Hi Ram
Have you read up on the documentation for the S_DEVELOP authorisation object?
Regards
Colleen
↧
Re: Disable changing variables during debug for a specific program
↧
Re: Disable changing variables during debug for a specific program
Hi,
you can't disable change in debugger for subset of programs. In this case you have all or nothing. So unless you remove change in debugger from all users then you can't achieve this with authorization. Even if you could do that, a user with access to change in debugger can assign temporary role to itself that gives him authorization. A person with access to change in debugger is unstoppable.
I believe that there is no way how to achieve this in code. From simple reason if you were able to somehow prevent execution of this program in code then I as a developer I would make a copy of this program and remove those parts that prevent me to debug it. There also used to be a trick to wrap critical part in macro but that can be bypassed as well.
Cheers
↧
↧
Re: Disable changing variables during debug for a specific program
If it is an isolated program in development systems only, then you can legitimately hard code a few things as that is your exact requirement.
Use Macros to DEFINE a sy-sysid check and use statement STOP in the marco. Add a few global variables to the code in the macro as well and comments as warnings... :-)
That should do the trick. SAP does the same.
Else...
If sy-debug ='X' then STOP anyway.
However you must prevent the developers from using the system debugger and GOTO statement function to skip over the macro.
If you cannot control that, then you also cannot control them from changing the program either.
In that case you must restrict their authorizations to object names or isolate the coding to a package which blocks the debugger.
Hard call! You cannot realistically restrict someone who can insert code into a running program or system.
Cheers,
Julius
↧
Re: Disable changing variables during debug for a specific program
What if they don't have ACTVT '01' for the debugger and only '02' for their own packages?
Then they must write and F8 a new program which edits the protected one, so it can be caught in the ABAP Editor exit.
Force them to make noise and use alerts on the syslog to make noise... :-)
If developers read code and comments which tells them to bugger off then they don't voluntarily go looking for trouble IMO.
Or we can dig deeper than ACTVT '01' to make noise....
Noise for (bad) developers is better than prevention.
Cheers,
Julius
↧
Re: Disable changing variables during debug for a specific program
If sy-debug ='X' then STOP anyway.
It's development and they are developers then communication/warning - do not debug this is required
But taking your idea a nice message of "Did you miss the memo? You better have a good reason when I hunt you down"
But even then, there is nothing stopping the developer from copying the code to a new program name and claim they are "prototyping"
↧
↧
Re: Authorisation issue with T-code CA85 N for mass update
Hi Varun,
Mass change transactions for routing won't let you change unless you enter a change number (ECN) if they have already been changed with an ECN. But CA02 does not have that checking feature.
You can use LSMW for batch recording if you want. Please find the link below which has step by step method.
Regards,
Deepanshu Sharma
↧
Re: User is getting locked everyday
Hi
It could be RFC, SSO setting which are making this lock, run a trace and it should give you the clue what exactly happening out.
Regards,
Deepanshu Sharma
↧
Re: Authorisation issue with T-code CA85 N for mass update
Thanks a lot, very helpful!
↧
Re: Disable changing variables during debug for a specific program
There are ways of controlling permitted calling programs and you can go a long way protecting that against unsuspecting developers, but I think we need to understand here why this program should not be able to be debugged in a development system.
What is really the goal which Ram is trying to achieve here? Protect some secret algorithm from being displayed? Prevent the program from executing? Prevent the program from being changed? Protect the program completely against the ABAP editor tools?
It might even be best to take this code out of the ABAP environment and rather start it as an external program - like SAP does with C-functions or TCP/IP destinations.
Cheers,
Julius
↧
↧
Re: Dynpro recording option in RAL not working
Hello Patrick,
Thanks for for your prompt resposne.
I have tried to record the field only after Starting the recordning. SAP GUI is 7.30 patch level 2. Still I am unable to record. I am able to record Web dynpro recordning without any issues. Is there anything else I need to check?
Regards,
Prabhu K
↧
RSEOUT00 - CUA Child system disconnecting.
Is RSEOUT00 mandatory while disconnecting a child system from CUA. Please help me in understanding? I'd always done this while disconnecting CUA with one of the clients (organization) I worked for. However today, when I and my colleagues were discussions, one of them suggested that he had never done this step, for the client (organization) he worked for. Is there an alternative to RSEOUT00?
↧
Re: RSEOUT00 - CUA Child system disconnecting.
to delete the cua then you have to use rsdelcua report.
more infor on the report RSEOUT00
399271 - CUA: Tips for optimizing ALE distribution performance
↧
Re: Dynpro recording option in RAL not working
Hi Prabhu,
if you did enable the recording with the same user, you did use to also record the field, I would suggest to open a message with SAP. I haven't checked with an 7.31 SP9 system but with my 7.40 SP5 system it works as described.
Regards,
Patrick
↧
↧
Re: User is getting locked everyday
We are in the process of upgrading our BO system and I believe it is since we started with our upgrade that we are getting the following dump:CALL_FUNCTION_SIGNON_INCOMPL and the error analysis is:The logon data for the user " " is incomplete.
And this is the server side calling information:
Information on caller of Remote Function Call (RFC):
System.............. "########"
Installation Number. "##########"
Database Release.... 720
Kernel Release...... 720
Connection Type..... "E" (2=R/2, 3=ABAP System, E=Ext., R=Reg.
Call Type........... "synchronous and non-transactional (emode
Inbound TID.........." "
Inbound Queue Name..." "
Outbound TID........." "
Outbound Queue Name.." "
Client.............. "###"
User................ "############"
Transaction......... " "
Call Program........."WIReport"
Function Module..... "RFCPING"
Call Destination.... "<unknown>"
Source Server....... "BOPRODZONE"
Source IP Address... "172.31.11.165"
But there are no publications scheduled in 11.165 so what exactly is happening?
↧
Re: Composite roles not visible after refresh
Hi,
Are you asking for Release ? If yes, we are on 7.01.
Thanks,
Sankar.
↧
Re: Composite roles not visible after refresh
You are correct - ALV on user tab in PFCG came with 7.31.
SU01 already had such filters long before.
So just delete the filter...
↧
Re: Composite roles not visible after refresh
Hi,
Could you please let me know how to delete those filters.
Thanks,
Sankar.
↧
↧
Re: Composite roles not visible after refresh
There is a button with the label "Delete Filters" in the task bar. If you click on it, then.... elevator music is started on your PC and Bugs Bunny runs around on the monitor.
Cheers,
Julius
↧
Re: User is getting locked everyday
Hello Shalaka,
The RFCPING FM might have been called when someone tests the connection from the source IP. Please try resetting the password and maintaining it in the logon information of the RFC destination of the source system. Try connecting again.
For security reasons your RFC user used for the connection should be of type system and not service unless there is some technical reason for using this type.
Regards,
Subbu
↧
Re: Display/Edit the CRM transaction based on status value selected in status field
Can anybody answer this query
Thanks
Shaik
↧