ABAP code to write to application log

The SLG1 application log is a powerful mechanism to support team in SAP systems.

This blog will explain how you can write to the application log in your own custom ABAP code using ABAP code below.

It is recommended to create one single SE24 ABAP class for the application log that can be re-used in all your custom code.

Instantiation method

First method to create is the instantiation method:

   DATA: zls_log        TYPE bal_s_log,
         zlt_log_handle TYPE bal_t_logh,
         zlt_message    TYPE bal_t_msg. 

      zls_log-object     = ziv_object.
      zls_log-subobject  = ziv_subobj.
      zls_log-extnumber  = ziv_extnumber.
      zls_log-aluser     = sy-uname.
      zls_log-alprog     = sy-repid.


 CALL FUNCTION 'BAL_LOG_CREATE'
      EXPORTING
        i_s_log                 = zis_log
      IMPORTING
        e_log_handle            = zgv_log_handle
      EXCEPTIONS
        log_header_inconsistent = 1
        OTHERS                  = 2.

As input you have to give SLG1 object name and sub object name. You can re-use existing or create new custom one in transaction SLG0.

Now you have a log handler.

Add the messages

Now you can add a method to add one or more messages, re-using the log handler:

zls_msg      TYPE bal_s_msg,

      CALL FUNCTION 'BAL_LOG_MSG_ADD'
        EXPORTING
          i_log_handle     = zgv_log_handle
          i_s_msg          = zls_msg
        EXCEPTIONS
          log_not_found    = 1
          msg_inconsistent = 2
          log_is_full      = 3
          OTHERS           = 4.

Save the log

Create a method for saving the application log, again re-using the log handle:

    CALL FUNCTION 'BAL_DB_SAVE'
      EXPORTING
        i_t_log_handle   = zlt_log_handle
      EXCEPTIONS
        log_not_found    = 1
        save_not_allowed = 2
        numbering_error  = 3
        OTHERS           = 4.

Set up once and re-use

Set up the application logging helper class once in SE24 and tell all your developers to re-use it. You might find out that you developer already used the function modules above a lot in their Z code. This can be found with the ABAP code scanner tool. Check case by case when it makes sense to swap to the central helper class.

ABAP editor lock

ABAP programs can be protected from changes by setting the editor lock. Only do this for very critical programs.

This blog will primarily focus on methods to remove the editor lock.

Editor lock

The editor lock is set on the properties of an ABAP program:

The property to set is the Editor Lock tickbox.

When this is set only the author can change the program.

Change user for editor lock

In some cases you have a valid reason to lift the editor lock. If the person has left, or you need to change the program for bug fixing emergency and you can’t wait until the owner is back.

Change editor lock via SE03

As basis administrator you can change the owner of the editor lock in transaction SE03:

Change via SU01 usage

When person left: alter the password for this user in SU01. Log on as this user and remove the editor lock.

Via table editing of table PROGDIR

Goto table PROGDIR and view the content (via SE11). Search for your program and edit the entry:

Remove the EDTX flag and save. Editor lock is gone.

SE95 modification overview

Transaction SE95 can be used to get an overview of modifications in your SAP system.

Questions that will be answered in this blog are:

  • What is the definition of a modification?
  • How can I list all modifications in my system?
  • How can I make a download of all the modifications in my system?
  • How can I filter on real modifications and exclude the modifications caused by OSS notes?

Definition of modifications

This is the most tricky question: how many modifications are in your system? A question that will be asked to you every now and then. The answer can very between a very small number and a very large number. Even with the same system. This is because the way SAP is measuring modifications. OSS notes applied count as modifications. Classical user exits like MV45AFZF also count as modifications. Condition records (VOFM routines starting with RV) also count as modifications. But you can still consider the system as 100% standard.

Real modifications are only those where the customer willingly changed the SAP coding and its functionality, which is not based on an instructions from an OSS note.

In many cases with discussion on system quality, the number of modifications is misused! Be careful to check how your analysis figures will be used.

Modification browser

Start transaction SE95 to reach the modification browser initial screen:

You can now see the SE95 result list:

You can drill down based on the objects.

For a view per package, check the Packages display option on the first screen:

Listing for download

SE95 has a major setback: the list is very hard to export. The modifications are stored in database view SMODIDEVC.

From here do select only the MOD (modifcations):

The resulting output list can be easily downloaded into an excel format.

System log messages and audit log messages

System and audit log message are used in many different ways and applications.

When you have a system log message code or audit log message code, you might want more information, or in some cases change the severity level of the code.

Questions that will be answered in this blog are:

  • Where can I find the definition of the system log message codes and their long text?
  • Where can I find the definition of the audit log message codes and their long text?
  • How can I change the severity of system log and audit log messages?

Maintenance of system log and audit log messages

Maintenance of system and audit log messages is done with transaction SE92:

You can now get a list of messages:

And per message you can see the details:

In the details you can see the short text, long text and the Severity. The severity will determine the traffic light in the SM21 system log overview.

Related OSS notes

OSS notes:

RFC connections with fast serialization

Fast serialization is an option in the RFC settings to increase performance.

Questions that will be answered in this blog are:

  • What is required to use RFC fast serialization?
  • When to use RFC fast serialization?
  • How do I make the settings for RFC fast serialization?

Fast serialization

Fast serizalization is available since release Basis 7.51. Downport might be possible, but think twice if you want to do this. Background OSS note on fast serialization is 2372888 – Fast serialization in RFC.

The whole goal of fast serialization is simply to increase the performance.

The fast serialization option is set in the RFC destination on the tab Special Options at the bottom:

Note that in S4HANA destination NONE is using fast serialization by default. Keep it that way.

When to use fast serialization

Fast serialization can be used when both the sender and receiver side of the RFC connection supports it.

Fast serialization in custom or standard RFC function modules

In SE37 SAP can set an RFC enabled function module Interface Contract to Fast serialization required. If you have build custom RFC function module that also only works with Fast serialization you should set this option:

SAP tutorial navigator

SAP and senior developers have set up quite a lot of nice tutorials. The tutorials are very good in explaining a how to execute a specific development or basis task. There are many tutorials on the SAP cloud products which can be new for a lot of ABAP and basis persons.

The SAP tutorial navigator is a good starting point exploring the tutorials.

Questions that will be answered in this blog are:

  • How to use the SAP tutorial navigator to find a tutorial that interests me?

SAP tutorial navigator

The SAP tutorial navigator can be started via the URL https://developers.sap.com/tutorial-navigator.html.

The main page will open:

You can search or filter based on the key words:

If you select the tutorial, the detailed tutorial will open now:

On the details page there is learning content and pre-requisites. On the right hand side you can navigate through the steps.

Then you can start with the step by step tutorial in a click here, click there easy to follow style:

SAP API business hub

SAP has collected all their web services and ODATA services on one central page.

Questions that will be answered in this blog are:

  • How to use the SAP API business hub to find an SAP interface for my use case?

SAP API business hub

Start the SAP API business hub by going to the URL api.sap.com:

Let’s zoom in to SAP S4HANA:

Now search for Sales Order and select the Sales Order ODATA:

For each method you can zoom into the details:

On the main details tab you can download the API specification, for example in JSON format:

Also it tells you how to build the URL to be called.

A bit below on the same screen is the link to the online documentation:

Which links to the actual help.sap.com helpfile:

SAP reference

SAP reference blog can be found here.

SAP icons

SAP uses many icons in the SAP GUI and on their web applications. This blog will explain how to find them.

Questions that will be answered in this blog are:

  • How can I find SAP icon codes for SAP GUI use?
  • How can I find icons for SAP web applications and FIORI?

Icons in SAP GUI

To get a list of icons in SAP GUI, start transaction ICON:

If you want to search more specific or have a different sorting, you can start report SHOWICON:

With result screen:

Another icon program is RSTXICON:

SAP web applications

There is also an online icon explorer for SAP web applications and FIORI. Follow this URL:

and detailed screen:

BRF+ transport issues

BRF+ rules are nice for developers to use, but can give you some serious issues at transport level.

Questions that will be answered in this blog are:

  • Which tools and analysis programs are available in case I have issues with BRF+ transports?
  • How to recognize BRF+ transport issues?
  • Which relevant OSS notes to check in case of transport issues?

BRF+ transport issue detection

BRF+ rules can cause both issues at export (RC-8) and at import (RC-8 or content not updated while transport shows RC-0 or RC-4). Check the transport for BRF+ rules: they start with FDT.

Troubleshooting BRF+ with FDT_HELPERS

The main basis troubleshooting transaction is FDT_HELPERS.

FDT helpers start screen

It contains many tools that can assist in issue solving.

BRF+ transport issue support programs

BRF+ versioning and transport information is not displayed by default. You have to switch to expert mode first. See OSS note 2830979 – Versioning and transport information missing in the BRF+ workbench.

Support program FDT_TRANS can be used to put BRF+ rule into a transport:

FDT_TRANS

For mass checking run program FDT_TRANS_MASS_CHECK:

FDT_TRANS_MASS_CHECK

RC-8 upon export

If somebody is still in Edit mode in the BRF+ transport you want to release, then the transport export of the BRF+ transport will end in an RC-8. This is quite hard to detect in the RC-8 export log of the transport. So in case you are faced with export RC-8 of BRF+: ask everybody to go away from the BRF+ edit modes and re-export the transport.

Transport issue OSS notes

You can also check the following OSS notes:

SAP logon user exit hack

In SAP there is a user exit just behind the logon of a user. This can be used correctly, but also used for hacking.

Questions that will be answered in this blog are:

  • How to switch on the user exit after logon?
  • What is good use of the user exit after logon?
  • How to use the user exit for hacking?

Activation of the user exit

In transaction SMOD you can call up user exit SUSR0001:

This exit has only one component:

Double click on the exit to go to the Z code include:

To activate the exit, create a project in CMOD and and include this enhancement. Then double click on the include code ZXUSRU01 to activate the code.

Good use of the user exit

The user exit itself is described in OSS note 37724 – Customer exits in SAP logon. Example of good use it to restrict multiple logons in case you cannot switch on parameter login/disable_multi_gui_login. See OSS note 142724 – Prevention of multiple SAPGUI logons.

The exit is also used a lot by GRC and firefighter type of tools.

The user exit logon hack

In the user exit code, you can put in your own stuff.

As hacking example: copy function module PASSWORDCHECK and the screen that belongs to it to your own ZPASSWORDCHECK.

Modify the screen logic a bit. This is the original code:

Now change the code: the password is always reported back as ok. And the user input you catch in the field password is yours: you can mail it or store it somewhere for you to pick up later.

Put the altered code in the user-exit with logic:

IF SY-UNAME = 'target user name' and not capture before.    
  CALL Z function ZPASSWORDCHECK.    
  Store capturing.     
  Set capture flag.
ENDIF.

This looks as follows at runtime:

Many end users (and even auditors) will enter their password without thinking twice.

Alternatively you can use function module POPUP_GET_USER_PASSWORD as a basis for your copy: this has also clear text password:

The password field can be stored.

This has the following look and feel:

Detection and protection

It is wise to shield off this user exit from improper use and to yearly check the content of what is inside this user exit.