Using Google Chrome?

Download my
free Chrome Extension, Power Notes Searcher, to make searching for and evaluating SAP notes, much easier.

Recent Posts

Monday, October 29, 2012

Values for SAP Auth Objects F_REGU_BUK and F_REGU_KOA

Whilst configuring some new read-only SAP roles for FICO access, I was struggling to find the desctiptions for the actions for authorisation objects F_REGU_BUK and F_REGU_KOA   values for FBTCH (Action for Automatic Procedure).

I found that these were actually viewable in transaction F110, then on menu select “Environment -> Authorizations”.

A popup is displayed with the following legend:

Key Action
02 Edit parameters
03 Display parameters
11 Execute proposal
12 Edit proposal
13 Display proposal
14 Delete proposal
15 Create payment medium proposal
21 Execute payment run
23 Display payment run
24 Delete payment run payment dat
25 Create payment media of paymen
26 Delete payment orders of payme
31 Print payment medium manually

For a read-only role, I would recommend only actions 03,13,23 and possibly 31 (in case the electronic BACS payment method breaks).

Monday, October 22, 2012

All Reports & Transactions Under SUIM

The list below is useful if you are constructing a roll to house the SUIM capabilities:

Users by System S_BIE_59000198
Users by Roles S_BIE_59000199
Users by Profiles S_BIE_59000197
Users by Address Data S_BCE_68001393
Users by Complex Selection Criteria S_BCE_68001400
By user ID S_BCE_68001394
By Role S_BCE_68001399
By Profiles S_BCE_68001395
By Authorizations S_BCE_68001396
By Authorization Values S_BCE_68001397
By Transaction Authorizations S_BCE_68001398
By Critical Combinations of Authorizations at Transaction Start S_BCE_68001401
With Unsuccessful Logons S_BCE_68001402
By Logon Date and Password Change RSUSR200
List of Users With Critical Authorizations S_BCE_68001403
With Critical Authorizations (New Version) S_BCE_68002111

Roles by Complex Selection Criteria S_BCE_68001425
By Role Name S_BCE_68001418
By User Assignment S_BCE_68001419
By Transaction Assignment S_BCE_68001420
By MiniApp S_BIE_59000249
By Profile Assignment S_BCE_68001421
By Authorization Object S_BCE_68001422
By Authorization Values S_BCE_68001423
By Change Dates S_BCE_68001424

Profiles by Complex Selection Criteria S_BCE_68001409
By Profile Name or Text S_BCE_68001767
By Profiles Contained S_BCE_68001404
By Authorizations S_BCE_68001405
By Authorization Values S_BCE_68001406
By Last Change S_BCE_68001407
By Role S_BCE_68001408

Authorizations by Complex Selection Criteria S_BCE_68001417
By Object S_BCE_68001414
By Values S_BCE_68001415
By Last Change S_BCE_68001416

Authorization Objects by Complex Selection Criteria S_BCE_68001413
By Object Name, Text S_BCE_68001410
By Object Class S_BCE_68001411
By Field, Text S_BCE_68001412

Executable Transactions (All Selection Options) S_BCE_68001429
Executable for User S_BCE_68001426
Executable for Role S_BCE_68002041
Executable with Profile S_BCE_68001427
Executable with Authorization S_BCE_68001428

From users S_BCE_68001430
from Roles S_BCE_68001777
From profiles S_BCE_68001431
From authorizations S_BCE_68001432
In Users S_BCE_68001399
In Users S_BCE_68001395
In Roles S_BCE_68001421
In Composite Profiles S_BCE_68001404
In Users S_BCE_68001396
In Profiles S_BCE_68001405
In Users S_BCE_68001397
In Roles S_BCE_68001423
In Profiles S_BCE_68001406
In Authorizations S_BCE_68001415
In Programs S_BCE_68002030
For Users S_BCE_68001439
for Role Assignment RSSCD100_PFCG_USER
For Roles RSSCD100_PFCG
For Profiles S_BCE_68001440

For Authorizations S_BCE_68001441

Tuesday, October 16, 2012

How to Patch an Oracle Database Under SAP

Are you thinking of patching an Oracle database which sits under an SAP system?
If you have a specific bug and you've identified the Oracle patch number that fixes the bug, you'd be tempted to just download the patch from Oracle.

According to SAP, you should not download any patches from Oracle directly.  As you know, the Oracle binaries themselves are slightly different for an SAP system.
Instead, if you have the Oracle patch number, search through the README files that come as part of the SAP Bundle Patch (SBP) for Oracle downloads located on the marketplace: http://service.sap.com/oracle-download  to see if the Oracle patch is included in the bundle patch.

If you can't see it in there, then it may be worth asking SAP to clarify if/when they may include it in the next bundle patch.
Each bundle patch is released monthly, but it may not mean that relevant Oracle patches older than a month are included in the bundle.

The bundle patches themselves are cumulative, so you only need to apply the latest one.  It includes specific Oracle patches, plus a CPU patch (dependent on the date/time of the released SBP).

Remember to re-check the SAP notes about Oracle database parameters after applying SBPs, since SAP usually update the notes at each SBP release, to include any relevant _fix_control or event parameter settings.

Thursday, October 11, 2012

Recover Oracle DB With Missing DataFiles or Missing UNDO or Multiple ResetLogs Issue

If you have run through the Create ControlFile script method (why are you still using this and not the NID utility!!?) but it failed because you were missing one of the datafiles, then you will struggle to open and resetlogs the database due to Oracle errors.
You will then retry the process (maybe with the correct datafiles in place this time) and it will fail because you've run resetlogs too many times and the datafiles are all out of sync with the incarnation of the database.

The post also assumes that one of the missing datafiles is required for your UNDO tablespace.

This post is based on the post here: http://dbakevin.blogspot.co.uk/2011/02/simulate-one-ora-01161-solving-for-ora.html  and will guide you through the process of getting the database back, provided you now have the required datafiles in place (you don't have to have them, but it would be good if you did).

1, Delete all existing database control files at the operating system level.
These control files are useless to us as they contain the new DB name and sequence numbers, but we can't use them as we will have to re-run the CREATE CONTROLFILE statement.

2, Change the DB init file to use rollback segments (as you have no automatic UNDO without your undo tablespace) and allow resetlogs to corrupt the database, by putting the following in the init<SID>.ora:

undo_tablespace='SYSTEM'
undo_management='MANUAL'
_allow_resetlogs_corruption=true
_corrupted_rollback_segments=(_SYSSMU1$,_SYSSMU2$,_SYSSMU3$,_SYSSMU4$,_SYSSMU5$,_SYSSMU6$,_SYSSMU7$,_SYSSMU8$,_SYSSMU9$,_SYSSMU10$,_SYSSMU11$,_SYSSMU12$,_SYSSMU13$,_SYSSMU14$,_SYSSMU15$,_SYSSMU16$,_SYSSMU17$,_SYSSMU18$,_SYSSMU19$,_SYSSMU20$)


3, Edit the CREATE CONTOLFILE SET DATABASE “<SID>” script to comment out ALL tablespaces except SYSTEM.
This will allow us to create a basic database will rollback.

4, Create the database using the CREATE CONTROLFILE script as you would have done previously.

5, Alter database open resetlogs.

6, Re-name all “MISSING” datafiles based on FILE_ID taken from production.
NOTE: If you don't know this information (file_id to filename mapping), then you will become very stuck.

alter database rename file '/u01/app/oracle/product/10.2.0/db_1/dbs/MISSING00004' to '/u01/app/oracle/oradata/day/users01.dbf';

7, Bring all “MISSING” data files online (first attempt):
alter database datafile 4 online;

You will see:

ERROR at line 1:
ORA-01190: control file or data file 4 is from before the last RESETLOGS
ORA-01110: data file 4: '/u01/app/oracle/oradata/day/users01.dbf'


8, Shutdown immediate.

9, Startup mount.

10, Recover until cancel.

11, Bring all “MISSING” data files online (again):
alter database datafile 4 online;

12, Alter database open resetlogs.

13, Re-Create UNDO tablespace as per the previous specifications (take the spec from production) (maybe use REUSE command so it doesn’t need to create the file) . Use the same file name as before.

14, Shutdown IMMEDIATE.

15, Adjust the init<SID>.ora to re-add the UNDO tablespace and remove the entries that you added in step #2.

16, Startup.

Thursday, October 04, 2012

SAP Authorisation Objects Naming Convention

The first letter of SAP authorisation objects is intelligently coded to represent the SAP module for which it belongs:
e.g. F_KNA1_BUK

A   Assets Accounting
C   Classification System
E   Consolidation
F   Financial Accounting
G   Special Ledger
K   Controlling
L   Logistic execution
M   Materials Management
P   Human Resources
S   Basis
V   Sales and Distribution


If the second character is an underline, then this indicates this authorisation object is a SAP standard one.

Use transaction SU03, SU21 or table TOBJ, to list the authorisation objects in the system and drill-down into the authorisation fields and their possible values.

If using the tables, you may need the other related tables to pull the texts: TOBJ, TOBC (classes), TOBJT.