Watch the following videos for FREE
SAP Security Training How to setup what can be changed in Child System
http://www.youtube.com/watch?v=KrH_dQSp6yk
SAP Transactions for Securing Custom Programs
Monday 12 September 2011
Kernel Upgrade steps
Here is the Procedure to Update your SAP Kernel
Stop all R/3 Processes and the Database
% stopsap all
Stop SAPOSCOL process
% saposcol -d
Stop ListnerControl process by logging in as ora user
%lsnrctrl stop
Download Kernel Patches
Copy Them to a directory on Central Instance
Backup Your Old Kernel (by renaming it or moving it)
uncar the downloaded files
After that restart your services in following order
Listner
SAPOSCOL
Database
R/3
How to send Message to Specific user on SAP
Some-times we need to send a specific message to specific user in SAP which is not possible by using SM02..SO here is the trick to do it :
Use function module TH_POPUP
goto Transaction code SE37 enter the function module name & test run it
the the resulting screen is shown below, type the details and execute.
The user must be logged into the system to receive the message
How to update the SAP kernel
1. create a folder to store the kernel SAR fileDVEBMGS00exe10. copy everything from the new kernel folder to E:usrsapE05SYSexeucIA6411. start SAPOSCOL and SAP SERvice12. start SAP console
2. copy the SAR file to the new folder
3. run sapcar -xvfSAPEXEDB* (database dependent)4. run sapcar -xvf SAPEXE_* (database independent)Step 3 and 4 are to extract the kernel5. stop SAP console6. stop SAP service7. stop SAPoscol service8. remove the SAPEXEDB___.SAR and SAPEXE__.SAR from the new kernel folder 9. copy everything from the new kernel folder to E:usrsapNote, Don't forget the backup before upgrade.
How to update using SPAM SAINT
Importing a SPAM/SAINT Update
Use:
A SPAM/SAINT Update (SPAM update for short) contains updates and improvements to Support Package Manager and Add-On Installation Tool. There is always one SPAM update for each release.
The latest SPAM update is also available in SAP Support Portal, under service.sap.com/spManager.
Make sure you always have the most recent version of SPAM update before importing Support Packages or Installation Packages.
Prerequisites
You can only import a SPAM update if there are no terminated packages in the system.
A dialog box informs you if there are any terminated packages. You then have two options:
? Import the entire queue to begin with and then the SPAM update.
? Delete the queue, import the SPAM update, then import the queue.
You can only delete the queue if module Import 1 has not yet started (up to phase SCHEDULE_RDDIMPDP).
Procedure
1. Call Support Package Manager (transaction SPAM).
2. Check if the SPAM update offered is newer than the one in your system.
3. To import the most recent SPAM update, choose Support Package ® Import SPAM update.
SPAM updates are automatically confirmed once they have been imported.
How will you check whether database active or not from OS
There are so many options to check whether DB is active or not1. ps -ef |grep ora2. ps -ef |grep ora_3. ps -ef |grep pmon4. R3trans -d ; give RC - 0000 means active other than 0000 is error5. in Brtools 1.Instance Management, 6 - Show instance status, 3-Database instance, give the instance name i mean Database Name and press continue....give the status s6. we can also check for SQLSQL> select status from v$instance;STATUS------------OPEN7. From SAPDBA, it will show the status on top.
Introduction to ASAP Methodology
AcceleratedSAP methodology is proven, repeatable and successful approach to implement SAP solutions across industries and customer environments.
It provides content, tools and expertise from thousands of successful implementations.
Phase 1: Project Preparation :
During this phase the team goes through initial planning and preparation for SAP project.
Define project goals and objectives
Clarify the scope of implementation
Define project schedule, budget plan, and implementation sequence
Establish the project organization and relevant committees and assign resources
Phase 2: Business Blueprint
The purpose of this phase is to achieve a common understanding of how the company intends to run SAP to support their business. Also, to refine the original project goals and objectives and revise the overall project schedule in this phase. The result is the Business Blueprint, a detailed documentation of the results gathered during requirements workshops.
Phase 3: Realization:
The purpose of this phase is to implement all the business process requirements based on the Business Blueprint. The system configuration methodology is provided in two work packages: Baseline (major scope); and Final configuration (remaining scope). Other key focal areas of this phase are conducting integration tests and drawing up end user documentation.
Phase 4: Final Preparation:
The purpose of this phase is to complete the final preparation (including testing, end user training, system management and cutover activities) to finalize your readiness to go live. The Final Preparation phase also serves to resolve all critical open issues. On successful completion of this phase, you are ready to run your business in your live SAP System.
Phase 5: Go Live & Support:
The purpose of this phase is to move from a project-oriented, pre-production environment to live production operation. The most important elements include setting up production support, monitoring system transactions, and optimizing overall system performance.
Sunday 11 September 2011
How to simulate risk in SAP GRC RAR
Watch the following video and post your comments.
Sorry, I could not read the content fromt this page.Logging user actions
You want to record the activities of users in the system.
You are looking for different possibilities to log user activities in the SAP system, among other things to
Solution
In the standard SAP System, extensive functions exist for logging user activities and changes to the system.You must use them selectively to record the required data specifically, and at the same time to facilitate their efficient evaluation and utilization. When you log user activities you must generally note that
Existing data protection laws are not violated (for example, German Data Protection Act). In certain cases, recording is only permitted when approved by the data protection officer and an employee representative and is additionally subject to the regulations of a company agreement.
Large datasets can develop very quickly whose storage and evaluation require considerable operating funds which can reach the limits of practical feasibility.
In the overview, the following functions are displayed in the standard SAP System:
Logging table changes:
--------------------------------------
Logging table changes for Customizing is activated via the profile parameters rec/client. In the standard system tables that must be logged are marked for logging. Customer-specific settings are possible via Transaction SE11:
Tools --> ABAP Workbench --> Dictionary --> Database table --> Technical settings
Transaction SCU3 can be used for evaluation.
(see R/3 Online help: BC ABAP Dictionary --> Logging)
Master data table changes are written according to the principles of the respective accounting (GOBS) in the proper business areas via change documents. With this, the change, the name of the user, the current field contents and the previous field contents are all logged for each field.
Statistical data for user behavior
----------------------------------
In the system, statistical data for the workload and for the user behavior is constantly recorded and compressed in adjustable time intervals.This statistical data is only accessible for users with administration authorization and is used exclusively for the purpose of an efficient and secure operation of the SAP system.
If statistical data is used for the purpose of the settlement, the settlement number is evaluated rather than the user name. The recording of statistical data can also be deactivated.
Transaction STAT:
Tools --> CCMS --> Control/Monitoring --> Performance menu --> Workload --> Statistics records
(also see R/3 Online Help: BC Computing Center Management System --> Workload Monitor)
Logging security-related system events:
------------------------------------------------------
The syslog is available for this, and as of Release 4.0 the security audit log is additionally available.In the syslog, the locking of users and operating system calls are logged.
In the security audit log, the following is recorded:
Logon, RFC logon, transaction start, call of RFC function modules, call of reports (as of Release 4.6), changes to user master records, start/stop of systems, download from data (as of Release 4.6) and so on.
To activate the security audit log, the profile parameter rsau/enable must be set, and settings must be defined with Transaction SM19.With Transaction SM20, the evaluation of the security audit log is carried out. The audit files can be reorganized using Transaction SM18.
System log (Transaction SM21): Administration --> System administration --> Monitor --> System log
(see R/3 Online help: BC System services --> System logs)
Security audit log (Transaction SM18, SM19, SM20):
Administration --> System administration --> Monitor --> Security audit log
(see R/3 Online help: BC System services --> Security audit log)
SQL Audit log
-------------
As of Release 4.5, there is additionally the option to record all the resulting SQL "SELECT" statements from user actions in the database interface by specifiying the selection criteria, users, time, report and statement (refer to Note 115224).
I have user to which i have assigned SAP ALL and SAP NEW p
I have user to which i have assigned SAP_ALL and SAP_NEW profiles but now i want to remove STMS transaction authorization for that user. Please suggest me who can i do this?
I have user to which i have assigned SAP_ALL and SAP_NEW profiles but now i want to remove STMS transaction authorization for that user. Please suggest me who can i do this?
LiveCache migration FAQs
What happens if the /sapapo/om_order_lc_to_dbstart, /sapapo/om_upgrade_converter, /sapapo/om_upgrade_lc_anchors, and /sapapo/om_order_db_to_lcstart jobs are running?
The /sapapo/om_order_lc_to_dbstart program (report /sapapo/om_order_lc_to_db) starts jobs that save the liveCache transaction data to the APO database.The /sapapo/om_order_db_to_lcstart program (report /sapapo/om_order_db_to_lc) starts jobs that transfer the transaction data from the database back to the liveCache.
The /sapapo/om_upgrade_converter program converts the internal data structure of the /sapapo/upgrade cluster table, where the (compressed) transaction data is saved. This is necessary because the internal organization of the table was changed.
The /sapapo/upgrade_lc_anchors program transfers the master data saved in the APO database back to the liveCache. In contrast to /sapapo/delete_lc_anchors, activity texts in the APO database are not deleted.
When and how are the time series and allocations backed-up?
See the relevant APO documentation.
Why is the migration executed via SAP reports and not via SAP migration tools (as it is done when migrating Oracle from NT to Unix)?
There are no relevant tools.
When can I deactivate the old liveCache?
Once all jobs that save the transaction data from the liveCache to the database (that is, all jobs with a 'LC_SAVE' name) are terminated.
For RFC connections: all clients or production clients only?
You only need to connect production clients. However, if you want, you can also connect other clients.
Should the new liveCache have the same name as the previous liveCache?
This is not necessary. It is only important that you maintain the LCA/LDA connection correctly.
Is there any major difference between SAP Security adminis
Is there any major difference between SAP Security administration functions between different SAP SYSTEMS
SAP Security and basis are common thread of people who will be involved in all the sap systems. It can be Portal, BI SRM CRM ECC etc. Since all the systems will need access restrictions within the system. So there will be a need for SAP Security administrators for all the systems.
Is there any major difference between SAP Security administrations between different SAP SYSTEMS?Let us say you are driving Hyundai Car for past two years. You now understand where all the different controls are located and you very comfortable with driving the car. You also know the common problems or preventive measures you need to take base on the type and make of the car, like when to change the tire, when check for tire pressure, when to change new tires, when to do tune-ups etc. Let us say now you are given a Toyota Minivan to drive and do you think you will be difficult to drive. Of course you cannot jump into the van and drive. You need to look at where all the controls are located, ask the previous owner for some of the tips and tricks, and all the options available.Please watch the SAP demo training for preparing you for SAP OpeningsSAP GRC Training -About the Training
httpv://www.youtube.com/watch?v=ypX6oa_ObF8
Logging on to SAP and Basic Introduction
httpv://www.youtube.com/watch?v=fyFuOLIqR2A
SAP Online Training-SU24 Object Status
httpv://www.youtube.com/watch?v=bu03bCmMzSM
Browsing SAP Tables for Audit Compliance
httpv://www.youtube.com/watch?v=ZtRYSizs6w0
Creating and scheduling SAP Batch Jobs in SAP System
httpv://www.youtube.com/watch?v=G5DJqLMPsHQ
SAP GRC features: Ruining Batch job to check for risk in the roles or users Daily
httpv://www.youtube.com/watch?v=pMSPK9kDLSc
This same concept applies to SAP Security. Once you learn SAP Security for SAP ECC. The general concepts of trouble shooting techniques, SAP authorization concept, tracing for missing authorization, analyzing the error logs, applies to all the SAP Systems line SAP SEM, SAP SRM, SAP PLM SAP BI etc. Each of them have little twist and something new functionality but the general concept remains the same. For example restricting data in BI or BOBJ needs to be done at the info object level and SRM the data to the vendors has to be restricted at the hierarchy level.In a company environment when the company has multiple systems they want the all the SAP security administrators to manage all the systems since they want everyone to have some knowledge about the all SAP Systems. Once the client is live with all the SAP system they want them to support these systems. They could be on call and they should be able to understand the problem and resolve the issues www.SapSecurityTrainer.comSAP GRC and Audit Compliance Security TrainingDownload attached file(s)Installation and Configuration of SAPGUI for Java on Linux
How to install and configure SAPGUI for Java on Linux, here I’ll explain it briefly.
Prepare these stuffs before you can proceed to installation :
You have to make sure that your Linux system has been installed with JRE (Java Runtime Environment) from SUN Microsystem (http://java.sun.com). If you don;t have it, just download it from here. Some of linux distros such as Fedora, Ubuntu, OpenSuSE etc using JRE from GNU called GIJ (GNU for Java). We can’t use this JRE. We need to replaced it. I’ll show you how to changed it later.You also need SAPGUI for Java installer. You can download it freelyAfter you have all prerequisite, you can proceed to next step to extract and change your JRE. This step is valid for Fedora, Ubuntu, and OpenSuSE. Please let me know if these doesn’t work for you.
Logon as rootCopy your JRE installer file to /opt folder.Please use .bin extention file.Change file permission if needed to executable. Use this command : #chmod 755 jre-1.xxx.bin (xxx = refer to JRE version you’re using).Extract JRE files. Use this command : #./jre-1.xxx.binInstall JRE you just extracted inside alternatives system. Use this command : #/update-alternatives –install /usr/bin/java java /opt/jre1-xxx/bin/java 2Update java command configuration on alternatives system. Choose java number 2 because usually GIJ had number 1 position. Use this command : #update-alternatives –config javaUse this command to verify your JRE configuration. You can use this command : #java -versionIf you get something like this on your screen then you are succeeded. java version “1.6.0?Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)
After you finish this step, you can proceed to SAPGUI for Java installation.
Logon as rootUse this command (on terminal) to install SAPGUI for Java. #java -jar PlatinGUI-Linux-xxxx.jar (Use the latest version).Installed on /opt folder as default (usually on /opt/SAPClients folder)Next step is configure your SAPGUI for Java and try to test to SAP R/3 server connection.
Run executable file called guilogon (reside on /opt/SAPClients/SAPGUI700rev1/bin). It willpop up SAPGUI for Java window.Click New button.Fill the Description column as you like.Click Advanced Tab.Give check (V) to Use Expert ConfigurationFill the connection string. If your server using load balancing configuration, use this connection string conn=/M/(IP_Address_Message_Server)/S/36(system_number)/G/(nama_group) and use this connection string configuration if yor SAP R/3 server are not using load balancing system, conn=/H/(IP_Address_server_SAP)/S/32(system_number).There you go ! Now, you can use your SAPGUI for Java to access your SAP R/3 server.
Comments and suggestions are most welcome
How to use SU53 for trouble shooting SAP Security Errors
SAP Security Training How to use SU53 for trouble shooting SAP Security Errors
Installation SAP Numbers SAP Keys SAP License number
We get a lot of questions about installation numbers, keys, license number, etc. So here is the answer to your queries.
When you become a new SAP customer, SAP assigns you a customer number. This number is like any other customer number you assign your own customers, or that companies assign to you. It uniquely identifies your company to SAP.
Once you sign your software license, each of the SAP components you purchase is assign an installation number. So, you signed a mySAP.com Business Suite license? Then you will be assigned an installation number for R/3, another installation number for BW, another installation number for CRM, etc. You also signed a license for KW? That would be another installation number. SAP sometimes splits existing products out to other divisions, so you may even be assigned a second customer number with new installation numbers assigned under that number. SAP did that with Enterprise Portals. An installation number identifies a customer's SAP component. If you open a problem under your R/3 installation number, SAP knows that the problem is going to deal with R/3 and not CRM, BW, etc.
A few weeks later, SAP shipped your installation kits and you installed R/3. Four weeks later your users get a message saying that the license has expired. But you signed your license agreement! When an SAP instance is installed, it gets assigned a temporary license key that is good for approximately four weeks. You need to request a permanent license key as soon as you finish your installation of the SAP instance. How? First, you will need your hardware key. This identifies your operating system information so SAP can generate a key that is not only good for your SAP version but for your hardware as well. To see your hardware key, log on as adm and go to a command prompt. Type "saplicense -get" and your hardware key will be displayed. Jot it down, you will need it later. The hardware key for NT is different than, for example, the hardware key for AIX. So if you change your SAP license from AIX to NT, you will need to make sure that your company is attached to the new hardware key or you won't be able to request new permanent license keys.
To request your new permanent license key, go to http://service.sap.com/licensekey. Use this website to give SAP information on which SAP flavor your have installed. You will have to provide your hardware key as well. SAP will generate the new key and e-mail you a text file. Save the text file on your SAP server, log on as adm, and go to a command prompt. Type "saplicense -install ifile= ". Your key should be installed! In later versions of R/3, you can use the slicense transaction as well.
Now your system is flying! But your ABAPers sign on for the first time, and they need to add a new program to upload master data. When they enter se38 they get a message asking for their developer key. This key is generated by SAP as well, and is used to register your superusers who will be responsible for adding new code and changing SAP-owned code. Go to http://service.sap.com/sscr to register your programmers. Once you have the developer key, give it to your ABAPer and he can enter it into the system. He will only have to supply it once per SAP instance.
Now your ABAPers are cranking out code, your system is humming, and then! Pow! The dreaded short dump hits you when you aren't looking. You look up the error code and find a valid OSS note to fix the problem. You log on to apply the advance correction, your give yourself a developer key,
go to transaction se37, but a new popup won't go away, it keeps asking for an access key for R3TR FUGR XXXXXXXXXXXXXXXXX. You must get an object key in order to modify an SAP-owned object. Since SAP owns all the ABAP code that comes with the SAP instance, you have to get a key in order to apply the advance correction. Again, you would use http://service.sap.com/sscr, this time to generate an object key.
All this SAP website access also demands that you have an OSS User ID, or as it is now known, SAP Service Marketplace User ID. The user ID to perform the tasks outlined in this message must have administration rights. Your should have received your primary OSS ID when you got your SAP license. If you have not received a primary OSS ID, or your SAP reseller seems to have control of your primary OSS ID, contact SAP AG to resolve the problem. Your OSS ID is connected to your SAP customer number, so if you have two customer numbers, you will receive two OSS IDs.
SAP has recently complicated the license scenario by introducing user licenses. Do not confuse your software license keys with SAP licensing of the usage of named users. These are two different things! Usage by users of an SAP instance will be monitored by your auditing team, and normally the only function of the Basis group in this regard is using su01 to register the "type" of each user.
Now there is only one other really important number you need to know: the phone number for your Basis technical consultant!
Saturday 10 September 2011
How to upgrade grc 5 3 java and abap support pack
For GRC 5.3 SP 15 upgrade, below is the list you have to follow
HOW TO STEPS:
First download the JAVA SAP from:SAP Solutions for Governance, Risk, and Compliance > SAP GRC Access Control > SAP GRC ACCESS CONTROL (again) > SAP GRC ACCESS CONTROL 5.3 > Entry by Component > JAVA-Components
Download ABAP SP from :
SAP Solutions for Governance, Risk, and Compliance > SAP GRC Access Control > SAP GRC ACCESS CONTROL (again) > SAP GRC ACCESS CONTROL 5.3 > Entry by Component > RTA on SAP BASIS 7.00 System
Now upgrade Java Support Pack first.
Saved all the JAVA SP files in trans\eps\in
Login with sidadm and execute JSPM
Yes
Click transport truck button to being the SP upgrade.From here you may choose dialog or background(start options)
From here onwards, you may be prompted: a) Transport error 8 because object is repaired. Fixed by tcode SE03 and release locked object
b) Ask to release transport, you may skipped
c) Perform SPAU and SPDD. This is to be perform by ABAP programmers.
How to Setting Up the Help Center in SAP CRM
Hi All,
So here is the process to install the Help center for CRM WEB UI just equivalent to SAP Library in our CRM ABAP or R3 ABAP...
Follow these steps ...
1) Download library from http://service.sap.com/crm-inst. For the documentation on SAP CRM 2007, go to SAP CRM 2007 -> CRM Product -> Business User Documentation.
2) Unpack the ZIP file and install the business user documentation to a local file server.
3) In SAP CRM, start transaction SR13.
4) Remove all entries on tab "DynamicHelp" if there are any.
5) Make the following settings depending on if you have installed the documentation on a local file server or a web server:
Local File Server:
Go to tab "PlainHTMLFile" and fill the entries as follows:
Variant: enter a name for the variant, for example "HelpEnglish1"
Platform: "WN32" if you are using Microsoft Windows, else select from the F4 help.
Area: "XML_DOCU"
Path: Enter the path where the help is stored, for example "\\fileserver00\helpfiles\"
"Language": Enter the language key, for example "EN" for English or "DE" for German.
Default": Select one language entry as a default. This will be the fallback entry in case a language is not available.
To make the help available in several languages, you need to add one additional line per language, with a different variant name and language key.
Save your entries.
6) In Customizing, go to Sap Web Application Server -> Knowledge Management -> Settings in the Application System -> Sequence of Enhancements in Customer Namespace. Make the following entries
SPACE_01: "BBPCRM"
Enhancement: "700".
Select "Execute".
7) Re-start the Web user interface of SAP CRM. The "Help Center" and "?" links should now work in CRM WEB UI.
Note: While sharing HELP FILES take care that you create a folder and then put EN inside that like
So here is the process to install the Help center for CRM WEB UI just equivalent to SAP Library in our CRM ABAP or R3 ABAP...
Follow these steps ...
1) Download library from http://service.sap.com/crm-inst. For the documentation on SAP CRM 2007, go to SAP CRM 2007 -> CRM Product -> Business User Documentation.
2) Unpack the ZIP file and install the business user documentation to a local file server.
3) In SAP CRM, start transaction SR13.
4) Remove all entries on tab "DynamicHelp" if there are any.
5) Make the following settings depending on if you have installed the documentation on a local file server or a web server:
Local File Server:
Go to tab "PlainHTMLFile" and fill the entries as follows:
Variant: enter a name for the variant, for example "HelpEnglish1"
Platform: "WN32" if you are using Microsoft Windows, else select from the F4 help.
Area: "XML_DOCU"
Path: Enter the path where the help is stored, for example "\\fileserver00\helpfiles\"
"Language": Enter the language key, for example "EN" for English or "DE" for German.
Default": Select one language entry as a default. This will be the fallback entry in case a language is not available.
To make the help available in several languages, you need to add one additional line per language, with a different variant name and language key.
Save your entries.
6) In Customizing, go to Sap Web Application Server -> Knowledge Management -> Settings in the Application System -> Sequence of Enhancements in Customer Namespace. Make the following entries
SPACE_01: "BBPCRM"
Enhancement: "700".
Select "Execute".
7) Re-start the Web user interface of SAP CRM. The "Help Center" and "?" links should now work in CRM WEB UI.
Note: While sharing HELP FILES take care that you create a folder and then put EN inside that like
I need some original thinking about limiting the packaging
hi all
here is the scenario: we have material that can come in different packages.
Our vendors, might be allowed to deliver this material packaged in a certain format and not in another so we would need to be able to block the delivery of this material/vendor combination, only if the material is packaged in that specific way.
The company does not agree to create different materials for the same material packaged in different ways so we need to be creative. example: assuming I have material 1234: this material can come in bags of 10 kg, 35 kg or 100 kg. from vendor ABC we only accept the format of 35 kg from vendor CDE we accept 10 and 100 kg....and so on.
we do not want to create material 1234 for 35 kg and material 567 for 10 kg etc. we would like to have ROH material 123 and be able to distinguish the packaging to be able to check and block it against the supplier (who often does not have ERP). any ideas?
here is the scenario: we have material that can come in different packages.
Our vendors, might be allowed to deliver this material packaged in a certain format and not in another so we would need to be able to block the delivery of this material/vendor combination, only if the material is packaged in that specific way.
The company does not agree to create different materials for the same material packaged in different ways so we need to be creative. example: assuming I have material 1234: this material can come in bags of 10 kg, 35 kg or 100 kg. from vendor ABC we only accept the format of 35 kg from vendor CDE we accept 10 and 100 kg....and so on.
we do not want to create material 1234 for 35 kg and material 567 for 10 kg etc. we would like to have ROH material 123 and be able to distinguish the packaging to be able to check and block it against the supplier (who often does not have ERP). any ideas?
How to Use Advanced Tools to Troubleshoot Performance Prob
You have your new Windows 7 system up and running, but suddenly you realize some things are not running as smoothly as they once did. Today we take look at using the hidden but useful advanced system tools in Windows 7 to troubleshoot a problem.
Advanced System Tools
There is a very handy collection of system utilities that are included in Windows 7 and Vista that can help you troubleshoot problems that may arise. For some reason Microsoft felt the need to bury them in the OS so they’re not immediately apparent to most users. Here we take a look at accessing the diagnostic tools and briefly cover some of what’s included.
To get to the tools type Performance Info into the search box in the Start menu and hit Enter.
In the Performance Information and Tools windows click on Advanced Tools.
Alternately you could click through to Control Panel \ All Control Panel Items \ Performance Information and Tools \ Advanced Tools…see what I mean by buried?
What’s Included
It opens up a list of different tools you can use to monitor different aspects of the system performance. From here you can do several things like defrag the hard drive, check Event Viewer, and even re-rate the Experience Index score.
Notice there is a column for Performance issues you can click on to get additional details on how to correct the problem. In this example it shows a driver interfering with Sleep mode and that changing visual settings will improve performance.
![sshot-2009-11-02-[17-06-56]](http://sricharan.com/autoimages/sshot20091102170656.png "sshot-2009-11-02-[17-06-56]")
In additional details it tells us turning off the Aero feature will improve performance. I find it odd that MS would alert you to turn off Aero as it’s a hyped feature to the interface since XP. At least they’re honest in telling you Aero can slow performance, especially with under powered video cards.
Even Viewer is a great tool used by administrators that records event errors that happen “behind the scenes” so to speak. The information in these logs are meant for admins and advanced users to help determine why certain errors are occurring. Most users won’t need to worry about this section, but you may need to access it while receiving tech support.
![sshot-2009-11-02-[20-14-33]](http://sricharan.com/autoimages/sshot20091102201433.png "sshot-2009-11-02-[20-14-33]")
Resource Monitor is like the Task Manager on steroids…it’s a great tool to monitor what apps and services are using up your system’s memory, processor, disk usage, and network activity. If you find a service or program that is frozen or taking up too many resources you can close it out.
A very handy tool that is not well known about is the ability to generate a system health report.
Wait while an analysis takes place and the information is collected…
The report takes about a minute to create and then you can go through a very detailed analysis of virtually every aspect of your system.
You can also export the report to HTML format so you can share or save the report for future comparisons and troubleshooting.
If you’re experiencing problems with your Windows 7 machine, using the included advanced system tools can help a lot, without the need for installing 3rd party utilities.
Advanced System Tools
There is a very handy collection of system utilities that are included in Windows 7 and Vista that can help you troubleshoot problems that may arise. For some reason Microsoft felt the need to bury them in the OS so they’re not immediately apparent to most users. Here we take a look at accessing the diagnostic tools and briefly cover some of what’s included.
To get to the tools type Performance Info into the search box in the Start menu and hit Enter.
In the Performance Information and Tools windows click on Advanced Tools.
Alternately you could click through to Control Panel \ All Control Panel Items \ Performance Information and Tools \ Advanced Tools…see what I mean by buried?
What’s Included
It opens up a list of different tools you can use to monitor different aspects of the system performance. From here you can do several things like defrag the hard drive, check Event Viewer, and even re-rate the Experience Index score.
Notice there is a column for Performance issues you can click on to get additional details on how to correct the problem. In this example it shows a driver interfering with Sleep mode and that changing visual settings will improve performance.
In additional details it tells us turning off the Aero feature will improve performance. I find it odd that MS would alert you to turn off Aero as it’s a hyped feature to the interface since XP. At least they’re honest in telling you Aero can slow performance, especially with under powered video cards.
Even Viewer is a great tool used by administrators that records event errors that happen “behind the scenes” so to speak. The information in these logs are meant for admins and advanced users to help determine why certain errors are occurring. Most users won’t need to worry about this section, but you may need to access it while receiving tech support.
Resource Monitor is like the Task Manager on steroids…it’s a great tool to monitor what apps and services are using up your system’s memory, processor, disk usage, and network activity. If you find a service or program that is frozen or taking up too many resources you can close it out.
A very handy tool that is not well known about is the ability to generate a system health report.
Wait while an analysis takes place and the information is collected…
The report takes about a minute to create and then you can go through a very detailed analysis of virtually every aspect of your system.
You can also export the report to HTML format so you can share or save the report for future comparisons and troubleshooting.
If you’re experiencing problems with your Windows 7 machine, using the included advanced system tools can help a lot, without the need for installing 3rd party utilities.
SAP PFCG Create a role
SAP PFCG Create a role
18. Click
to make comparison of users
Sorry, I could not read the content fromt this page.
18. Click
to make comparison of usersSorry, I could not read the content fromt this page.
SAP Performance and Tuning Tools
Dear All,
Any time you must have come across some performance issue with your SAP System, So here i am mentioning some approach that you can follow to avoid the same....
Most Commonly Used Tools and Monitors –AS ABAP
1) Hardware : Application server
OS06 (ST06), OS07
2) Database Gener DBACOCKPIT
DB accesses ST10 ST05, STAD
3) Application :
Shared memory & buffers ST02, SHMM
User memory analysis SM04 S_MEMORY_INSPECTOR
Work process overview SM50, SM66
Workload analysis ST03N STAD
Enqueue monitoring SM12 ST05
4) Communication
HTTP traffic SMICM, ST03G
Remote Function Calls ST03N ST05
Most Commonly Used Tools and Monitors –AS JAVA :
1) Hardware :Application server OS06 (ST06), OS07, SAP MC
2) Database: General DBACOCKPIT, DB02 (Java schema)
DB accesses NWA: Open SQL Monitors, Wily Introscope, SAP JVM Profiler
3) Application: Global Buffers and Caches --> SAP MC, NWA: Open SQL Monitors
JAVA runtime-->Wily Introscope, SAP JVM Profiler
User memory analysis SAP JVM Profiler
Server nodes / thread overview NWA: Operations Management, SAP MC
Workload analysis Wily Introscope
Enqueue monitoring NWA: Open SQL Monitors, SAP MC
4) Communication: HTTP traffic --> HTTPwatch, NWA, SAP MC
Remote Function Calls --> NWA, SAP JVM Profiler, Wily Introscope
Any time you must have come across some performance issue with your SAP System, So here i am mentioning some approach that you can follow to avoid the same....
Most Commonly Used Tools and Monitors –AS ABAP
1) Hardware : Application server
OS06 (ST06), OS07
2) Database Gener DBACOCKPIT
DB accesses ST10 ST05, STAD
3) Application :
Shared memory & buffers ST02, SHMM
User memory analysis SM04 S_MEMORY_INSPECTOR
Work process overview SM50, SM66
Workload analysis ST03N STAD
Enqueue monitoring SM12 ST05
4) Communication
HTTP traffic SMICM, ST03G
Remote Function Calls ST03N ST05
Most Commonly Used Tools and Monitors –AS JAVA :
1) Hardware :Application server OS06 (ST06), OS07, SAP MC
2) Database: General DBACOCKPIT, DB02 (Java schema)
DB accesses NWA: Open SQL Monitors, Wily Introscope, SAP JVM Profiler
3) Application: Global Buffers and Caches --> SAP MC, NWA: Open SQL Monitors
JAVA runtime-->Wily Introscope, SAP JVM Profiler
User memory analysis SAP JVM Profiler
Server nodes / thread overview NWA: Operations Management, SAP MC
Workload analysis Wily Introscope
Enqueue monitoring NWA: Open SQL Monitors, SAP MC
4) Communication: HTTP traffic --> HTTPwatch, NWA, SAP MC
Remote Function Calls --> NWA, SAP JVM Profiler, Wily Introscope
Shutdown of Only App Instance
If you are supposed to shutdown one of the App Instance (but not Central Instance) for some reason, you need to take some precautions so that the users are not disturbed or any background job gets killed.
Record the current entries of transaction SMLG (Logon groups) and RZ12 (RFC server group assignment) in an xls spreadsheet.Delete assignments for the respective application instance server logon groups.
(In tran SMLG, click on the button ‘Remove instance’. Select the R/3 instance that is being shutdown and execute. This will delete all assignments for the R/3 instance.
In tran RZ12, click on the button ‘Remove instance’. Select the R/3 instance that is being shutdown and execute. This will delete all assignments for the R/3 instance)
Go to transaction RZ04. Select ‘instances/operation modes’. Double click on “SPCL BTCa” mode of relevant R/3 Instance & increase BPA processes & save ( DIA process should be 2).Switch the Operation mode for the selected instance to “SPCL BTCa” using transaction RZ03. In transaction RZ03, select the R/3 instance and click on Control --> Switch Operations mode --> selected servers.Check if the selected server’s work processes have converted to BTC WPs after the Op mode has been switched over, using SM50. In case some Dialog / background jobs are running then they will continue to run. The process will switch over to “SPCL BTCa” mode only when the job gets finished.Verify that no users are logged in, and no background jobs are active. Kill the jobs if it takes very long time (if it is OK).Then stop SAP of the App Instance.
Record the current entries of transaction SMLG (Logon groups) and RZ12 (RFC server group assignment) in an xls spreadsheet.Delete assignments for the respective application instance server logon groups.
(In tran SMLG, click on the button ‘Remove instance’. Select the R/3 instance that is being shutdown and execute. This will delete all assignments for the R/3 instance.
In tran RZ12, click on the button ‘Remove instance’. Select the R/3 instance that is being shutdown and execute. This will delete all assignments for the R/3 instance)
Go to transaction RZ04. Select ‘instances/operation modes’. Double click on “SPCL BTCa” mode of relevant R/3 Instance & increase BPA processes & save ( DIA process should be 2).Switch the Operation mode for the selected instance to “SPCL BTCa” using transaction RZ03. In transaction RZ03, select the R/3 instance and click on Control --> Switch Operations mode --> selected servers.Check if the selected server’s work processes have converted to BTC WPs after the Op mode has been switched over, using SM50. In case some Dialog / background jobs are running then they will continue to run. The process will switch over to “SPCL BTCa” mode only when the job gets finished.Verify that no users are logged in, and no background jobs are active. Kill the jobs if it takes very long time (if it is OK).Then stop SAP of the App Instance.
SapPatch Importing GUI Patches
The SapGui installation provides a new tool for importing patches. Instead of manually unpacking the patches on the installation server, importing the patches now occurs automatically.
Here, the patch files are copied and the installation database is updated on the installation server. Clients on which SapSetup is started are able to recognize that the new patch is installed on the server and can update themselves.
As of the following patch levels, patches can only be installed using this tool:
setup46D: 5 (Import this setup patch first)
gui46D: 194
bw20B: 8 apo30A: 7sem20B: 6 sem30A: 1kw50: 8
Manual unpacking of these and subsequent patches is NO LONGER possible.
If you do not have CD "46D Compilation 3" available yet: The patch tool is available as setup update sappatch46D_Y.exe (self-extracting) on the SAP Service Marketplace. In this case, Y is the patch level indicator. Make sure that you always import the highest available patch level.
Copy the files contained in the update into directory \netinst of your installation server. This is sufficient to be able to import all patches listed above with the new procedure in the future.
Patch procedure for installation servers
In order to import the patches to your installation server proceed as follows:
1. Download the patch from the Sap Service Marketplace
(see Note 96885).
2. Close all GUI applications. Importing the patch inevitably fails if
files that are to be updated by the patch are still used by an
application. This especially applies to GUI applications on PCs
that are run in a server-dependent way.
3. On the installation server, start configuration program
SapAdmin.exe as usual via the UNC path.
\\ name>\\netinst\sapadmin.exe
4. In Menu 'Tools' select 'Apply patch' (>> Tools -- Apply Patch)
5. Select the patch file you want to install.
6. Choose 'Install'.
7. The installation server has now been updated accordingly.\\\\netinst\sapsetup.exe /p:" "
Now the clients must be brought to the version of the installation server by means of sapsetup.exe.
A. If you installed a predefined or self-defined package by means of
netsetup.exe, import the Support Package by means of the following
call:
(The package display of SapSetup shows that these packages are obsolete, i.e. that a more current version is available on the
server.)
B. If you did not perform a package installation but installed predefined components by means of setup.exe, on the client, start
\\\\setup.exe
Then select the component again you already selected during the original installation.
SapSetup recognizes that the installation server has a new version and re-installs only the components that were newly updated on the server. This makes the update as performant as possible.
Importing setup patches on the installation server is carried out in the same way.
Patch procedure for standalone computers
If no installation server is available, the new patches nevertheless allow to apply the patches on the target computer.
If you have not been using Release 6.10 yet, you need setup update
localpat46D_Y.exe, which is available on the SAP Service Marketplace. In this case, Y is the actual version of the update.
Make sure that you always apply the highest patch level available.
Copy the files contained in the update into directory \SAPpc\netinst on the target computer. (For Winzip users: Enter \SAPpc as target directory.
This is sufficient to be able to import the patches listed above with the new procedure in the future. Please note that "localpat46D_Y.exe" is suitable for local CD installations without connection to an installation server only.
Essentials:
To apply a (GUI, APO, BW, KW, or SEM) patch on a standalone computer, proceed as follows:
1. Download the corresponding patch from SAP Service Marketplace.
2. Close ALL SAP applications. The import of the patch will definitely fail if data that should be updated by the patch is being used
by an application.
3. On your computer, start installation program sapsetup.exe as follows from directory \SAPpc\netinst:
sapsetup.exe /patch
4. Specify the patch file you want to install.
As from Release 6.10 Compilation 1, the call may also be made in a non-interactive way (without selection dialog) by specifying the
name of the patch file in the command line:
sapsetup.exe /patch:
Under the following preconditions, this functionality is also available for Release 4.6D:
- On the stand-alone PC, Release 4.6D Compilation 4 was installed, or Patch "localpat46D_Y.exe" was imported
(see above).
- You unpack ZIP archive "noninteractivepatch.zip", attached to thisnote, to the local \SAPpc\netinst directory of the target PC.
This enhances SAPSetup by the desired command line switch.
5.Select "Install".
Known problems:
1. If the import of the patch terminates with an error message, because a file cannot be copied, the most probable cause is that the file to be replaced is loaded by an application and thus cannot be exchanged. In this case, SapAdmin restores the original state.
Make sure that no other SAP application is loaded from the installation server, before you start SapAdmin to import the patch.
2. If you apply a patch on a standalone computer, SapSetup terminates with an error message, reading that a file cannot be replaced. This occurs even if you have closed all SAP applications before.
Solution: These problems are solved in level 3 (sappatch46D_3.exe) of the SapPatch update.
3. SapPatch update sappatch46D_1.exe contains an incorrect version of the program and is therefore no longer available.
If you have already downloaded this version of the update, delete it again and use the current version instead which is available on the SAP Service Marketplace.
If you have already installed and executed the incorrect version of the update, restart the installation server. To do this, delete the existing installation root directory and start a new administrative setup from CD. Update your installation server with the most current SapPatch version after this.
4. Gui Patch gui46D_193.exe was incorrect and is therefore also no longer available. If you have downloaded this patch, remove it again and download the most current patch available on the SAP Service Marketplace.
5. For customers using BW:
The installation server must be set up with 46D Compilation 3 or higher.
Tips for the administrator
1. You can setup an automatic update on your clients by setting the following call in the logon script on the server or in the autostart folders of the clients:
\\\\netinst\sapsetup.exe /p:" "
/intellimode /checkdb
During every logon, SapSetup now checks whether the installation server contains a more current version. This check is carried out in a rather performant way, since the installation database needs not be loaded for this action. If the server does not contain a more current version than the client, SapSetup closes down itself immediately. Otherwise, the client is updated accordingly.
Here, the patch files are copied and the installation database is updated on the installation server. Clients on which SapSetup is started are able to recognize that the new patch is installed on the server and can update themselves.
As of the following patch levels, patches can only be installed using this tool:
setup46D: 5 (Import this setup patch first)
gui46D: 194
bw20B: 8 apo30A: 7sem20B: 6 sem30A: 1kw50: 8
Manual unpacking of these and subsequent patches is NO LONGER possible.
If you do not have CD "46D Compilation 3" available yet: The patch tool is available as setup update sappatch46D_Y.exe (self-extracting) on the SAP Service Marketplace. In this case, Y is the patch level indicator. Make sure that you always import the highest available patch level.
Copy the files contained in the update into directory \netinst of your installation server. This is sufficient to be able to import all patches listed above with the new procedure in the future.
Patch procedure for installation servers
In order to import the patches to your installation server proceed as follows:
1. Download the patch from the Sap Service Marketplace
(see Note 96885).
2. Close all GUI applications. Importing the patch inevitably fails if
files that are to be updated by the patch are still used by an
application. This especially applies to GUI applications on PCs
that are run in a server-dependent way.
3. On the installation server, start configuration program
SapAdmin.exe as usual via the UNC path.
\\ name>\\netinst\sapadmin.exe
4. In Menu 'Tools' select 'Apply patch' (>> Tools -- Apply Patch)
5. Select the patch file you want to install.
6. Choose 'Install'.
7. The installation server has now been updated accordingly.\\\\netinst\sapsetup.exe /p:" "
Now the clients must be brought to the version of the installation server by means of sapsetup.exe.
A. If you installed a predefined or self-defined package by means of
netsetup.exe, import the Support Package by means of the following
call:
(The package display of SapSetup shows that these packages are obsolete, i.e. that a more current version is available on the
server.)
B. If you did not perform a package installation but installed predefined components by means of setup.exe, on the client, start
\\\\setup.exe
Then select the component again you already selected during the original installation.
SapSetup recognizes that the installation server has a new version and re-installs only the components that were newly updated on the server. This makes the update as performant as possible.
Importing setup patches on the installation server is carried out in the same way.
Patch procedure for standalone computers
If no installation server is available, the new patches nevertheless allow to apply the patches on the target computer.
If you have not been using Release 6.10 yet, you need setup update
localpat46D_Y.exe, which is available on the SAP Service Marketplace. In this case, Y is the actual version of the update.
Make sure that you always apply the highest patch level available.
Copy the files contained in the update into directory \SAPpc\netinst on the target computer. (For Winzip users: Enter \SAPpc as target directory.
This is sufficient to be able to import the patches listed above with the new procedure in the future. Please note that "localpat46D_Y.exe" is suitable for local CD installations without connection to an installation server only.
Essentials:
To apply a (GUI, APO, BW, KW, or SEM) patch on a standalone computer, proceed as follows:
1. Download the corresponding patch from SAP Service Marketplace.
2. Close ALL SAP applications. The import of the patch will definitely fail if data that should be updated by the patch is being used
by an application.
3. On your computer, start installation program sapsetup.exe as follows from directory \SAPpc\netinst:
sapsetup.exe /patch
4. Specify the patch file you want to install.
As from Release 6.10 Compilation 1, the call may also be made in a non-interactive way (without selection dialog) by specifying the
name of the patch file in the command line:
sapsetup.exe /patch:
Under the following preconditions, this functionality is also available for Release 4.6D:
- On the stand-alone PC, Release 4.6D Compilation 4 was installed, or Patch "localpat46D_Y.exe" was imported
(see above).
- You unpack ZIP archive "noninteractivepatch.zip", attached to thisnote, to the local \SAPpc\netinst directory of the target PC.
This enhances SAPSetup by the desired command line switch.
5.Select "Install".
Known problems:
1. If the import of the patch terminates with an error message, because a file cannot be copied, the most probable cause is that the file to be replaced is loaded by an application and thus cannot be exchanged. In this case, SapAdmin restores the original state.
Make sure that no other SAP application is loaded from the installation server, before you start SapAdmin to import the patch.
2. If you apply a patch on a standalone computer, SapSetup terminates with an error message, reading that a file cannot be replaced. This occurs even if you have closed all SAP applications before.
Solution: These problems are solved in level 3 (sappatch46D_3.exe) of the SapPatch update.
3. SapPatch update sappatch46D_1.exe contains an incorrect version of the program and is therefore no longer available.
If you have already downloaded this version of the update, delete it again and use the current version instead which is available on the SAP Service Marketplace.
If you have already installed and executed the incorrect version of the update, restart the installation server. To do this, delete the existing installation root directory and start a new administrative setup from CD. Update your installation server with the most current SapPatch version after this.
4. Gui Patch gui46D_193.exe was incorrect and is therefore also no longer available. If you have downloaded this patch, remove it again and download the most current patch available on the SAP Service Marketplace.
5. For customers using BW:
The installation server must be set up with 46D Compilation 3 or higher.
Tips for the administrator
1. You can setup an automatic update on your clients by setting the following call in the logon script on the server or in the autostart folders of the clients:
\\\\netinst\sapsetup.exe /p:" "
/intellimode /checkdb
During every logon, SapSetup now checks whether the installation server contains a more current version. This check is carried out in a rather performant way, since the installation database needs not be loaded for this action. If the server does not contain a more current version than the client, SapSetup closes down itself immediately. Otherwise, the client is updated accordingly.
SQL Trace Analysis
SQL – Trace analysis is one of the effective tools available with SAP for performance analysis of different sql statements. It helps to analyse the % of access of different tables for a job. Also it helps us to identify deadlock of table access.
Procedure
1. Find out the job on which system it is running. ( T-code : SM66 ).
Goto T-code: SM51. (Overview of SAP Servers).Remote logon to particular INSTANCE (select instance & then cntrl+shift+F8).In SAP R/3 System screen enter the T-Code: ST05 (SQL TRACE).In Trace Requests Screen click on “Trace on for User”.You will get window “performance trace filter for writing Trace records”.
In this window USER NAME: username for that job. (If you want Usertrace).
OR
In Procee ID: mention the PID of that job (if you want PID Trace).
It will show you the
State of trace
SQL trace: switched on for USER.
Wait for Some time (i.e 5/10 minutes or depends on the filesize allocated for
That instance file in that instance).if it exceeds the size it will overwrite the original.
Click on the “Traceoff” for switch off the trace.
For Example SQL Trace Filename: /usr/sap///log/TRACE.
Then goto O/S level logon as sudoer as root.
# cd /usr/sap///log.
Then copy the trace file as per Convention.(JOB_USER_Servername_date{yyyymmdd}.trc)
For e.g. trace of RP for user ZRPLBATCH on server SUN013_01 on date 20030515 will be “RP_ZRPLBATCH_SUN013_01_20030515.trc”
Then comeback to SAP R/3 Tcode as: ST05 screen.
goto Menu Bar: Click on --Trace/List immediate.
You will get Filter trace list screen
In this screen enter Trace File Path: /usr/sap///log/sample001 (for example)
Username :
Object name :
Then Choose Enter
It will prompt you Number of Trace record Window ----- Choose “YES”.
You will get the Screen “Basic Trace List”.
In menu bar Goto---> Statement summary.
In this summary you will get information about objects which is accessing long time(Duration).
Like Object name and Duration
Analyze “Objct “ which is taking more time to complete the processing,
Find out the Name of the TABLES/SQL statements.
a. for finding out OPTIMIZING Statistics
Goto T-Code DB20 --- enter the Table name. then press “ Refresh Information”.
b. For finding out the SQL Querry is taking long time for complete the processing.
In the “ Basic Trace List “ select the particular SQL Querry.
In the Application bar click on “Explain ”.
Procedure
1. Find out the job on which system it is running. ( T-code : SM66 ).
Goto T-code: SM51. (Overview of SAP Servers).Remote logon to particular INSTANCE (select instance & then cntrl+shift+F8).In SAP R/3 System screen enter the T-Code: ST05 (SQL TRACE).In Trace Requests Screen click on “Trace on for User”.You will get window “performance trace filter for writing Trace records”.
In this window USER NAME: username for that job. (If you want Usertrace).
OR
In Procee ID: mention the PID of that job (if you want PID Trace).
It will show you the
State of trace
SQL trace: switched on for USER.
Wait for Some time (i.e 5/10 minutes or depends on the filesize allocated for
That instance file in that instance).if it exceeds the size it will overwrite the original.
Click on the “Traceoff” for switch off the trace.
For Example SQL Trace Filename: /usr/sap///log/TRACE.
Then goto O/S level logon as sudoer as root.
# cd /usr/sap///log.
Then copy the trace file as per Convention.(JOB_USER_Servername_date{yyyymmdd}.trc)
For e.g. trace of RP for user ZRPLBATCH on server SUN013_01 on date 20030515 will be “RP_ZRPLBATCH_SUN013_01_20030515.trc”
Then comeback to SAP R/3 Tcode as: ST05 screen.
goto Menu Bar: Click on --Trace/List immediate.
You will get Filter trace list screen
In this screen enter Trace File Path: /usr/sap///log/sample001 (for example)
Username :
Object name :
Then Choose Enter
It will prompt you Number of Trace record Window ----- Choose “YES”.
You will get the Screen “Basic Trace List”.
In menu bar Goto---> Statement summary.
In this summary you will get information about objects which is accessing long time(Duration).
Like Object name and Duration
Analyze “Objct “ which is taking more time to complete the processing,
Find out the Name of the TABLES/SQL statements.
a. for finding out OPTIMIZING Statistics
Goto T-Code DB20 --- enter the Table name. then press “ Refresh Information”.
b. For finding out the SQL Querry is taking long time for complete the processing.
In the “ Basic Trace List “ select the particular SQL Querry.
In the Application bar click on “Explain ”.
Friday 9 September 2011
SAP R 3 Tips Tricks
Logging on without being authorized
Client 066 usually exists in a SAP system because of EarlyWatch services. Often this client does not have master users. If it is true, anyone can log into the system using the client 066, user SAP*, and password PASS. Enjoy yourself.
Special copy and paste
Click on the area and press CTRL+Y. It allows you to copy many lines at once and paste them afterwards.
Long messages on footer
Click on the message and hold the mouse button. After moving the mouse to the left side.
Direct input logs
The transaction BMV0 (direct input logs) shows all direct input logs.
Graphics on SAPscript
The program RSTXLDMC can be used to upload graphics (file extension .tif on PC files) into individual standard text.
Adding icons
The include «ICON» can be easily used in your programs. All icons can be checked through the transaction ICON. Sequences of characters begin and finish with the symbol @. Even plain files under operating system can contain those strings.
Adding symbols
The include «SYMBOL» can be easily used in your programs. It makes available a great number of symbols.
Filling up an empty date field quickly
Strike the key F4 (or click on matchcode symbol) and press ESCAPE. The current date is automaticly set.
Setting up module FI/CO without using IMG
Almost all parameters can be set using the transactions ORFA (Asset Accounting), ORFB (Financial Accounting), and ORKS (Cost Center Accounting).
Deleting cost elements and cost centers
Since they have no postings you can use the transaction KA04 for deleting cost elements and KS04 for deleting cost centers.
Displaying check object when not authorized
Soon after the lock try to access the transaction SU53. It reports the last objects verified and also the respective values.
Table analyses between two systems
The contents of a table between two systems can be checked through the transaction OY19.
Correction and transport system
The transaction SE10 provides the easiest way to manage any request/transport and corrections.
General command field formats
/n Skip to the next record if you are processing one batch input session
/bend Cancel a batch input foreground process
/nend Close all R/3 sessions and logoff
/nxxxx Call the transaction xxxx in the same session
/o Generate a session list
/oxxxx Call the transaction xxxx in an additional session
/i Delete the current session
/h Turn the debug mode on
/$tab Reset all buffers (for System Administrators)
/$sync Synchronize instances buffers (for System Administrators)
Report command field formats
%pri Print the current report
%pc Download the current report
%sc Call the find function
p+ Go to the next page
p- Go to the previous page
p++ Go to the last page
p-- Go to the first page
Helpful reports
RSCLTCOP Copy tables across clients
RSAVGL00 Table adjustment across clients
RSINCL00 Extended program list
RSBDCSUB Release batch-input sessions automaticly
RSTXSCRP Transport SAPscript files across systems
RSORAREL Get the Oracle Release
RGUGBR00 Substitution/Validation utility
RSPARAM Display all instance parameters
RSUSR003 Check the passwords of users SAP* and DDIC in all clients
RSUSR006 List users last login
Meaning of info structures' first letter
A Pricing
B Output determination
C Account determination
D Material determination
E Rebates
F Index
G Listing and Exclusion
H Batch determination
I Profile determination
S Statistics
X Statistics extra
Unconditional mode when importing or exporting a request/transport
Run the command R3trans -u under user «SysID»adm.
Reapplying hot packages
If you accidently applied hot packages out of sequence for instance. Use the transaction SM31 to modify table PAT03. You have to choose the desired patch and click on delete entry.
Main return codes of tp program
0 Successfully done
4 Warnings occurred
8 Errors occurred
12 Fatal errors occurred
16 Internal errors occurred
Scheduling of system maintenance jobs
RSBTCDEL Clean the old background job records
RSDBCREO Clean batch input session log
RSPO0041 Removing old spooling objects
RSSNAPDL Clean the old ABAP error dumps
List of most used SAP extensions and their components
CUST1 MENUS000+C01 Customer option in the Office menu
CUST2 MENUS000+C02 Customer option in the Logistics menu
CUST3 MENUS000+C03 Customer option in the Accounting menu
CUST4 MENUS000+C04 Customer option in the Human Resources menu
CUST5 MENUS000+C05 Customer option in the Information Systems menu
CUST6 MENUS000+C06 Customer option in the Tools menu
CUST7 MENUS000+C07 Customer option in the System menu
ZXUSRU01 Exit_saplsusf_001 At login time
SAPMF02D Exit_sapmf02d_001 When saving customer master data
SAPMF02K Exit_sapmf02k_001 When saving vendor master data
M61X0001 Exit_saplm61c_001 When processing MRP planning
M61X0001 Exit_sapmm61x_001 When processing MRP planning
FYTX0001 Exit_saplv61a_001 Modifications in pricing procedures
MBCF0002 Exit_sapmm07m_001 Checks for materials documents
SDVFX002 Exit_saplv60b_002 Link between SD and FI documents
M06B0003 Exit_sapmm06b_001 When saving MM documents
Before going live
It is highly advisable to increase the next extend´s size of some tables and their indexes even before initial loadings
FI BKPF, BSEG, BSIS, BSAD, BSAK, BSID and BSIK
CO COEJ, COEP, COKS, COSS and T811*
AM ANL*
MM MKPF, MSEG and BSIM
SD VBAP, VBAK, VBEP, VBPA, LIKP, LIPS, VBRK, VBRP, VBKD,VBUK,VBUP
and VBSS
PP RESB and MDTB
Accross module ATAB, TST03, TSP01, MCSI, KNVP, ACCTIT, COEP, APQD, RFBLG, CDCLS, SDBAD and from S000 to S999
Locking the whole system
Using the command tp locksys «SysID» only the user SAP* will be allowed to login. The command tp unlocksys «SysID» cancels the lock.
Connection between SAP R/3 and operating system
The command sapevt can be used to trigger an event from the operation system. Thus, a job previously defined within R/3 will be released.
SQL code help
Run the command oerr ora «error number» under user ora«SysID».
Oracle import and export explanations
Run the command imp help=yes under user ora«SysID». This format can also be used with exp, impst, and expst.
Client 066 usually exists in a SAP system because of EarlyWatch services. Often this client does not have master users. If it is true, anyone can log into the system using the client 066, user SAP*, and password PASS. Enjoy yourself.
Special copy and paste
Click on the area and press CTRL+Y. It allows you to copy many lines at once and paste them afterwards.
Long messages on footer
Click on the message and hold the mouse button. After moving the mouse to the left side.
Direct input logs
The transaction BMV0 (direct input logs) shows all direct input logs.
Graphics on SAPscript
The program RSTXLDMC can be used to upload graphics (file extension .tif on PC files) into individual standard text.
Adding icons
The include «ICON» can be easily used in your programs. All icons can be checked through the transaction ICON. Sequences of characters begin and finish with the symbol @. Even plain files under operating system can contain those strings.
Adding symbols
The include «SYMBOL» can be easily used in your programs. It makes available a great number of symbols.
Filling up an empty date field quickly
Strike the key F4 (or click on matchcode symbol) and press ESCAPE. The current date is automaticly set.
Setting up module FI/CO without using IMG
Almost all parameters can be set using the transactions ORFA (Asset Accounting), ORFB (Financial Accounting), and ORKS (Cost Center Accounting).
Deleting cost elements and cost centers
Since they have no postings you can use the transaction KA04 for deleting cost elements and KS04 for deleting cost centers.
Displaying check object when not authorized
Soon after the lock try to access the transaction SU53. It reports the last objects verified and also the respective values.
Table analyses between two systems
The contents of a table between two systems can be checked through the transaction OY19.
Correction and transport system
The transaction SE10 provides the easiest way to manage any request/transport and corrections.
General command field formats
/n Skip to the next record if you are processing one batch input session
/bend Cancel a batch input foreground process
/nend Close all R/3 sessions and logoff
/nxxxx Call the transaction xxxx in the same session
/o Generate a session list
/oxxxx Call the transaction xxxx in an additional session
/i Delete the current session
/h Turn the debug mode on
/$tab Reset all buffers (for System Administrators)
/$sync Synchronize instances buffers (for System Administrators)
Report command field formats
%pri Print the current report
%pc Download the current report
%sc Call the find function
p+ Go to the next page
p- Go to the previous page
p++ Go to the last page
p-- Go to the first page
Helpful reports
RSCLTCOP Copy tables across clients
RSAVGL00 Table adjustment across clients
RSINCL00 Extended program list
RSBDCSUB Release batch-input sessions automaticly
RSTXSCRP Transport SAPscript files across systems
RSORAREL Get the Oracle Release
RGUGBR00 Substitution/Validation utility
RSPARAM Display all instance parameters
RSUSR003 Check the passwords of users SAP* and DDIC in all clients
RSUSR006 List users last login
Meaning of info structures' first letter
A Pricing
B Output determination
C Account determination
D Material determination
E Rebates
F Index
G Listing and Exclusion
H Batch determination
I Profile determination
S Statistics
X Statistics extra
Unconditional mode when importing or exporting a request/transport
Run the command R3trans -u under user «SysID»adm.
Reapplying hot packages
If you accidently applied hot packages out of sequence for instance. Use the transaction SM31 to modify table PAT03. You have to choose the desired patch and click on delete entry.
Main return codes of tp program
0 Successfully done
4 Warnings occurred
8 Errors occurred
12 Fatal errors occurred
16 Internal errors occurred
Scheduling of system maintenance jobs
RSBTCDEL Clean the old background job records
RSDBCREO Clean batch input session log
RSPO0041 Removing old spooling objects
RSSNAPDL Clean the old ABAP error dumps
List of most used SAP extensions and their components
CUST1 MENUS000+C01 Customer option in the Office menu
CUST2 MENUS000+C02 Customer option in the Logistics menu
CUST3 MENUS000+C03 Customer option in the Accounting menu
CUST4 MENUS000+C04 Customer option in the Human Resources menu
CUST5 MENUS000+C05 Customer option in the Information Systems menu
CUST6 MENUS000+C06 Customer option in the Tools menu
CUST7 MENUS000+C07 Customer option in the System menu
ZXUSRU01 Exit_saplsusf_001 At login time
SAPMF02D Exit_sapmf02d_001 When saving customer master data
SAPMF02K Exit_sapmf02k_001 When saving vendor master data
M61X0001 Exit_saplm61c_001 When processing MRP planning
M61X0001 Exit_sapmm61x_001 When processing MRP planning
FYTX0001 Exit_saplv61a_001 Modifications in pricing procedures
MBCF0002 Exit_sapmm07m_001 Checks for materials documents
SDVFX002 Exit_saplv60b_002 Link between SD and FI documents
M06B0003 Exit_sapmm06b_001 When saving MM documents
Before going live
It is highly advisable to increase the next extend´s size of some tables and their indexes even before initial loadings
FI BKPF, BSEG, BSIS, BSAD, BSAK, BSID and BSIK
CO COEJ, COEP, COKS, COSS and T811*
AM ANL*
MM MKPF, MSEG and BSIM
SD VBAP, VBAK, VBEP, VBPA, LIKP, LIPS, VBRK, VBRP, VBKD,VBUK,VBUP
and VBSS
PP RESB and MDTB
Accross module ATAB, TST03, TSP01, MCSI, KNVP, ACCTIT, COEP, APQD, RFBLG, CDCLS, SDBAD and from S000 to S999
Locking the whole system
Using the command tp locksys «SysID» only the user SAP* will be allowed to login. The command tp unlocksys «SysID» cancels the lock.
Connection between SAP R/3 and operating system
The command sapevt can be used to trigger an event from the operation system. Thus, a job previously defined within R/3 will be released.
SQL code help
Run the command oerr ora «error number» under user ora«SysID».
Oracle import and export explanations
Run the command imp help=yes under user ora«SysID». This format can also be used with exp, impst, and expst.
SAP IDES ERP 6 0 NW 7 01 EHP4 MSSQLSRV FOR WINDOWS INSTALL
HI,
CURRENTLY I HAVE THE SAP IDES ERP 6.0/NW 7.01 EHP4 MSSQLSRV FOR WINDOWS INSTALLATION
I HAVE PREPARED THE OS AND ALL THE SAP RELATED PREINSTALLATION WHEN THE INSTALLATION TIME IN INSTALLATION MASTER I AM GETTING FOLLOWIN SCREEN
HOW CAN I INSTALL THE CENTERL INSTANT
PLEASE HELP TO INSTALL THIS
Download attached file(s)SRM Installation help
Hi Guys, I want to Install SRM 5.0 I got the Installation Documents regarding this. Can anyone send me the Installation screenshots for the same. I will be thankful for this. Thanks & Regards Ajitabh
SAP standard users Must Known
SAP Systems create the standard users SAP*, DDIC and EARLYWATCH during the installation process in the clients as shown in the table below.During the installation process, SAP Systems creates standard users such as SAP*, DDIC and EARLYWATCH. The table below shows these ID’s with their standard passwords.
SAP* will be available right after the installation in all client and contains composite profile SAP_ALL assigned and with all authorizations, including the ones needed for system set up.SAP® has implemented this standard, hard-coded (backdoor) ID to allow a login, if the basis administrator’s user-ID is disable or for emergency access. However, to enable this standard ID, SAP* created as regular user-ID needs to be deleted.To prevent a login with SAP* after a deletion, the parameter login/no_automatic_user_sapstar should be set. Value 0 (zero) allows users to log in with SAP*. Value 1 will prevent users from logging on after SAP* is deleted.The standard password for this user directly after the installation of clients 000,001 and 066 is 06071992.The standard password for all new clients is PASS.The preferable method to protect this user is the deactivation of SAP* :Remove all authorizations from this user.Create a new superuser and deactivate SAP*.Change all of the default passwords for these users.Lock the user account.Set the parameter login/no_automatic_user_sapstar to 1.Activate the audit log for this user.Assign them to the group SUPER so that they only be modified by administrators who are authorized to change users in the group SUPER.Report RSDELSAP deletes the user SAP*in the client 066. The corresponding source code is not active but available.The user DDIC is established in the client 000 and 001 with the installation and copies of these clients. This standard user -id is uitilized to cover installation and release updates including changes to the data dictionary. The use of the transport management system is restricted to display only.This is the protection against any direct development. As the technical steps related to this process are initiated in the client 000, the DDIC only needs to be a dialog user in 000. In all other clients he can be set to the user type “system”. The standard password for this user directly after the installation is 19920706.The report RDDPWCHK allows to check the password that is assigned to the user DDIC. In case the password matches, the dialog window will be closed. For mismatches the message False is displayed. The counter for false login does not count these password detection attempts.
SAP* will be available right after the installation in all client and contains composite profile SAP_ALL assigned and with all authorizations, including the ones needed for system set up.SAP® has implemented this standard, hard-coded (backdoor) ID to allow a login, if the basis administrator’s user-ID is disable or for emergency access. However, to enable this standard ID, SAP* created as regular user-ID needs to be deleted.To prevent a login with SAP* after a deletion, the parameter login/no_automatic_user_sapstar should be set. Value 0 (zero) allows users to log in with SAP*. Value 1 will prevent users from logging on after SAP* is deleted.The standard password for this user directly after the installation of clients 000,001 and 066 is 06071992.The standard password for all new clients is PASS.The preferable method to protect this user is the deactivation of SAP* :Remove all authorizations from this user.Create a new superuser and deactivate SAP*.Change all of the default passwords for these users.Lock the user account.Set the parameter login/no_automatic_user_sapstar to 1.Activate the audit log for this user.Assign them to the group SUPER so that they only be modified by administrators who are authorized to change users in the group SUPER.Report RSDELSAP deletes the user SAP*in the client 066. The corresponding source code is not active but available.The user DDIC is established in the client 000 and 001 with the installation and copies of these clients. This standard user -id is uitilized to cover installation and release updates including changes to the data dictionary. The use of the transport management system is restricted to display only.This is the protection against any direct development. As the technical steps related to this process are initiated in the client 000, the DDIC only needs to be a dialog user in 000. In all other clients he can be set to the user type “system”. The standard password for this user directly after the installation is 19920706.The report RDDPWCHK allows to check the password that is assigned to the user DDIC. In case the password matches, the dialog window will be closed. For mismatches the message False is displayed. The counter for false login does not count these password detection attempts.Do not delete DDIC or its profiles. DDIC is needed for certain tasks in installation and upgrade, software logistics, and for the ABAP Dictionary. Deleting it results in loss of functions in these areas.To make sure everything runs smoothly, give DDIC the authorizations for SAP_ALL during an installation or upgrade and then lock it afterwards. Only unlock it when necessary.To find out which clients you have in your system, display the table T000 using transaction SM30.Use the report RSUSR003 to make sure that the user SAP* has been created in all clients and that the standard passwords have been changed for SAP*, DDIC (and also the older user SAPCPIC). For more information, see SAP Note 40689.When using the SAP support services, you often need to allow remote access to your system using a user defined at your site. Because you are allowing system access to someone outside of your system, you should take extra precautions to protect this user. We recommend the following:Define a special user for remote access. Do not use any of the standard users.Define a procedure for activating and deactivating the user. Activate it only when necessary and deactivate it once the remote session is completed.Do not disclose this user’s password over the remote session. Send it over a separate channel such as an e-mail or a return telephone call. Change the password once the session is completed.EARLYWATCH is created in the client 066 during installtion and is used for remote control by SAP® and is only set up with some standard authorizations S_TOOLS_EX_A for performance monitoring. The user is to be locked in general, and can be unlocked upon request. Initial password for EARLYWATCH is support.To summarize, we recommend that you regularly review the following criteria for protecting the standard users:Maintain an overview of the clients that you have and make sure that no unknown clients exist.Make sure that SAP* exists and has been deactivated in all clients.Make sure that the default passwords for SAP*, DDIC, and EARLYWATCH have been changed.Make sure that these users belong to the group SUPER in all clients.Lock the users SAP*, DDIC, EARLYWATCH and your remote support user. Unlock them only when necessary. (Note that it should never be necessary to use SAP*!)Lock DDIC and EARLYWATCH and unlock them only when necessary.This ID is automatically created at the set up the change and transport management system in the client 000. The user type is “Communication”, and is utilized for transports by the CTS. TMSADM is assigned to profile S_A.TMSADM assigned that authorizes the use of RFC with display of the development environment as well as access to write to the file system. The standard password for this user directly after the installation is PASSWORD.SAPCPIC is created as a “communication” user at the installation and is mostly used for EDI. The standard profile S_A.CPIC restricts the access to the use of RFC. This user is hard-coded into the function module INIT_START_OF_EXTERNAL_PROGRAM together with a standard password. This needs to be considered in case of password changes for this user.The standard password for this user directly after the installation is ADMIN.The user is established with full authorizations for the administration. With regard to security, the user has no standard password assigned. To utilize this user as emergency user the properties in the UME need to be maintained. Setting the ume.superadmin.activated property to true will activate the use of this user for emergency cases. Setting a password in ume.superadmin.password will then activate the user finally after the restart of the engine. While the user SAP* is in use, all other users will be inactivated during this time.When the system is fixed, the deactivation can be achieved by setting the ume.superadmin.activated property to false.This user is the Java standard user with full administration authorization in this environment. The password is to be assigned during the set up.High complexity is recommended for this password.This user is a Java standard user who can be utilized for anonymous access. The user is locked per default. The password is assigned during the installation.This user is a standard communication user for LDAP Lightweight Directory Access Protocol data sources.This standard user is utilized for the communication between Java and ADS Adobe Document Service.This standard user is utilized in the context of the Composite Application Framework (CAF) core transport system and communication with other Java services.
SAP VA05 Display Sales Orders
SAP VA05 display all Sales Orders relating to a particular customer or material
4. Enter Selection requirements 6. Click Customer name (Sold to party) or Material code, which Sales order you wish to display.
7. Click "Enter" Icon, the list of Sales Order will be displayed. .
SAP enter current date in transaction
Enter current date in SAP transaction
1. On the date field press "F4" key to call up the calender
The following calender will be shown
2. Then Press "F2" key to select today's date.
The date will be inserted in the date field
SAP NETWEAVER IDENTITY MANAGEMENT
SAP NetWeaver Identity Management helps companies to centrally manage their user accounts (identities) in a complex system landscape. This includes both SAP and non-SAP systems. The solution provides an authoritative, single source of user information and enables self-service management of user information and authorizations using workflow
SAP R 3 Architecture FAQ
1. What guarantees the integration of all application modules?
The R/3 basis system guarantees the integration of all application modules. The R/3 basis s/w provides the run time environment for the R/3 applications ensures optimal integration, defines a stable architectural frame for system enhancements, and contains the administration tools for the entire system.One of the main tasks of the basis system is to guarantee the portability of the complete system.2. What are the central interfaces of the R/3 system? Presentation Interface. Database Interface. Operating system Interface.3. Which interface controls what is shown on the p.c.? Presentation Interface.4. Which interface converts SQL requirements in the SAP development system to those of the database? Database Interface.5. What is SAP dispatcher? SAP dispatcher is the control agent that manages the resources for the R/3 applications.6. What are the functions of dispatcher? Equal distribution of transaction load to the work processes. Management of buffer areas in main memory. Integration of the presentation levels. Organization of communication activities.7. What is a work process? A work process is where individual dialog steps are actually processed and the work is done. Each work process handles one type of request.8. Name various work processes of R/3 system? Dialog or Online (processes only one request at a time). Background (Started at a specific time) Update (primary or secondary) Enque (Lock mechanism). Spool (generated online or during back ground processing for printing).9. Explain about the two services that are used to deal with communication.Message Service: Used by the application servers to exchange short internal messages, all system communications.Gateway Service: Enables communication between R/3 and external applications using CPI-C protocol.10. Which work process triggers database changes?Update work process.11. Define service (within R/3)?A service is a process or group of processes that perform a specific system function and often provide an application-programming interface for other processes to call.12. What are the roll and page areas?Roll and page areas are SAP R/3 buffers used to store user contexts (process requests). The SAP dispatcher assigns process requests to work processes as they are queued in the roll and page areas.Paging area holds data from the application programs.Roll area holds data from previous dialog steps and data that characterize the user.13. What are the different layers in R/3 system?Presentation Layer.Application Layer.Database Layer.14. What are the phases of background processing?Job Scheduling.Job Processing.Job Overview.15. What components of the R/e system initiate the start of background jobs at the specified time?The batch scheduler initiates the start of background job. The dispatcher then sends this request to an available background work process for processing.16. Define Instance.An instance is an administrative unit in which components of an R/3 systems providing one or more services are grouped together. The services offered by an instance are started and stopped at random. All components are parameterized using a joint instance profile. A central R/3 system consists of a single instance in which all-necessary SAP services are offered. Each instance uses separate buffer areas.17. From hardware perspective, every information system can be divided into three task areas Presentation, Application Logic and Data Storage.The R/3 Basis software is highly suitable for use in multi-level client/server architectures.18. What are R/3 Basis configurations?A central system with centrally installed presentation software.Two-level client/server system with rolled out presentation software.Two-level client/server system. Presentation and Application run on the same computer.Three-level client/server system. Presentation, Application and database each run on separate computers.19. What is a Service in SAP terminology?A service refers to something offered by a s/w component.20. What is Server in SAP terminology?A component can consist of one process or a group and is then called the server for the respective service.21. What is a client in SAP terminology?A S/W component that uses the service (offered by a s/w component) is called a Client. At the same time these clients may also be servers for other services.22.What is a SAP system?The union of all s/w components that are assigned to the same databases is called as a SAP system.23. What is the means of communications between R/3 and external applications?The means of communication between R/2,R/3 and external applications is via the CPI-C handler or SAP Gateway, using the CPI-C Protocol.24. What is the protocol used by SAP Gateway process?The SAP Gateway process communicates with the clients based on the TCP/IP Protocol.25. Expand CPI-C.Common Program Interface Communication.26. What is a Spool request?Spool requests are generated during dialog or background processing and placed in the spool database with information about the printer and print format. The actual data is places in the Tem Se (Temporary Sequential objects).27. What are different types of Log records?V1 and V2. V1 must be processed before V2. But, we can have more than one V2 logs.28. What are the types of Update requests?An update request can be divided into one primary (V1) and several Secondary update components (V2). Time-critical operations are placed in V1 component and those whose timing is less critical are placed in V2 components. If a V1 update fails, V2 components will not be processed.29. Dialog work processes perform only one dialog step and then available for the next request.30. Explain what is a transaction in SAP terminology.In SAP terminology, a transaction is series of logically connected dialog steps.31. Explain how SAP GUI handles output screen for the user.The SAP front-end s/w can either run on the same computer or on different computers provided for that purpose. User terminal input is accepted by the SAP terminal program SAP GUI, converted to SAP proprietary format and sent to the SAP dispatcher. The dispatcher coordinates the information exchange between the SAP GUIs and the work processes. The dispatcher first places the processing request in request queues, which it then processes. The dispatcher dispatches the requests one after another, to the available work process. The actual processing takes place in the work process. When processing is complete, the result of a work process is returned via the dispatcher to the SAP GUI. The SAP GUI interprets the received data and generates the output screen for the user.SAP VF03 Print Sales Invoice
SAP VF03 Print Sales Invoice
1. Go to SAP Tcode VF03
2. Click "Billing Document"
Choose "Issue Output to"
3. Click "printer" icon to print
4. If you want to Setting printer, Click "print options" icon above
5. To preview sales invoice click "preview" icon
Thursday 8 September 2011
System Monitoring Monthly Tasks
SAP - General
House keeping – delete old logs, spools if any
Review user ID for Terminated users that should be locked or deleted
Check changeable status for applicable client
SM01
Transaction Codes: Lock / Unlock
Check locked transactions against your list
Database - Oracle
Record database usage and plot database growth
ST04
Database Performance Analysis
Review System performance analysis – Check critical tables for reorganization.
House keeping using SAPDBA, Backup database log files & delete.
Operating System
Backup file server; Review file system usage. Plot usage.
House keeping jobs – Backup system logs, delete core files if any, remove all unwanted files.
SAP R 3 System Parameters Review
SAP R/3 System Parameters Review
This overview describes how security and controls can be implemented through system parameters. System parameters are used to maintain configuration over the operation of the SAP system. System parameters may define key settings for the whole system on which SAP runs, individual hosts systems (e.g. configuration for only one of many application servers) or the instances that are running on these servers. The majority of system parameters ensure that SAP operates effectively on the customer’s preferred hardware, operating system and database platforms. System parameters also control how SAP operates and provides system wide control over some aspects of Security. System parameters are set using transaction RZ10. To make the parameters globally effective set them in the default profile, DEFAULT.PFL. To make them instance-specific, you must set them in the profiles of each application server in your R/3 System. System parameters can be reviewed with transaction TU02 or from the standard SAP report RSPARAM using transaction SA38.Incorrect Logon, Default Clients and Default Start Menus• Login/fails_to_session_end (default value - 3)defines the number of times a user can enter an incorrect password before the system terminates the logon attempt.• Login/fails_to_user_lock (default value - 12)the number of times a user can enter an incorrect password before the system locks the user. If the system locks, an entry is written to the system log, and the lock is released at midnight.• Login/failed_user_auto_unlock (default value - 1)unlocks users who are locked by logging on incorrectly. The locks remain if the parameter value is 0.This parameter specifies the default client. This client is automatically filled in on the system logon screen. Users can enter a different client.Since release 3.0E, external security tools such as Kerberos or Secude have managed R/3 System access. If this parameter is set, an additional identification can be specified for each user (in user maintenance) where users log on to their security system. To activate, set the value to X.• rdisp/gui_auto_logout (default value - 0)Maximum time allowed between input from the GUI before the frontend is automatically logged out. The value is set in seconds and the value of zero is used when this facility is not active.This parameter specifies the default start menu for all users and can be overwritten with the user-specific start menu (transaction SU50). The default is S000, and this value can be set to any other area menu code.System profile parameters define the minimum length of a password and the frequency with which users must change passwords.minimum password length. The minimum is three characters and the maximum eight characters.• Login/password_expiration_timenumber of days after which a password must be changed. The parameter allows users to keep their passwords without time limit and leaves the value set to the default, 0.• To prevent use of a certain password, enter it in table USR40. Maintain this table with transaction SM30. In USR40, you may also generically specify prohibited passwords.There are two wild-card characters:– * means a sequence of any combination characters of any length– 123* in table USR40 prohibits any password that begins with the sequence 123.– *123* prohibits any password that contains the sequence 123.– AB? prohibits passwords that begin with AB and have an additional character, such as ABA, ABB, and ABC.Securing SAP* user master record• login/no_automatic_user_sapstarBy default SAP is installed with a user master record SAP*. This user has the profile SAP_ALL with access to all transactions and programs in SAP. By default if this user master record is deleted then SAP allows logon using SAP* and a password of ‘PASS’. Although the user master record does not exist, SAP grants unrestricted system access privileges to SAP*. By setting this parameter value to ‘1’ this ‘backdoor’ access is blocked in the event the SAP* user master record is deleted. Prior to version 4.0 this parameter was login/no_automatic_user_sap*.• Auth/check_value_write_on (default value - 0)Authorization failures can be evaluated immediately they occur by running transaction SU53. This functionality is only active if the parameter is set to a value greater than zero in the system profile parameter.• Auth/authorization_trace (version 4.0B onwards - default value - ‘N’)When the parameter is set, any authorization checks performed are validated against existing entries in table USOBX. If the table does not contain the transaction/authorization object combination, then a new entry is added to the SAP reference table (i.e. USOBT not USOBT_C). Due to significant performance issues, SAP does not recommend this parameter being set in customer systems.• Auth/test_mode (version 4.0B onwards - default value ‘N’)When activated every authority check starts report RSUSR400. However SAP recommends not activating this parameter as the system is paralyzed if syntax errors occur in running the report and it has a significant performance impact .• Auth/no_check_on_sucode (version 3.0E to version 3.1H - default value ‘N’), Auth/no_check_on_tcode (version 4.0 onwards - default value - ‘N’)From release 3.0E, the system checks on object S_TCODE. In upgrades from versions prior to 3.0E to set this flag to ‘Y’ to ensure that old profiles operate in the new system. By default, the function is inactive.The flag should not normally be switched on because of the degradation in security that results.• Auth/no_check_in_some_cases (version 3.0F onwards -default value depends on release)This parameter needs to be set to ‘Y’ for installation of the profile generator. It defines the use of table USOBT in the authority checks undertaken and allows authority checks to be disabled in individual transactions. Whilst SAP recommends switching off unnecessary authority checks, the full impact of this should be considered carefully.• Auth/object_disabling_active (default value -‘N’)Whilst_no_check_in_some_cases allows authority checks to be switched off in for individual transactions, this parameter allows checks on individual objects to be switched off globally within SAP. It is recommended that this parameter is not set.Number of Authorisations in User Buffers• Auth/auth_number_in_userbufferWhen a user logs onto SAP, the authorizations contained in the user’s profiles are copied to a user buffer in memory. The maximum number of authorizations copied is set by this parameter. The size of the buffer must always exceed the maximum number of authorizations as authorization checks are made only against those in the buffer.The default value is 800, but this can be set to between 1–2000. Refer to OSS notes 84209 and 75908 for more detailed information regarding changes to the size of the user buffer.Transaction SU56 shows the contents of the user’s user buffer and a total for all the authorizations in a user master record.Table, ABAP and RFC system parameters• Rec/client (default value - ‘N’)The parameter switches automatic table logging on. Images of the table before and after are logged rather than just changes and so consideration to which tables are to be logged and log volumes must be made before using this as part of a control solution.• Auth/rfc_authority_check (default value - ‘1’)The parameter determines how object S_RFC is checked during RFC calls. The object has three fields, activity, the name of the function being called and the function group in which the function resides. The parameter defines whether S_RFC object is checked and if so, whether the function group field is included in the validation.Value = 0, no check against S_RFCValue = 1, check active but no check for SRFC-FUGRValue = 2, check active and check against SRFC-FUGR• Auth/system_access_check_off (default value - ‘0’ - check remains active)This parameter inactivates the automatic authorization check for particular ABAP/4 language elements (file operations, CPIC calls, and calls to kernel functions). This parameter ensures the downward compatibility of the R/3 kernel.• TU02 Shows current parameters for all hosts and gives a history of changes to parameters• RZ10 Maintain system parameters• RZ11 View single system parameters and their functional area.• SU56 Shows all authorizations a user has in their user master record and the total number. This is useful toidentify apparent authorization failures caused by user buffer overflow.RSPARAM displays all system parameters set and applicable to the system and instance in which it is run.From version 4.0 the RSUSR003 report also shows the settings for some of the critical password parameters. The report also shows identifies whether SAP*, DDIC or CPIC have insecure passwords by comparing value of the encrypted password field with the encrypted values of the standard shipped passwords. It also shows whether the SAP* user master record is absent from any clients.Tables ACCTHD ACCTIT ACCTCR Questions and answers
The tables ACCTHD, ACCTIT and ACCTCR are increasing in size and use a lot of space in the database. You have the following questions:
1. Which data is updated in the ACCT* tables?
The documents of MM Inventory Management and MM Invoice Verification do not contain all the information required for an update in Accounting. Certain additional information is known only during the life of the original posting. These documents are unsuitable for subsequent postings. For this reason, when you post goods movements and invoice receipts (reference types MKPF and RMRP), the call of the accounting interface is documented in the form of documents in the tables ACCTHD, ACCTIT and ACCTCR.
With Note 1228011, PRCHG, MLHD and MLCU was added to the list of AWTYP's.Note 316468 describes how you can determine the organizational units and periods to which the data of the ACCT tables is assigned.
2. For what are these tables required?
This information is stored for applications which are to be supplied with the posting data of MM Inventory Management and MM Invoice Verification at a later date. This concerns the following applications:
Special Purpose Ledger (FI-SL)
Profit Center Accounting (EC-PCA)
Controlling (CO)
Public Sector Funds Management (PSM-FM)
The reason for subsequent posting may be:
You plan to use an application in production at a later point and to use data of past periods in this application.
You use an application in production but you do not provide the data online. You can check whether this is the case using the following Customizing transactions:
Special Purpose Ledger (FI-SL): Call transaction GCD1 and select FI-SL as origin of original document. Enter the posting status and choose Goto -> Posting test. Enter a transaction and select other parameters, if necessary. Execute the transaction.
The diagnosis outputs a list of FI-SL ledgers which are directly supplied, or supplied by means of subsequent posting (depending on the selected posting status), with data of the selected transaction.
Controlling (CO): for active CO components (cost centers, orders, and so on), the data is always transferred online. You can use transaction OKKP to check whether a component is active. Select a controlling area, choose Activate components/control indicators and double-click the relevant fiscal year. (The settings specified below are relevant for the profit center).
Profit Center Accounting (EC-PCA): Call transaction 1KEF and enter a controlling area. If the 'Online transfer' checkbox is selected, the system transfers the data of the corresponding years online.
Funds Management Public Sector (IS-PS-FM): If this component is active, the system transfers the MM Inventory Management data and MM Invoice Verification online.
Two options for subsequent postings:
Transaction GCU4 or OKBB (program RGUREC30): subsequently posting from the datasets of the ACCT* tables of MM data into the above-mentioned applications. As far as completeness of subsequently posted data is concerned, this is the method to be recommended. However, it entails a considerable data volume in the ACCT* tables.
Transaction GCU1 or OKBA (program RGUREC10): subsequently posting from the datasets of the FI documents into the above-mentioned applications. The ACCT* tables are NOT used in this case. You could do without the tables being updated and reduce the amount of work for the database.
Note:
When you subsequently post FI data that originates from MM Inventory Management or MM Invoice Verification, the system first checks as to whether data is also contained in the ACCT* tables. If data is found, no subsequent posting is made. As of Release 3.1H, you have the option of deactivating the above procedure ('Transfer MM, SD, and HR docs' indicator) so that FI documents that originate from MM Inventory Management or MM Invoice Verification types are subsequently posted in this case also.
The disadvantage associated with this variant is that information may be lost, since an FI document might not contain all the data or certain data is summarized at your wish. Therefore, compare the fields of the tables BSEG and ACCT*. Consider possible summarizations set for table BSEG (see Note 36353). If the additional fields of the ACCT* tables are not important for you, subsequently posting from the dataset of the FI documents does not entail any disadvantages for you.
Joint Venture Accounting (CA-JVA) also uses the tables. See Notes 551618, 540178 and 565448.
Apart from the reasons mentioned above, you require the ACCT* tables if errors occurred during the through posting of MM Inventory Management documents or MM Invoice Verification documents. You can correct errors of this type by using the information from the ACCT* tables.
For audit purposes, the ACCT* tables are not used by AIS and DART in the standard. However, the user exit technology in DART enables you to tailor the increase the data volume, that is, ACCT* tables also.
In the material ledger (actual costing, CO-PC-ACT), the value flow monitor (transaction CKMVFM) can be used to analyze differences in price difference accounts.
It is also possible to compare the posted values in FI with the material ledger. For special stocks, this option is useful only if the update of the table ACCTIT is activated.
For analyzing special stocks, the value flow monitor cannot determine all the required information from the FI documents. All missing information is read from the table ACCTIT. If the update of the table ACCTIT is not activated, the special stock differences are assigned to the stock materials in the value flow monitor. The total of the differences for a material is then correct. However, it is not apparent whether the differences are relevant for the warehouse stocks or the special stock.
The value flow monitor can also be executed without the "Reconciliation FI with ML" option. Then the update of the table ACCTIT does not play any role.
3. Is the data relevant to euro?
The tables ACCTHD, ACCTIT and ACCTCR are not converted during the local currency changeover. Therefore, the data from these tables can no longer be used for subsequent postings after a local currency changeover.
Prior to the local currency changeover or immediately after it at the latest, you should either delete this data in all (converted) clients to be converted or archive it (only then for audit purposes).
If the tables are not very large, you can keep them in the database and delete or archive them after the local currency changeover. If errors occur during the local currency changeover, the ACCT* tables could help you to localize and eliminate the error (only for documents with the reference types MKPF and RMRP).
4. Is it possible to do without an update of the tables?
A functional disadvantage in the case of missing ACCT* table entries relates to the subsequent postings in the above cases.
There are the following scenarios:
You transfer data online to active R/3 components. You do not have any future plans to supply new components with older posting data from MM Inventory Management or MM Invoice Verification. In this case, you can deactivate the update of the tables and delete their contents.
You do not transfer online the data from MM Inventory Management or MM Invoice Verification to the above-mentioned active R/3 components but post it subsequently from the FI documents (transaction GCU1 or OKBA). You have future plans to supply new components with older posting data from MM Inventory Management or MM Invoice Verification using the FI documents. In this case, you can deactivate the update of the tables and delete their contents.
You do not transfer online the data from MM Inventory Management or MM Invoice Verification to the above-mentioned active R/3 components but post it subsequently from the ACCT* tables (transaction GCU4 or OKBB).
As soon as you have subsequently posted a part of the data, you should delete it from the ACCT* tables. If the subsequent posting is made much later, you can alternatively archive the data to then reload it for subsequent posting into the database. However, you must not reset the MM number ranges in this case (see Note 83076)!
Check whether you can subsequently post data using the FI document (transaction GCU1 or OKBA). If so, you can deactivate the update of the ACCT* tables and delete their contents.
You have future plans to supply new components with older posting data from MM Inventory Management or MM Invoice Verification using the ACCT* tables .
You can archive the data to then reload it for subsequent posting to the database. However, you must not reset the MM number ranges in this case (see Note 83076)!
Check whether you can subsequently post data using the FI document (transaction GCU1 or OKBA). If so, you can deactivate the update of the ACCT* tables and delete their contents.
For missing ACCT* table entries, errors that occurred during the through posting of MM Inventory Management documents or MM Invoice Verification documents cannot be corrected or can only be corrected with difficulty. If this aspect is important to you, SAP recommends that you do not deactivate the updating of the ACCT* tables and delete its contents. SAP recommends you to continue updating the tables and to reduce the work of the database through regular archiving.
5. How can a table update be deactivated or activated?
For this purpose, implement the corrections for the function module AC_DOCUMENT_CREATE (program LRWCLU01). After you do so, no new records are written in the ACCT* tables. You should also implement the source code modifications that are contained in Note 821161 in your system.
If you wish the tables to be updated in the future, undo this correction. Afterwards, the ACCT* tables are updated again as before the deactivation.
6. How can the tables be archived?
You can archive the data for the purpose of
- a later subsequent posting
- correcting through-posting errors
Bear in mind the restrictions concerning the local currency changeover and the resetting of MM number ranges (Note 83076).
Note 83076 describes archiving, reading and reloading the ACCT* tables.
7. How can the tables be deleted?
First deactivate the update of the tables as described under point 5.
Delete the tables ACCTHD, ACCTIT and ACCTCR.
Delete the contents of the table for all clients using database tools. This is the fastest and safest method. The advantage of this method lies in the reorganization, which is automatically made by the database.
For this purpose, call transaction SE14 for the tables ACCTHD, ACCTIT, ACCTCR and carry out the steps 'Delete database table' and then 'Create database table'.
If you want to delete data in particular clients only, use the program (ZZTTAMAC) described in the attachment "ZZTTAMAC.TXT". It deletes the tables ACCTHD, ACCTIT and ACCTCR completely in the current client. Depending on the data volume, runtimes may be long.
Create the program (transaction SE38) and execute it.
8. Is the data relevant for the new G/L migration?
In the case of a migration without document splitting, the ACCT* tables have no significance.
When you use the document splitting, the tables are required only in a very specific exceptional case, namely if a splitting is performed for each logical transatcion (LOGVO). However, for this to happen, the FI summarization must not be active. In all other cases, the ACCT* tables are not relevant for the migration and can be archived, deleted or deactivated, or must not be activated if they are already deactivated.
SAP FI Create a New Company
To Create a new company on a blank SAP installation in FI.
If the company was already set up and the company numeric codes already created and you may just copy an existing company code to copy an existing company code using transaction EC01.
But if you want to create and setup a new company from scratch from a 'blank sheet' in SAP R/3 and then create the first set of Books.
Go to Tcode OX02
or
SPRO -> Enterprise structure -> Definition -> Financial Accounting -> Edit, copy, delete company code.
SAP Troubleshooting
Problem: System gets struck
It happens mostly when archive area is overloaded. Check the archive file system. Start archive backup immediately. If your archival backup is not running switch archive to new destination.
Problem: ABAP Dump
Not always the problem is technical. Check the nature of the Dump. Review the application data & program with the concerned.
Problem: Field exits are completly ignored
Make sure your SAP profile parameter contains he option abap/fieldexit = yes.
Problem: Rollback segments are too small
Before increasing the rollback segments you should verify your programs. Very often the problem belongs to them.
SAP SD VF11 Cancel Billing Documents
SAP SD VF11 Cancel Billing Documents
1. Go to SAP Tcode VF11
or path :Logistics -> Sales and Distribution
-> Billing -> Billing document -> Cancel
2. Save to cancel the document.
3.Or If you want to display document (VF03) first, Click "Glass" button
4. Click "Document billing overview" button for checking original billing document & cancel document
5. Click Split analysis button to display detail fields.
Remarks :A Billing Document that has been sent to a customer must not be cancelled.
A further Credit memo must be created in these cases.
Subscribe to:
Posts (Atom)