Q. SAP Security T-codes
A. Frequently used security T-codes
SU01 Create/ Change User SU01 Create/ Change User
PFCG Maintain Roles
SU10 Mass Changes
SU01D Display User
SUIM Reports
ST01 Trace
SU53 Authorization analysis
Q How to create users?
Execute transaction SU01 and fill in all the field. When creating a new user, you must enter an initial password for that user on the Logon data tab. All other data is optional. Click here for turotial on creating sap user id
Q What is the difference between USOBX_C and USOBT_C?
The table USOBX_C defines which authorization checks are to be performed within a transaction and which not (despite authority-check command programmed ). This table also determines which authorization checks are maintained in the Profile Generator.
The table USOBT_C defines for each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator.
Q What authorization are required to create and maintain user master records?
The following authorization objects are required to create and maintain user master records:
• S_USER_GRP: User Master Maintenance: Assign user groups
• S_USER_PRO: User Master Maintenance: Assign authorization profile
• S_USER_AUT: User Master Maintenance: Create and maintain authorizations
Q List R/3 User Types
1. Dialog users are used for individual user. Check for expired/initial passwords Possible to change your own password. Check for multiple dialog logon
2. A Service user - Only user administrators can change the password. No check for expired/initial passwords. Multiple logon permitted
3. System users are not capable of interaction and are used to perform certain system activities, such as background processing, ALE, Workflow, and so on.
4. A Reference user is, like a System user, a general, non-personally related, user. Additional authorizations can be assigned within the system using a reference user. A reference user for additional rights can be assigned for every user in the Roles tab.
Q What is a derived role?
• Derived roles refer to roles that already exist. The derived roles inherit the menu structure and the functions included (transactions, reports, Web links, and so on) from the role referenced. A role can only inherit menus and functions if no transaction codes have been assigned to it before.
• The higher-level role passes on its authorizations to the derived role as default values which can be changed afterwards. Organizational level definitions are not passed on. They must be created anew in the inheriting role. User assignments are not passed on either.
• Derived roles are an elegant way of maintaining roles that do not differ in their functionality (identical menus and identical transactions) but have different characteristics with regard to the organizational level. Follow this link for more info
Q What is a composite role?
• A composite role is a container which can collect several different roles. For reasons of clarity, it does not make sense and is therefore not allowed to add composite roles to composite roles. Composite roles are also called roles.
• Composite roles do not contain authorization data. If you want to change the authorizations (that are represented by a composite role), you must maintain the data for each role of the composite role.
• Creating composite roles makes sense if some of your employees need authorizations from several roles. Instead of adding each user separately to each role required, you can set up a composite role and assign the users to that group.
• The users assigned to a composite role are automatically assigned to the corresponding (elementary) roles during comparison. Follow the link to learn more
Q What does user compare do?
If you are also using the role to generate authorization profiles, then you should note that the generated profile is not entered in the user master record until the user master records have been compared. You can automate this by scheduling report FCG_TIME_DEPENDENCY on a daily.
Q. Can we convert Authorization field to Org, field
A. Authorization field can be changed to Organization field using PFCG_ORGFIELD_CREATE or ZPFCG_ORGFIELD_CREATE
Use SE38 or SA38 to run the above report.
• Organizational level fields should only be created before you start setting up your system. If you create organizational level fields later, you might have to do an impact analysis. The authentication data may have to be postprocessed in roles.
• The fields "Activity", "ACTVT" and "Transaction code", "TCD" cannot be converted into an organizational level field.
In addition, all affected roles are analyzed and the authorization data is adjusted. The values of the authorization field which is now to become the organizational level field are removed and entered into the organizational level data of the role.
Note: Table for Org Element- USORG
Refer to Note 323817 for more detail.
Q. How many profiles can be assigned to any user master record.
A. Maximum Profiles that can be assigned to any user is ~ 312. Table USR04 (Profile assignments for users). This table contains both information on the change status of a user and also the list of the profile names that were assigned to the user.
The field PROFS is used for saving the change flag (C = user was created, M = user was changed), and the name of the profiles assigned to the user. The field is defined with a length of 3750 characters. Since the first two characters are intended for the change flag, 3748 characters remain for the list of the profile names per user. Because of the maximum length of 12 characters per profile name, this results in a maximum number of 312 profiles per user.
Q. Can you add a composite role to another composite role?
A. No Q. How to reset SAP* password from oracle database.
A. Logon to your database with orasid as user id and run this sql
delete from sapSID.usr02 where bname='SAP*' and mandt='XXX';
commit;
Where mandt is the client.
Now you can login to the client using sap* and password pass
Q. What is difference between role and profile.
A. A role act as container that collect transaction and generates the associated profile. The profile generator (PFCG) in SAP System automatically generates the corresponding authorization profile. Developer used to perform this step manually before PFCG was introduced bySAP. Any maintenance of the generated profile should be done using PFCG.
Q. What is user buffer?
A. When a user logs on to the SAP R/3 System, a user buffer is built containing all authorizations for that user. Each user has their own individual user buffer. For example, if user Smith logs on to the system, his user buffer contains all authorizations of role USER_SMITH_ROLE. The user buffer can be displayed in transaction SU56.
A user would fail an authorization check if:
• The authorization object does not exist in the user buffer
• The values checked by the application are not assigned to the authorization object in the user buffer
• The user buffer contains too many entries and has overflowed. The number of entries in the user buffer can be controlled using the system profile parameter auth/number_in_userbuffer.
Q. How to find out all roles with T-code SU01?
A. You can use SUIM > Roles by complex criteria or RSUSR070 to find out this.
Go to the Selection by Authorization Value.
In Object 1 put S_TCODE and hit enter.
And put SU01 in Transaction code and hit execute (clock with check) button.
I use authorization object, as you can use this to test any object.
You can also get this information directly from table, if you have access to SE16 or SE16N. Execute SE16N
Table AGR_1251
Object S_TCODE
VALUE (low) SU01
Q. How to find out all the users who got SU01 ?
A. You can use SUIM >User by complex criteria or (RSUSR002) to find this out.
Go to the Selection by Authorization Value.
In Object 1 put S_TCODE and hit enter.
And put SU01 in Transaction code and hit execute (clock with check) button.
I use authorization object, as you can use this to test any object.
Q. How to find out all the roles for one composite role or a selection of composite roles?
A. Execute SE16N
Table AGR_AGRS
Composite roles You can put multiple composite roles using the more button
Q. How to find out all the derived roles for one or more Master (Parent) roles?
A. Execute SE16N
Table AGR_DEFINE
Use either agr_name field or Parent_agr field.
Q. How can I check all the Organization value for any role?
A. Execute SE16N
Table AGR_1252
Role Type in the role here and hit execute.
You can always download all the information to spreadsheet also using .
Q. How do I restrict access to files through AL11?
A. First create an alias. Go to t-code AL11 > configure > create alias. Let say we are trying to restrict alias DIR_TEMP which is /tmp. Open PFCG and assign t-code AL11, and change the authorization for S_DATASET as mentioned below
Activity 33
Physical file name /tmp/*
Program Name with Search Help *
Q. How can I add one role to many users?
A. SU10. If you have less than 16 users then you can paste the userids.
If you have more than 16 users – Click on Authorization data and click on next to users and upload from clipboard .
Hit the change button and go to the role tab and add the roles to be assigned and hit save.
Q. What are the Best practices for locking expired users?
A. Lock the user. Remove all the roles and profiles assigned to the user. Move them to TERM User group.
Q. How can be the password rules enforced ?
A. Password rules can be enforced using profile parameter. Follow the link to learn more about the profile parameter.
Q. How to remove duplicate roles with different start and end date from user master?
A. You can use PRGN_COMPRESS_TIMES to do this. Please refer to note 365841 for more info.
Q. How come the users have authorization in PFCG, but user still complains with no authorization?
A. Make sure the user master is compared. May be the there is a user buffer overflow
Also check the profile- Follow the instruction below.
SUIM > User by complex criteria.
Put the userid of user who is having issue.
Execute
Double click on the user id and expand the tree. Select the profile in question and see if the authorization is correct or not. If not do the role reorg in PFCG and see if that helps.
Q. How can I have a display all roles.
A. Copy sap_all and open the role and change the activity to 03 and 08
Q. How can I find out all actvt in sap?
A. All possible activities (ACTVT) are stored in table TACT (transaction SM30), and also the valid activities for each authorization object can be found in table TACTZ (transaction SE16).
Monday, August 18, 2008
Step-by-Step Guide for Using LSMW
Step-by-Step Guide for Using LSMW to Update Customer Master Records
Business Case:
As a part of reorganization and to better serve the customer needs, you are regrouping many of the customers. In SAP terms, you are changing the Sales Office, Sales Group and Customer Groups for specific Customer Master Records. Typically, you would maintain customer records with transaction XD02 to update ‘Sales View’. You would enter Customer Key (Customer No, Sales Organization, Distribution Channel, and Division) and update relevant fields on Sales View screen.
This document contains Step-by-step instructions to use LSMW to update Customer Master Records. It has two demonstration examples - one using Batch Recording and another using standard SAP Object.
Note! The screen prints in this article are from IDES Release 4.6. They may differ slightly in other versions.
Demo Example 1
LSMW to Update Customer Master Records with Transaction Recording
Call Legacy System Migration Workbench by entering transaction code LSMW. Every conversion task is grouped together as Project / Subproject / Object structure. Create a Project called LSMW_DEMO and a Subproject as CUSTOMERS and Object as CUST_REC as shown in Figure 1.
Figure 1 Conversion Task with Project, Subproject and Object
The main screen of LSMW provides wizard-like step-by-step tasks, as shown in Figure 2. To complete your data conversion, you need to execute these steps in sequence. Once a step is executed, the cursor is automatically positioned to the next step.
Note that these steps may look different depending upon your Personal menu settings. You could make step numbers visible by ‘Numbers on’ icon or hidden by ‘Numbers off’ icon. You can execute a step by double-clicking on the row. Toggle icon ‘Doubleclick=Display’ or ‘Doubleclick=Edit’, makes the step in ‘display’ mode or ‘change’ mode.
Figure 2 LSMW Wizard – initial screen
Step 1: Maintain Object attributes
In this example, you will be updating the customer master records with the help of recording a transaction (XD02). Choose radio button Batch Input Recording and click on the recording overview icon to record the R/3 transaction. Enter the Recording name as XD02_REC, the description as Customer Master Updates Recording, and the transaction code as XD02.
Figure 3 Object type ‘Transaction Recording’
The system calls the transaction code XD02 and prompts you to complete the Change
Customer transaction, as shown in Figure 4. Enter the key customer information (I entered customer number 1000, sales organization 1000, distribution channel 01, and division 00) and choose ‘Sales’ view within ‘Sales area data’. Make changes to these three fields (I entered, sales office 1010, sales group 110, and customer group 01) and save the transaction.
Figure 4 Transaction recording for Transaction Code ‘XD02’
Once the transaction is completed, R/3 records the flow of screens and fields and saves the information, as shown in Figure 5.
Figure 5 Transaction recording overview
Note that the fields are populated with default values. The values you entered when you recorded the transaction are set by default.
Note that if you have more fields in the recording than needed, you can remove them by clicking ‘Remove Screen field’ icon.
Observe that the transaction-recording process stores field names in a technical format. By pressing the F1 key on individual screen fields and then pressing the F9 key, the system displays technical names. You then can replace the technical names with descriptive names. Double-click on the field RF02D-KUNNR and enter the name as KUNNR and the description as Customer Account Number and remove the default value. (See Figure 6.)
Figure 6 Field attributes
Similarly, double-click on all other fields with default values and make appropriate changes. Once you have made changes, the recording overview screen looks like what you see in Figure 7.
Figure 7 Transaction Recording Overview – with screen field attributes
Save your changes. When you go back to the initial screen, you will see that the initial screen steps have changed. Since you want to import data via the BDC method, the Direct Input and IDoc-related steps are hidden, as they are not relevant.
Step 2. Maintain Source Structures
Give a name and a description to the source structure (Figure 8).
Figure 8 Source Structure
Step 3. Maintain Source Fields
In this step, you need to list what fields are present in the source structure. The easiest way is to click on ‘Table Maintenance’ icon to enter Fieldname, Type and Length for each field as shown in Figure 9.
Figure 9 Source fields of source Structure
Note that your input file will have four fields as key fields and you need to update three fields in the system.
Step 4: Maintain Structure Relations
Execute a step to ‘Maintain Structure Relations’. (See Figure 10.) Since, there is only one Source and Target Structure, the relationship is defaulted automatically.
Figure 10 Structure Relation
Step 5: Maintain field mapping and conversion rules
Field RF02D-D0310 represents that you chose ‘Sales view’ for the customer Master screen accordingly its value should be set to X. Keep your cursor on field RF02D-D0310 and click on Constant rule icon to choose the constant value of ‘X’.
If your source file already has the field value, you choose rule ‘Source Field’.
Keep cursor on field ‘KUNNR’ and click on ‘Assign Source field’ icon to choose source field CUSTOMER from structure XD02S as shown in Figure 11.
Figure 11 Assign source fields
Similarly, assign ‘Source Field’ rules to the remaining fields.
Once all the fields are mapped, you should have an overview screen as shown in Figure 12.
Figure 12 Field mapping and Conversion rules overview
Step 6: Maintain fixed values, translations, user-defined routines
You can also maintain re-usable translations and user-defined routines, which can be used across conversion tasks. In this case, that step is not required.
Step 7: Specify files
In this step, we define how the layout of the input file is. The input file is a [Tab] delimited with the first row as field names. It is present on my PC (local drive) as C:\XD02.txt. (See Figure 13.)
Figure 13 File attributes
Create an Excel file (Figure 14) with your data and save it as a Tab-delimited text file on your local drive (C:\) and name it XD02.txt.
Figure 14 Source data in Excel file (saved as Tab delimited file)
Step 8: Assign files
Execute step ‘Assign Files’ (Figure 15) and the system automatically defaults the filename to the source structure.
Figure 15 Assign file to Source Structure
Step 9: Read data
In this step, LSMW reads the data (Figure 16) from the source file (from your PC’s local drive). You have the option to read only selected rows and convert data values to Internal format.
Figure 16 Read Data
Step 10: Display read data
This step (Figure 17) is optional. If required, you can review the field contents for the rows of data read.
Figure 17 Display Read Data
Step 11: Convert data
This is the step that actually converts the source data (in source format) to a target format. Based on the conversion rules defined, source fields are mapped to target fields.
Step 12: Display Converted data
Again this is an optional step to view how the source data is converted to internal SAP format (Figure 18).
Figure 18 Display Converted Data
Step 13: Create batch input session
Once the source data is converted in an internal format, you can create a batch session to process updates (Figure 19).
Figure 19 Create Batch Input Session
Step 14: Run Batch Input Session
You can execute the BDC session by Run Batch input session. Executing a batch input session is a standard SM35 transaction for managing BDC sessions. Once you have successfully executed the batch input session, the customer master records are updated in the system. You can confirm this by viewing the customer master records (XD03).
Note! Browsing thru these 14 steps, you may get a feeling that this is a very lengthy and time-consuming activity. However, for the purposes of demonstration, I have made it detailed. Although it looks lengthy, actually it takes hardly few hours from start-to-finish! After playing around with few simple LSMW scripts, you will find it so easy to change and create more complex ones.
Demo Example 2
LSMW to Update Customer Master Records with Standard Object
As an alternative to using ‘Transaction Recording’, you could also use a standard SAP object to update Customer Master Records. Business Object ‘0050’ is already pre-defined in the system with standard Batch Input Interface Program ‘RFBIDE00’.
Create an Object CUST_OBJ within Project as LSMW_DEMO and Subproject as CUSTOMERS as shown in Figure 20.
Figure 20 LSMW Object with Standard SAP Object
Note! For the Demo example 2, I will list only those steps that are different from the first demo example.
Step 1: Maintain Object attributes
You will be updating the customer master records with the help of Standard Batch Input; therefore, choose radio-button Standard Batch/Direct Input as shown in Figure 21. Enter Object ‘0050’ for Customer Master records and default method ‘0000’ and click on Save.
Figure 21 Standard Batch/Direct Input Object Attributes
Step 4: Maintain Structure Relations
Sales view of Customer Master is stored in table KNVV. Accordingly, you need to update structure BKNVV. However, in addition, the Standard Object ‘0050’ also requires updates to BGR00, BKN00 and BKNA1 structures. (If you do not maintain Structure relations for mandatory entries, you might get a message such as ‘Target structure BKNA1 needs a relation to a source structure’.)
Even though you don’t want to update any fields in these structures, you need to create a relationship with source structures. In all, you need to create relationship for four target structures.
Create relationship between source structures XD02S with these target structures with icon ‘Create Relationship’ .
Keep Cursor on these four target structures and click on icon ‘Create Relation’ and structure relations are maintained as shown in Figure 22.
Figure 22 Structure Relation
Step 5: Maintain field mapping and conversion rules
-- Keep your cursor on ‘TCODE’ field and click on ‘Insert Rule’ icon
Figure 23 LSMW Conversion Rules
Choose radio button ‘Constant’ (Figure 23) to enter value ‘XD02’ transaction code.
-- Keep your cursor on field ‘KUNNR’ and click on ‘Assign source field’ icon
Choose source field ‘Customer’ from source structure ‘XD02S’. (See Figure 24.)
Figure 24 Assign Source fields
-- Similarly, choose source fields for Sales Organization, Distribution Channel, and Division. (See Figure 25.)
Figure 25 Field Mapping and Conversion Rules
-- Scroll down to structure BKNVV fields and assign source fields to three fields Sales Office, Sales Group, and Customer Group (Figure 26).
Figure 26 Field Mapping and Conversion Rules
Save and go back to main screen.
Step 12: Display Converted data
When you convert data, LSMW automatically converts into the appropriate structure layouts, as required by Standard program (RFBIDE00). (See Figure 27).
Figure 27 Converted data into multiple structures
Note that if you had only one record in source file, the converted file has four records.
Earlier, creating this input file, so that the standard interface program can read it, was a big nightmare, the primary reason being that it could have multiple record layouts. Even for a simple conversion with one input record, you would have to create this complex file with many record layouts. The advantage of LSMW is that it prepares these multi-layout files automatically.
Step 13: Create batch input session
Once source data is converted in internal format, you can create a BDC session to process the updates (Figures 28 and 29).
Figure 28 Create BDC Session
Figure 29 BDC Session ‘CUST_OBJ’ created
Summary
Once BDC session is processed successfully, SAP updates the customer master records with relevant changes. Review these specific customers (transaction code XD03) and confirm that the changes are correctly reflected in the master records.
Mitresh Kundalia heads SAP practice division at Quality Systems & Software (www.QSandS.com). QS&S helps companies achieve world-class performance by realizing their latent business and technological potential with emphasis on SAP systems. QS&S uses Industry-wide best-practices and proven implementation tools to integrate complex business processes with the SAP system. With an MBA degree in finance, Mitresh implements Financial and Logistics applications with specialization in Management reporting, Profitability Analysis, Information systems and Business Information Warehouse. He can be reached by e-mail at mitresh@QSandS.com.
Business Case:
As a part of reorganization and to better serve the customer needs, you are regrouping many of the customers. In SAP terms, you are changing the Sales Office, Sales Group and Customer Groups for specific Customer Master Records. Typically, you would maintain customer records with transaction XD02 to update ‘Sales View’. You would enter Customer Key (Customer No, Sales Organization, Distribution Channel, and Division) and update relevant fields on Sales View screen.
This document contains Step-by-step instructions to use LSMW to update Customer Master Records. It has two demonstration examples - one using Batch Recording and another using standard SAP Object.
Note! The screen prints in this article are from IDES Release 4.6. They may differ slightly in other versions.
Demo Example 1
LSMW to Update Customer Master Records with Transaction Recording
Call Legacy System Migration Workbench by entering transaction code LSMW. Every conversion task is grouped together as Project / Subproject / Object structure. Create a Project called LSMW_DEMO and a Subproject as CUSTOMERS and Object as CUST_REC as shown in Figure 1.
Figure 1 Conversion Task with Project, Subproject and Object
The main screen of LSMW provides wizard-like step-by-step tasks, as shown in Figure 2. To complete your data conversion, you need to execute these steps in sequence. Once a step is executed, the cursor is automatically positioned to the next step.
Note that these steps may look different depending upon your Personal menu settings. You could make step numbers visible by ‘Numbers on’ icon or hidden by ‘Numbers off’ icon. You can execute a step by double-clicking on the row. Toggle icon ‘Doubleclick=Display’ or ‘Doubleclick=Edit’, makes the step in ‘display’ mode or ‘change’ mode.
Figure 2 LSMW Wizard – initial screen
Step 1: Maintain Object attributes
In this example, you will be updating the customer master records with the help of recording a transaction (XD02). Choose radio button Batch Input Recording and click on the recording overview icon to record the R/3 transaction. Enter the Recording name as XD02_REC, the description as Customer Master Updates Recording, and the transaction code as XD02.
Figure 3 Object type ‘Transaction Recording’
The system calls the transaction code XD02 and prompts you to complete the Change
Customer transaction, as shown in Figure 4. Enter the key customer information (I entered customer number 1000, sales organization 1000, distribution channel 01, and division 00) and choose ‘Sales’ view within ‘Sales area data’. Make changes to these three fields (I entered, sales office 1010, sales group 110, and customer group 01) and save the transaction.
Figure 4 Transaction recording for Transaction Code ‘XD02’
Once the transaction is completed, R/3 records the flow of screens and fields and saves the information, as shown in Figure 5.
Figure 5 Transaction recording overview
Note that the fields are populated with default values. The values you entered when you recorded the transaction are set by default.
Note that if you have more fields in the recording than needed, you can remove them by clicking ‘Remove Screen field’ icon.
Observe that the transaction-recording process stores field names in a technical format. By pressing the F1 key on individual screen fields and then pressing the F9 key, the system displays technical names. You then can replace the technical names with descriptive names. Double-click on the field RF02D-KUNNR and enter the name as KUNNR and the description as Customer Account Number and remove the default value. (See Figure 6.)
Figure 6 Field attributes
Similarly, double-click on all other fields with default values and make appropriate changes. Once you have made changes, the recording overview screen looks like what you see in Figure 7.
Figure 7 Transaction Recording Overview – with screen field attributes
Save your changes. When you go back to the initial screen, you will see that the initial screen steps have changed. Since you want to import data via the BDC method, the Direct Input and IDoc-related steps are hidden, as they are not relevant.
Step 2. Maintain Source Structures
Give a name and a description to the source structure (Figure 8).
Figure 8 Source Structure
Step 3. Maintain Source Fields
In this step, you need to list what fields are present in the source structure. The easiest way is to click on ‘Table Maintenance’ icon to enter Fieldname, Type and Length for each field as shown in Figure 9.
Figure 9 Source fields of source Structure
Note that your input file will have four fields as key fields and you need to update three fields in the system.
Step 4: Maintain Structure Relations
Execute a step to ‘Maintain Structure Relations’. (See Figure 10.) Since, there is only one Source and Target Structure, the relationship is defaulted automatically.
Figure 10 Structure Relation
Step 5: Maintain field mapping and conversion rules
Field RF02D-D0310 represents that you chose ‘Sales view’ for the customer Master screen accordingly its value should be set to X. Keep your cursor on field RF02D-D0310 and click on Constant rule icon to choose the constant value of ‘X’.
If your source file already has the field value, you choose rule ‘Source Field’.
Keep cursor on field ‘KUNNR’ and click on ‘Assign Source field’ icon to choose source field CUSTOMER from structure XD02S as shown in Figure 11.
Figure 11 Assign source fields
Similarly, assign ‘Source Field’ rules to the remaining fields.
Once all the fields are mapped, you should have an overview screen as shown in Figure 12.
Figure 12 Field mapping and Conversion rules overview
Step 6: Maintain fixed values, translations, user-defined routines
You can also maintain re-usable translations and user-defined routines, which can be used across conversion tasks. In this case, that step is not required.
Step 7: Specify files
In this step, we define how the layout of the input file is. The input file is a [Tab] delimited with the first row as field names. It is present on my PC (local drive) as C:\XD02.txt. (See Figure 13.)
Figure 13 File attributes
Create an Excel file (Figure 14) with your data and save it as a Tab-delimited text file on your local drive (C:\) and name it XD02.txt.
Figure 14 Source data in Excel file (saved as Tab delimited file)
Step 8: Assign files
Execute step ‘Assign Files’ (Figure 15) and the system automatically defaults the filename to the source structure.
Figure 15 Assign file to Source Structure
Step 9: Read data
In this step, LSMW reads the data (Figure 16) from the source file (from your PC’s local drive). You have the option to read only selected rows and convert data values to Internal format.
Figure 16 Read Data
Step 10: Display read data
This step (Figure 17) is optional. If required, you can review the field contents for the rows of data read.
Figure 17 Display Read Data
Step 11: Convert data
This is the step that actually converts the source data (in source format) to a target format. Based on the conversion rules defined, source fields are mapped to target fields.
Step 12: Display Converted data
Again this is an optional step to view how the source data is converted to internal SAP format (Figure 18).
Figure 18 Display Converted Data
Step 13: Create batch input session
Once the source data is converted in an internal format, you can create a batch session to process updates (Figure 19).
Figure 19 Create Batch Input Session
Step 14: Run Batch Input Session
You can execute the BDC session by Run Batch input session. Executing a batch input session is a standard SM35 transaction for managing BDC sessions. Once you have successfully executed the batch input session, the customer master records are updated in the system. You can confirm this by viewing the customer master records (XD03).
Note! Browsing thru these 14 steps, you may get a feeling that this is a very lengthy and time-consuming activity. However, for the purposes of demonstration, I have made it detailed. Although it looks lengthy, actually it takes hardly few hours from start-to-finish! After playing around with few simple LSMW scripts, you will find it so easy to change and create more complex ones.
Demo Example 2
LSMW to Update Customer Master Records with Standard Object
As an alternative to using ‘Transaction Recording’, you could also use a standard SAP object to update Customer Master Records. Business Object ‘0050’ is already pre-defined in the system with standard Batch Input Interface Program ‘RFBIDE00’.
Create an Object CUST_OBJ within Project as LSMW_DEMO and Subproject as CUSTOMERS as shown in Figure 20.
Figure 20 LSMW Object with Standard SAP Object
Note! For the Demo example 2, I will list only those steps that are different from the first demo example.
Step 1: Maintain Object attributes
You will be updating the customer master records with the help of Standard Batch Input; therefore, choose radio-button Standard Batch/Direct Input as shown in Figure 21. Enter Object ‘0050’ for Customer Master records and default method ‘0000’ and click on Save.
Figure 21 Standard Batch/Direct Input Object Attributes
Step 4: Maintain Structure Relations
Sales view of Customer Master is stored in table KNVV. Accordingly, you need to update structure BKNVV. However, in addition, the Standard Object ‘0050’ also requires updates to BGR00, BKN00 and BKNA1 structures. (If you do not maintain Structure relations for mandatory entries, you might get a message such as ‘Target structure BKNA1 needs a relation to a source structure’.)
Even though you don’t want to update any fields in these structures, you need to create a relationship with source structures. In all, you need to create relationship for four target structures.
Create relationship between source structures XD02S with these target structures with icon ‘Create Relationship’ .
Keep Cursor on these four target structures and click on icon ‘Create Relation’ and structure relations are maintained as shown in Figure 22.
Figure 22 Structure Relation
Step 5: Maintain field mapping and conversion rules
-- Keep your cursor on ‘TCODE’ field and click on ‘Insert Rule’ icon
Figure 23 LSMW Conversion Rules
Choose radio button ‘Constant’ (Figure 23) to enter value ‘XD02’ transaction code.
-- Keep your cursor on field ‘KUNNR’ and click on ‘Assign source field’ icon
Choose source field ‘Customer’ from source structure ‘XD02S’. (See Figure 24.)
Figure 24 Assign Source fields
-- Similarly, choose source fields for Sales Organization, Distribution Channel, and Division. (See Figure 25.)
Figure 25 Field Mapping and Conversion Rules
-- Scroll down to structure BKNVV fields and assign source fields to three fields Sales Office, Sales Group, and Customer Group (Figure 26).
Figure 26 Field Mapping and Conversion Rules
Save and go back to main screen.
Step 12: Display Converted data
When you convert data, LSMW automatically converts into the appropriate structure layouts, as required by Standard program (RFBIDE00). (See Figure 27).
Figure 27 Converted data into multiple structures
Note that if you had only one record in source file, the converted file has four records.
Earlier, creating this input file, so that the standard interface program can read it, was a big nightmare, the primary reason being that it could have multiple record layouts. Even for a simple conversion with one input record, you would have to create this complex file with many record layouts. The advantage of LSMW is that it prepares these multi-layout files automatically.
Step 13: Create batch input session
Once source data is converted in internal format, you can create a BDC session to process the updates (Figures 28 and 29).
Figure 28 Create BDC Session
Figure 29 BDC Session ‘CUST_OBJ’ created
Summary
Once BDC session is processed successfully, SAP updates the customer master records with relevant changes. Review these specific customers (transaction code XD03) and confirm that the changes are correctly reflected in the master records.
Mitresh Kundalia heads SAP practice division at Quality Systems & Software (www.QSandS.com). QS&S helps companies achieve world-class performance by realizing their latent business and technological potential with emphasis on SAP systems. QS&S uses Industry-wide best-practices and proven implementation tools to integrate complex business processes with the SAP system. With an MBA degree in finance, Mitresh implements Financial and Logistics applications with specialization in Management reporting, Profitability Analysis, Information systems and Business Information Warehouse. He can be reached by e-mail at mitresh@QSandS.com.
XI Interview questions
Q1: What is SAP XI?
A1: SAP XI is a component of SAP NetWeaver and it runs on SAP Web Application Server (SAP Web AS). SAP XI enables ISVs to implement collaborative processes (A2A or B2B) using standards-based XML messaging.
Q2: What are the XI interface certifications that SAP offers?
A2: SAP offers XI Adapter (NW-XI-AF), XI Content (NW-XI-CNT), and XI Content based on Industry Standards (NW-XI-CNT-IS) certification for ISVs.
Q3: When should ISVs build an XI adapter?
A3: XI adapters provide an additional, specific technical protocol to facilitate communication with XI. SAP already provides many adapters such as SOAP, HTTP, RFC, Idoc, etc. Typically XI adapters are provided by EAI vendors for support of additional protocols. XI adapters must be implemented as resource adapters of the Java Connector Architecture 1.0 (JCA).
Q4: What do I need to build and test my XI adapter?
A4: You must have the SAP Partner Connectivity Kit (SAP PCK) to develop and test your XI adapter. Once you apply for XI Adapter certification, an ICC representative will put you in contact with the relevant group in SAP so that you can purchase the PCK license.
Q5: What is the SAP PCK?
A5: The SAP PCK provides a platform to development and test your own JCA resource adapter. The SAP PCK includes JCA sample adapter with source code, XML file for sample adapter metadata, and Java docs for adapter development.
Q6: What is XI content package?
A6: XI content facilitates integration scenario of a particular business process (A2A or B2B) via XI. The XI content package includes integration scenario, message definitions, interface definitions, and mapppings using XI integration builder tools. ISVs who plan on integrating their business application with SAP business applications via XI typically would go for XI content certification.
Q7: What is XI content package based on Industry Standards?
A7: SAP supports many industry standards such as RosettaNet (for High Tech), CIDX (for Chemical), ISA-S96 (for Manufacturing), STAR (for Automotive), etc. ISVs can select business processes defined by industry standards to build a content package via XI. ISVs who want to utilize industry standard on their integration scenario should go for XI content based on Industry Standards.
Q8: Where do I find more information about XI integration scenarios?
A8: Please go to XI interface page to learn more on XI Adapter certification.
Please go to XI Content interface page to learn more on XI Content certification.
Please go to XI Content based on Industry Standards interface page to learn more on XI Content based on Industry Standards certification.
Q9: Where can I get XI test system to build XI content package?
A9: ICC is hosted many SAP application systems including XI for ISVs remotely access to develop and test their XI content scenario. For more information on this service, please refer to Developer Package.
Q10: Can I become PBNW after the completion of XI certifications?
A10: It depends. If you complete the XI adapter certification successfully, you qualify for PBNW.
If you complete either XI content or XI content based on Industry Standards certification, you also need to complete the EP-BP certification to obtain PBNW.
A1: SAP XI is a component of SAP NetWeaver and it runs on SAP Web Application Server (SAP Web AS). SAP XI enables ISVs to implement collaborative processes (A2A or B2B) using standards-based XML messaging.
Q2: What are the XI interface certifications that SAP offers?
A2: SAP offers XI Adapter (NW-XI-AF), XI Content (NW-XI-CNT), and XI Content based on Industry Standards (NW-XI-CNT-IS) certification for ISVs.
Q3: When should ISVs build an XI adapter?
A3: XI adapters provide an additional, specific technical protocol to facilitate communication with XI. SAP already provides many adapters such as SOAP, HTTP, RFC, Idoc, etc. Typically XI adapters are provided by EAI vendors for support of additional protocols. XI adapters must be implemented as resource adapters of the Java Connector Architecture 1.0 (JCA).
Q4: What do I need to build and test my XI adapter?
A4: You must have the SAP Partner Connectivity Kit (SAP PCK) to develop and test your XI adapter. Once you apply for XI Adapter certification, an ICC representative will put you in contact with the relevant group in SAP so that you can purchase the PCK license.
Q5: What is the SAP PCK?
A5: The SAP PCK provides a platform to development and test your own JCA resource adapter. The SAP PCK includes JCA sample adapter with source code, XML file for sample adapter metadata, and Java docs for adapter development.
Q6: What is XI content package?
A6: XI content facilitates integration scenario of a particular business process (A2A or B2B) via XI. The XI content package includes integration scenario, message definitions, interface definitions, and mapppings using XI integration builder tools. ISVs who plan on integrating their business application with SAP business applications via XI typically would go for XI content certification.
Q7: What is XI content package based on Industry Standards?
A7: SAP supports many industry standards such as RosettaNet (for High Tech), CIDX (for Chemical), ISA-S96 (for Manufacturing), STAR (for Automotive), etc. ISVs can select business processes defined by industry standards to build a content package via XI. ISVs who want to utilize industry standard on their integration scenario should go for XI content based on Industry Standards.
Q8: Where do I find more information about XI integration scenarios?
A8: Please go to XI interface page to learn more on XI Adapter certification.
Please go to XI Content interface page to learn more on XI Content certification.
Please go to XI Content based on Industry Standards interface page to learn more on XI Content based on Industry Standards certification.
Q9: Where can I get XI test system to build XI content package?
A9: ICC is hosted many SAP application systems including XI for ISVs remotely access to develop and test their XI content scenario. For more information on this service, please refer to Developer Package.
Q10: Can I become PBNW after the completion of XI certifications?
A10: It depends. If you complete the XI adapter certification successfully, you qualify for PBNW.
If you complete either XI content or XI content based on Industry Standards certification, you also need to complete the EP-BP certification to obtain PBNW.
ASAP Methodology
SAP Stands for System Application Product in Data Processing
In 1972, five systems analysts began working nights and weekends to create standard software with real-time data processing. Twenty-five years later their vision is a reality: SAP is the world’s market and technology leader in business application software.
On April 1, 1972 five former IBM employees founded SAP as System analyse und Programmentwicklung (“Systems Analysis and Program Development”) in Mannheim, Germany. Their vision was to develop and market standard enterprise software which would integrate all business processes. The idea came to them through their work as systems consultants for IBM when they noticed that client after client was developing the same, or very similar, computer programs. The second part of their vision was that data should be processed interactively in realtime, and the computer screen should become the focal point of data processing.
AcceleratedSAP (ASAP) is SAP's standard implementation methodology. It contains the Roadmap, a step-by-step guide that incorporates experience from many years of implementing R/3. Along with that, AcceleratedSAP contains a multitude of tools, accelerators and useful information to assist all team members in implementing R/3. Quality checks are incorporated at the end of each phase to easily monitor deliverables and critical success factors. ASAP is delivered as a PC-based package, so that - if required - an implementation project can begin prior to having an R/3 System installed.ASAP road maps consists of five stage. These are Phase 1: Project Preparation, Phase 2: Business Blueprint, Phase 3: Realization, Phase 4: Final Preparation & Phase 5: Go Live and Support.
Phase 1: Project Preparation
In this phase of the ASAP Roadmap, decision-makers define clear project objectives and an efficient decision-making process. A project charter is issued, an implementation strategy is outlined, and the project team as well as its working environment are established. The first step is for the project managers to set up the implementation project(s). They draw up a rough draft of the project, appoint the project team and hold a kickoff meeting. The kickoff meeting is critical, since at this time the project team and process owners become aware of the project charter and objectives and are allocated their responsibilities, lasting throughout the project.
• The project manager is responsible for planning and carrying out the project.
• The application consultant creates the Business Blueprint by identifying the business process requirements, configures the R/3 System together with the business process team, transfers knowledge to the customer team members and assists the business process team with testing.
• The business process team lead at the customer site manages the work involved in analyzing and documenting the enterprise's business processes. This person directs and works with the business process team members, process owners, and users in order to develop the R/3 design, configure the system and validate the design. Furthermore, this person ensures that the R/3 implementation is tested and documented, and obtains agreement from both the business process owners and users.
• The technical team lead at the customer site is responsible for managing the completion of all technical project deliverables. The technical team lead works with the Project Manager to complete the technical requirements planning, and to plan and manage the technical scope and resources schedule. The technical team lead is also responsible for the overall technical architecture of the R/3 System.
• The development project lead is responsible for managing the definition, development and testing of necessary conversions, interfaces, reports, enhancements and authorizations.
• The R/3 system administrator is responsible for configuring, monitoring, tuning, and troubleshooting the R/3 technical environment on an ongoing basis, as well as performing checks, tasks, and backups within the technical environment, scheduling and executing the R/3 transport system and Computing Center Management System (CCMS). The R/3 system administrator manages and executes the R/3 installations, upgrades and system patches.
Phase 2: Business Blueprint
In this phase you document and define the scope of your R/3 implementation and create the Business Blueprint. The Business Blueprint is a detailed documentation of your company's requirements in Winword format. Application consultants and the Business Teams achieve a common understanding of how the enterprise intends to run its business withint he R/3 System, by carrying out requirements-gathering workshops.
Phase 3: Realization
The purpose of Phase 3 is to configure the R/3 System, in order to have an integrated and documented solution which fulfills your business process requirements.
In this phase, configuration of your system is carried out in two steps: Baseline and Final Configuration. The Baseline configuration is designed to configure about 80% of your daily business transactions and all of your master data, and organizational structure. The remaining configuration is done in process-oriented cycles. The Business Blueprint is used as the guide for the system configuration, done using the Implementation Guide, which will be described in detail in this chapter. After this, data transfer programs, as well as interfaces, need to be tested.
Phase 4: Final Preparation
The purpose of this phase is to complete the final preparation of the R/3 System for going live. This includes testing, user training, system management and cutover activities, to finalize your readiness to go live. This Final Preparation phase also serves to resolve all crucial open issues. On successful completion of this phase, you are ready to run your business in your productive R/3 System.
IIn Phase 4, your end users go through comprehensive training. The last step will be to migrate data to your new system. In particular a going-live check is carried out and an R/3 Help Desk set up.
Phase 5: Go Live and SupportNow you are ready to go live with your productive system! Afterwards, the project team focuses on supporting the end users, for which training may not be completed. It is also necessary to establish procedures and measurements to review the benefits of your investment in R/3 on an ongoing basis. Key SAP Services to support you in this phase include
In 1972, five systems analysts began working nights and weekends to create standard software with real-time data processing. Twenty-five years later their vision is a reality: SAP is the world’s market and technology leader in business application software.
On April 1, 1972 five former IBM employees founded SAP as System analyse und Programmentwicklung (“Systems Analysis and Program Development”) in Mannheim, Germany. Their vision was to develop and market standard enterprise software which would integrate all business processes. The idea came to them through their work as systems consultants for IBM when they noticed that client after client was developing the same, or very similar, computer programs. The second part of their vision was that data should be processed interactively in realtime, and the computer screen should become the focal point of data processing.
AcceleratedSAP (ASAP) is SAP's standard implementation methodology. It contains the Roadmap, a step-by-step guide that incorporates experience from many years of implementing R/3. Along with that, AcceleratedSAP contains a multitude of tools, accelerators and useful information to assist all team members in implementing R/3. Quality checks are incorporated at the end of each phase to easily monitor deliverables and critical success factors. ASAP is delivered as a PC-based package, so that - if required - an implementation project can begin prior to having an R/3 System installed.ASAP road maps consists of five stage. These are Phase 1: Project Preparation, Phase 2: Business Blueprint, Phase 3: Realization, Phase 4: Final Preparation & Phase 5: Go Live and Support.
Phase 1: Project Preparation
In this phase of the ASAP Roadmap, decision-makers define clear project objectives and an efficient decision-making process. A project charter is issued, an implementation strategy is outlined, and the project team as well as its working environment are established. The first step is for the project managers to set up the implementation project(s). They draw up a rough draft of the project, appoint the project team and hold a kickoff meeting. The kickoff meeting is critical, since at this time the project team and process owners become aware of the project charter and objectives and are allocated their responsibilities, lasting throughout the project.
• The project manager is responsible for planning and carrying out the project.
• The application consultant creates the Business Blueprint by identifying the business process requirements, configures the R/3 System together with the business process team, transfers knowledge to the customer team members and assists the business process team with testing.
• The business process team lead at the customer site manages the work involved in analyzing and documenting the enterprise's business processes. This person directs and works with the business process team members, process owners, and users in order to develop the R/3 design, configure the system and validate the design. Furthermore, this person ensures that the R/3 implementation is tested and documented, and obtains agreement from both the business process owners and users.
• The technical team lead at the customer site is responsible for managing the completion of all technical project deliverables. The technical team lead works with the Project Manager to complete the technical requirements planning, and to plan and manage the technical scope and resources schedule. The technical team lead is also responsible for the overall technical architecture of the R/3 System.
• The development project lead is responsible for managing the definition, development and testing of necessary conversions, interfaces, reports, enhancements and authorizations.
• The R/3 system administrator is responsible for configuring, monitoring, tuning, and troubleshooting the R/3 technical environment on an ongoing basis, as well as performing checks, tasks, and backups within the technical environment, scheduling and executing the R/3 transport system and Computing Center Management System (CCMS). The R/3 system administrator manages and executes the R/3 installations, upgrades and system patches.
Phase 2: Business Blueprint
In this phase you document and define the scope of your R/3 implementation and create the Business Blueprint. The Business Blueprint is a detailed documentation of your company's requirements in Winword format. Application consultants and the Business Teams achieve a common understanding of how the enterprise intends to run its business withint he R/3 System, by carrying out requirements-gathering workshops.
Phase 3: Realization
The purpose of Phase 3 is to configure the R/3 System, in order to have an integrated and documented solution which fulfills your business process requirements.
In this phase, configuration of your system is carried out in two steps: Baseline and Final Configuration. The Baseline configuration is designed to configure about 80% of your daily business transactions and all of your master data, and organizational structure. The remaining configuration is done in process-oriented cycles. The Business Blueprint is used as the guide for the system configuration, done using the Implementation Guide, which will be described in detail in this chapter. After this, data transfer programs, as well as interfaces, need to be tested.
Phase 4: Final Preparation
The purpose of this phase is to complete the final preparation of the R/3 System for going live. This includes testing, user training, system management and cutover activities, to finalize your readiness to go live. This Final Preparation phase also serves to resolve all crucial open issues. On successful completion of this phase, you are ready to run your business in your productive R/3 System.
IIn Phase 4, your end users go through comprehensive training. The last step will be to migrate data to your new system. In particular a going-live check is carried out and an R/3 Help Desk set up.
Phase 5: Go Live and SupportNow you are ready to go live with your productive system! Afterwards, the project team focuses on supporting the end users, for which training may not be completed. It is also necessary to establish procedures and measurements to review the benefits of your investment in R/3 on an ongoing basis. Key SAP Services to support you in this phase include
Thursday, November 29, 2007
CUA-Central User Administration
What is the easy and simple way of activating Central User Administration (CUA)via SCUA?
Customers that have implemented the Central User Administration in lower releases have had to read and skim through cookbooks and adhere to the different set-up procedures of the ALE landscape used to propagate the user data and input methods like UserClone in transaction WE20 (managing partner profiles), bearing in mind upper and lower cases for the different methods. There is good news for you.
The setup of CUA is now extremely simple and easy. All you have to do to activate the CUA, regardless of whether you want to set up a complete new CUA just add a new client to the CUA, is activate the CUA via transaction SCUA. So, no more fumbling in ALE configurations and partner profile management is needed! The process, in short, is as follows:
1. Log on to the new child system and create a communication user for the CUA. Assign this user a customer copy of the following two roles: SAP_BC_USR_CUA_CLIENT, SAP_BC_USR_CUA_SETUP_CLIENT. The latter can be removed from the communication user after CUA activation.
2. Create the RFC connection(s) between central system and client.
3. Create a new logical system for the CUA client.
4. Assign the logical system to a client .
5. Go into transaction SCUA, enter the logical system and save. This will generate the ALE distribution model including partner profiles.
6. If you configure a CUA newly from scratch you have to customize the field distribution in transaction SCUM.
7. Migrate new users into your CUA central using transaction SCUG. Let's look at the details and do it.
The CUA landscape we start with is as follows: We have a central system in client 100 on a Web Application Server stand-alone called TT1.
We have two child systems in client 200 and 300. Now, we want to add client 400. So, how do we start? Create the communication user on client 400.
So, we log on to client 400 and create the communication user via transaction SU01. This user has also been assigned the roles Z_SAP_BC_USR_CUA_CLIENT and Z_SAP_BC_USR_CUA_SETUP_CLIENT, which are custom copies of the pre-delivered SAP roles.
Now we have to create the RFC connection. To do this, we log onto the central system client 100 in system TT1 and go into transaction SM59. We maintain the technical settings for the RFC connection.
And we maintain the communication user in this RFC connection. What is the next step? To create a logical system for the new client 400. This is done in transaction SALE on the central system. Navigate to the menu path for logical systems and click on Define Logical System.
On the next screen enter a new value for TT1CLNT400 and save. Then, go back with the green arrow and double-click on Assign Logical System to Client. On the next screen double-click on client 400. Assign the logical system TT1CLNT400 to client 400.
Please note that the setup of the CUA landscape in our example spares us the burden of creating an RFC connection from the new daughter system client 400 back to the CUA central client 100, because we are in ONE system only, namely the TT1.
What is left to do?
Well, all you have to do now is go into transaction SCUA, add the new child system TT1CLNT400 there, and click on save. Let us do it. After you have saved your entries, you will see the following logs. So, activities you formerly had to do yourself like creation and generation of the ALE partner model and input of methods in the ALE model are now done AUTOMATICALLY for you.
If you have not configured it yet, you can now maintain the field distribution in transaction SCUM. This transaction allows you to configure on a field level where you want to allow fields of the user master record to be maintained. Optionally you can just take the SAP defaults. So there is nothing to configure in transaction SCUM. The defaults will be distributed when you activate the CUA with transaction SCUA.
Then, you can migrate the users from child system 400 into the central system 100 using transaction SCUG. For more information on CUA and how to implement
it please take a look here: SAP Security Homepage" -> Security in Detail -> Identity Management -> Centralized Administration -> Cookbook: Central User Administration (Web AS ABAP 6.20 or higher release)
Hopefully, this weblog has shown how easy it has become to implement CUA. The crucial transaction SCUA has been powerfully enhanced, so that you are spared the burden of a lot of manual configuration. I hope you enjoy implementing CUA.
Subscribe to:
Posts (Atom)