tutorial navigator

The SAP tutorial navigator can be started via the URL

The main page will open:

You can search or filter based on the key words:

If you select the tutorial, the detailed tutorial will open now:

On the details page there is learning content and pre-requisites. On the right hand side you can navigate through the steps.

Then you can start with the step by step tutorial in a click here, click there easy to follow style:

SAP API business hub

SAP has collected all their web services and ODATA services on one central page.

Questions that will be answered in this blog are:

  • How to use the SAP API business hub to find an SAP interface for my use case?

SAP API business hub

Start the SAP API business hub by going to the URL

Let’s zoom in to SAP S4HANA:

Now search for Sales Order and select the Sales Order ODATA:

For each method you can zoom into the details:

On the main details tab you can download the API specification, for example in JSON format:

Also it tells you how to build the URL to be called.

A bit below on the same screen is the link to the online documentation:

Which links to the actual helpfile:

SAP reference

SAP reference blog can be found here.

SAP icons

SAP uses many icons in the SAP GUI and on their web applications. This blog will explain how to find them.

Questions that will be answered in this blog are:

  • How can I find SAP icon codes for SAP GUI use?
  • How can I find icons for SAP web applications and FIORI?

Icons in SAP GUI

To get a list of icons in SAP GUI, start transaction ICON:

If you want to search more specific or have a different sorting, you can start report SHOWICON:

With result screen:

Another icon program is RSTXICON:

SAP web applications

There is also an online icon explorer for SAP web applications and FIORI. Follow this URL:

and detailed screen:

BRF+ transport issues

BRF+ rules are nice for developers to use, but can give you some serious issues at transport level.

Questions that will be answered in this blog are:

  • Which tools and analysis programs are available in case I have issues with BRF+ transports?
  • How to recognize BRF+ transport issues?
  • Which relevant OSS notes to check in case of transport issues?

BRF+ transport issue detection

BRF+ rules can cause both issues at export (RC-8) and at import (RC-8 or content not updated while transport shows RC-0 or RC-4). Check the transport for BRF+ rules: they start with FDT.

Troubleshooting BRF+ with FDT_HELPERS

The main basis troubleshooting transaction is FDT_HELPERS.

FDT helpers start screen

It contains many tools that can assist in issue solving.

BRF+ transport issue support programs

BRF+ versioning and transport information is not displayed by default. You have to switch to expert mode first. See OSS note 2830979 – Versioning and transport information missing in the BRF+ workbench.

Support program FDT_TRANS can be used to put BRF+ rule into a transport:


For mass checking run program FDT_TRANS_MASS_CHECK:


Transport issue OSS notes

You can also check the following OSS notes:

SAP logon user exit hack

In SAP there is a user exit just behind the logon of a user. This can be used correctly, but also used for hacking.

Questions that will be answered in this blog are:

  • How to switch on the user exit after logon?
  • What is good use of the user exit after logon?
  • How to use the user exit for hacking?

Activation of the user exit

In transaction SMOD you can call up user exit SUSR0001:

This exit has only one component:

Double click on the exit to go to the Z code include:

To activate the exit, create a project in CMOD and and include this enhancement. Then double click on the include code ZXUSRU01 to activate the code.

Good use of the user exit

The user exit itself is described in OSS note 37724 – Customer exits in SAP logon. Example of good use it to restrict multiple logons in case you cannot switch on parameter login/disable_multi_gui_login. See OSS note 142724 – Prevention of multiple SAPGUI logons.

The exit is also used a lot by GRC and firefighter type of tools.

The user exit logon hack

In the user exit code, you can put in your own stuff.

As hacking example: copy function module PASSWORDCHECK and the screen that belongs to it to your own ZPASSWORDCHECK.

Modify the screen logic a bit. This is the original code:

Now change the code: the password is always reported back as ok. And the user input you catch in the field password is yours: you can mail it or store it somewhere for you to pick up later.

Put the altered code in the user-exit with logic:

IF SY-UNAME = 'target user name' and not capture before.    
  Store capturing.     
  Set capture flag.

This looks as follows at runtime:

Many end users (and even auditors) will enter their password without thinking twice.

Alternatively you can use function module POPUP_GET_USER_PASSWORD as a basis for your copy: this has also clear text password:

The password field can be stored.

This has the following look and feel:

Detection and protection

It is wise to shield off this user exit from improper use and to yearly check the content of what is inside this user exit.

APC: Abap push channel

The ABAP push channel (APC) is the ABAP implementation of websockets. It’s goal is to enable the ABAP stack to send push messages to registered web clients.

This blog will answer the following questions:

  • How to setup an ABAP push channel?
  • How to implement the ABAP push channel?
  • How to test the ABAP push channel?
  • Where to find more background and examples on ABAP push channel?

Setting up an ABAP push channel

To setup an ABAP push channel go to transaction SE80 and right click, select create / connectivity / ABAP push channel notification.

Now press the Generate Class and Service button. The classes and services will now be generated as placeholders. Save your work.

If you try to activate the service at this point in time you get this error message:

The reason is that we didn’t implement two methods of the new class yet: the ON_START and ON_MESSAGE.

Implementing the actual APC class

To do this, we go to SE24 and lookup the generated class and we select the ON_START method:

Press the redefine button to redefine the method.

Use this code in the method:

* send the message on WebSocket connection
DATA(lo_message) = i_message_manager->create_message( ).        lo_message->set_text( |ON_START has been successfully executed !| ).
i_message_manager->send( lo_message ).
CATCH cx_apc_error INTO DATA(lx_apc_error).
MESSAGE lx_apc_error->get_text( ) TYPE 'E'.

This basically confirms the push channel registration.

Now redefine the ON_MESSAGE method:

* create the message object
DATA(lo_message) = i_message_manager->create_message( ).
* send message
lo_message->set_text( |Hello World !| ).
i_message_manager->send( lo_message ).
CATCH cx_apc_error INTO DATA(lx_apc_error).
MESSAGE lx_apc_error->get_text( ) TYPE 'E'.

It simply pushes the message: ‘Hello World’.

Save and generate the class in SE24.

Now we can go back to the SE80 ABAP push channel we have created and activate it as well. You can run the consistency check to see all is fine:

Testing the ABAP push channel

Now you can test the ABAP push channel by hitting the test button in the SE80 screen of the ABAP push channel. The test service will launch an ABAP webdynpro screen.

If the ABAP webdynpro screen does not launch, activate in SCIF transaction the following 2 nodes: WDR_TEST_APC and WDR_TEST_APC_WSP.

Test result:

As an alternative to SE80 you can also use transaction SAPC:

Background information

Excellent blogs on ABAP push channels are:

SAP interfacing: REST

The SAP ABAP stack can also interface using REST protocol. To support this interface protocol SAP has developed special classes in the ABAP stack.

Questions that will be answered in this blog are:

  • How do I create a REST interface in ABAP stack?
  • How do I test a REST interface in ABAP stack?
  • Which tools to use to developer REST interface?


SAP delivers in the ABAP netweaver stack the ABAP REST library. The full specification can be found on the SAP help portal. The help portal also contains a small tutorial. Next to the pre-delivered REST library classes there are no tools for you available to faster develop REST in ABAP. It is coming down to SE24 and SE80.

Good reference blog is the SAP blog on usage of REST in Netweaver 7.4. This also explains the generic REST architecture implementation in ABAP.

Creating REST service in ABAP

We will create a simple Hello World REST service in ABAP. There are 2 main classes in REST ABAP: the application class handling the URL and the resource class where the logic is.

Start transaction SE24 and create a new class inheriting from the SAP delivered class CL_REST_HTTP_HANDLER:

REST create class

important here to press the inheritance button! Fill out CL_REST_HTTP_HANDLER as superclass:

REST create class as inheritance

It is mandatory to redefine the GET_ROOT_HANDLER method:

For now just leave the method empty. Save and generate.

Now create the REST resource class based on inheritance of CL_REST_RESOURCE:

REST define resource class

Now redefine the GET method:

REST resource class redefine GET method

No we add a simple implementation by simply adding the text ‘Hello World’:

REST resource class GET method implementation

Save and activate this class.

Now we go back to the previous class: the application class. In here we now edit the GET_ROOT_HANDLER implementation we left empty earlier:

REST implementation of root handler

If the URL is getting the input /hello then the handler class (our resource class) ZCL_HELLO_WORLD_RES_REST is called. This class will return the string.

Save and activate again. The coding work is done.

Runtime implementation

Now we need to make a runtime implementation. Goto transaction SICF and select the main node default_host first. Then select from the menu Service/Host the option Create Service:

REST SICF create service

Fill out the name of the service and click ok. In the next screen give a description and in the Handler List section refer to the application class ZCL_HELLO_WORLD_REST:

REST SICF handler

Save the service. The service is created but not active. To activate right click on the service and select Activate:

REST SICF activate service

Testing the service

From the previous SICF screen right click the service again and select the option Test Service. A screen will come that says “No suitable resource found”. Now modify the URL by adding /hello after the test in the URL, and press enter again:

REST SICF test service

The URL build up: the test is the name defined in SICF. The /hello was defined in the application class.

Authorizations and security

The REST library has no specifics about authorization and security. So you have to take care your self.

Business authorization security: has to be built in via AUTHORITY-CHECK statements at the correct spots.

Technical security is provided in the Logon Data tab on the SICF node. Here you can set requirements for the technical logon method and if you only allow https.