Using Google Chrome?

Download my
free Chrome Extension, Power Notes Searcher, to make searching for and evaluating SAP notes, much easier.

Wednesday, February 27, 2013

Java VM 5.0 Default Heap Size

If you have Java 5.0 (1.5), you may wish to know the default heap size for a JVM.
If you don’t specify -Xmx or -Xms to control the heap size, then the defaults are used.

They are described in detail in the strangely title “Ergonomics in the 5.0 Java Virtual Machine” page here:

The page states:
"In the J2SE platform version 5.0 a class of machine referred to as a server-class machine has been defined as a machine with
2 or more physical processors
2 or more Gbytes of physical memory

On server-class machines by default the following are selected.
Throughput garbage collector
Heap sizes
initial heap size of 1/64 of physical memory up to 1Gbyte
maximum heap size of ¼ of physical memory up to 1Gbyte
Server runtime compiler

So if you have a “server class” machine, you could expect your Java 5.0 JVM to utilise a maximum of 1GB of heap with no tuning (-Xmx & -Xms).

Although it’s not very clear, it seems that a non-“server class” machine would allocate the same as a Java 1.4.2 virtual machine:

"In the J2SE platform version 1.4.2 by default the following selections were made
Serial garbage collector
Heap sizes
initial heap size of 4 Mbyte
maximum heap size of 64 Mbyte
Client runtime compiler

Therefore, a maximum of 64MB of heap would be utilised.

I don’t know if a single dual core CPU is recognised as a “server class” machine, but you can find out what your Java version thinks your machine is by running:

> java -help
Usage: java [-options] class [args...]
(to execute a class)
or java [-options] -jar jarfile [args...]
(to execute a jar file)

where options include:
-d32         use a 32-bit data model if available
-d64         use a 64-bit data model if available
-client       to select the "client" VM
-server      to select the "server" VM
-hotspot    is a synonym for the "client" VM [deprecated]
                 The default VM is server,
                 because you are running on a server-class machine

-cp <class search path of directo....

As you can see, the output tells you that it thinks you are running on a “server class” machine.

Either way, it’s probably best to use the “-server” command line option to be sure, plus the “-Xmx” option to restrict memory usage if you don’t need a whole 1GB heap.

Wednesday, February 20, 2013

HowTo: Restrict and remove DEBUG from SAP Roles

Scenario: Having access to the debugger ("/H") in SAP, could provide the user the capability of circumventing authorisation checks and allowing access to data or modification of data.
You need to restrict or remove access to the debugger in the SAP roles.

The S_DEVELOP authrisation object controls access to the debugger.
You can locate the roles that contain the S_DEVELOP authorisation object using the SUIM report "Roles by Authorisation Values".

You should edit all user assigned roles that contain S_DEVELOP and ensure that it is set to include a range of values for field "Object Type", that excludes the DEBUG value:

4 to DE
Z to $TM

i.e. missing out DEBUG.

NOTE: The above is based on SAP R/3 4.7.

This will prevent access to the debugger.

Wednesday, February 13, 2013

HowTo: List all SAP transaction codes in roles

Scenario: As part of your internal auditing or general processes, you require a list of all transactions that are assigned to roles.

At first thought, this may be easy. You could try to use the SUIM transactions, but you will find that you are only able to list one role at a time and you are not able to see all transactions assigned to all roles in one display.
The only way that you can easily do this is either using the SAP internal query tools (such as quickviewer) or via the database tools directly.

Since SAP do not recommend accessing the database directly, it makes sense to use the SAP tools already provided.
If you do choose the direct database method, then you will need to know that the query you would need will look something like this:

SELECT agr_name,
  FROM agr_1251
 WHERE agr_name = '<YOUR ROLE NAME>'
   AND object='S_TCODE';

We will use the SAP quickviewer (transaction SQVI) as this is the preferred method.
Unfortunately, the transaction has a downside, in that you can’t transport the query directly.
Instead, it’s possible to generate a program from the query, copy it and create your own “Z” report that you can transport.

In transaction SQVI, create a new query called “TCODES_IN_ROLE” or whatever you think is an appropriate name:

Add a description for the query and then add the fields:

Role Name (AGR_1251-AGR_NAME)
Authorization Value (AGR_1251-LOW)
Authorization Value (AGR_1251-HIGH)
Auth Object in User Master Maintenance (AGR_1251-OBJECT)

SAP transaction codes in roles

You can adjust the sort sequence on the “Sort Sequence” tab if you wish.

On the “Selection fields” tab, you can indicate which fields the user is able to use to narrow the query selection (set the predicates).

Save the query and then execute:

SAP transaction codes in all roles

On the previous screen, the option to generate the program exists:

Listing SAP transaction codes in roles

Choose the “Display report name” option (shown on the menu selection above) to then display the subsequently generated program name:

Now display the report source code in SE38:

You can now copy the report to your own “Z” report and modify as required.
This can then be transported.

WARNING: Since this report exposes detailed information on the structure of your roles, you should ensure that you secure it by assigning it to an authorisation group accordingly.

Monday, February 11, 2013

Broken 2,000 page views per month!

Just a quick note to say thanks to all readers who have recommended this site, my posts and articles, commented or just browsed.  I'm glad that it has served so many people and I've really enjoyed seeing the reader count increase over the past months.

I've finally made it past the 2,000 page views per month target after only 18 months of being an active blogger.  I'm now hoping to hit 5,000 in the next 6 months...

If you have found this site helpful, then help others find it by clicking the Google +1 link on posts, or linking on your own blog site or Linkedin or Facebook.

Many thanks,


Wednesday, February 06, 2013

HowTo: Cancel Large Message Stuck in SAP PI/XI Queue

Scenario: You have a large message that is stuck in the INBOUND (XBTS*) queue of an integration server (maybe an ABAP proxy).
(This solution is based on SAP note 688147).

The message is visible in transaction SMQ2 (inbound queue) for a few hours/days/months:

and it’s consuming significant resources, visible in SM50:

You may also be blowing the ICM http buffer, visible in the SMICM log file:

But, you can’t cancel the message in SXMB_MONI, as it is still scheduled on the QUEUE (“still scheduled in queue XBTS*”):

SAP notes state that you should NEVER delete messages directly from SMQ1 or SMQ2 as this leaves the messaging system in an inconsistent state.

What to do? What to do?

Instead, in this exceptional case, you can delete the message in SMQ2. This will prevent it retrying.
Once you’ve done this, you can then use report RSXMB_CHECK_MSG_QUEUE to restore the messaging system integrity by resetting the original message status to cancel it.

Delete the entry from the queue:

Now execute the report RSXMB_CHECK_MSG_QUEUE:

Ensure that you enter the specific message ID, then enter the PIPELINE ID (same as that shown in column PIPELINE in SXMB_MONI), select all status to search for and then select TEST RUN:

The log should show that it will flag 1 message for archiving (“No QRFC entry found. Message flagged for archiving”):

Now go back and re-execute the program with “Test Run” un-checked:

You will be prompted to cancel selected messages:

The log will show:

SXMB_MONI now shows the message is “Cancelled Manually”: