Successfully Implementing SAP

7/28/2019 Successfully Implementing SAP

http://slidepdf.com/reader/full/successfully-implementing-sap 1/28

Successfully Implementing SAP

Implementing a package can be a traumatic affair for both the customer and the vendor. Get it wrong and thevendor may get paid late or have to resort to lawyers to get paid and tarnish their reputation. For the company thnew package may not work the way they expected, be late or cost a more than budgeted for and take managemenwill take their eye off running their business.

Recently a client asked me what I would consider to be the five most important things one should consider beforeembarking on an implementation. This isn't a simple question, although there are many factors to think about af

some consideration for me the top five are way ahead of the others.

My top five factors to consider would be:

1. Set up a Project Board,2. Secure the resources,3. Complete the GAP Analysis,4. Have detailed Cut Over Plans,5. Train the users.

Taking each one in turn:

The Project Board The correct set up and operation of the Project Board in my view is major factor in the success failure of the project. The Project Board will consist of the stakeholders, key users and the vendor. The Project Board is partthe governance of the project. The Project Board will meet regularly to ensure that the project plans are createdand being executed as planned, moves from stage to stage with all the deliverables being signed off is resourced properly.

The Resources Three types of resources are absolutely necessary -- end users, change team and technicians.

Early involvement by the end users is absolutely necessary, as they will be the ones living with the system for hopefully many years to come. They will want to feel involved in its implementation. Buy in from the end userof the system is absolutely essential if the system is to have a long and stable life in any organisation.

The Change Team will identify the gaps between the package and the business requirements, re-engineer some othe businesses process to cope with the package, train the users to ensure implementation is smooth as possible inthe business.

The Technical Team will prepare the systems environment for the package, apply any software fixes from thevendor, implement the software in the best way possible for the organisation set up and tune the software for the particular technical environment.

GAP Analysis A through gap analysis will identify the gaps between how the business operates ad its needs against what the package can can't do. For each gap there will be one of three outcomes which must be recorded and actioned, Gmust be closed and customised software can be developed close the gap, GAP must be closed but software canno be written therefore a workaround is required, GAP does not need to be closed.

In simple terms: Gap means small cracks. In SAP world. In information technology, gap analysis is the study of differences between two different information systems or applications( ex; existing system or legacy system withClient and new is SAP), often for the purpose of determining how to get from one state to a new state. A gap issometimes spoken of as "the space between where we are and where we want to be." Gap analysis is undertaken



a means of bridging that space.Actual gap analysis is time consuming and it plays vital role in blue print stage.

Cut Over Plans Detailed plans need to be developed for cutting over from the old system(s) to the new. Parallel runs of what wihappen over the conversion period using test data, convert and watch for a period after wards to ensure nothingunexpected happens.

Train Users Well trained users will support and defend the system on site. Unsupportive users will continually undermine thesystem and eventually it will be replaced. Therefore the more effort you put into helping the users master thesystem early the better.

Difference between the User Exit & Gap analysis.

Both are quiet a different and has a small relation.

User exits are standard gate ways provided by SAP to exit the standard code and we can write our own code withthe help of ABAP workbench. its not new functionality which we are trying to build in sap but its slightenhancement within the same code.

Gap analysis is start point of Realization and once blue print is finished we have to find the realization of sapsystem for client requirment and there will be certain gaps when compared to system fit. Those gaps can be closeeither by re-engineering of business process to fit with SAP or we have to use USER exits in case of smalldeviations or complete enhancements with the help of ABAP to fit with the SAP syste

Roles and Responsibilities of End Users

What is the Difference between Consultant & End users?

SAP consultant role is to build the system, changes & modification/updation in currently installed SAP system fo

the end users.

SAP End user only use the SAP system just to fetch some info, or to create new thing. So a end user is just usingthe final product which it is meant for and consultnat design the product/updation and modification.

The roles and responsibilities of end users is working in easy access menu they will not have authorizations of using img settings if they get doubt they will send query to the implemented company and just entering day to datransactions.

Roles and Responsibilities of End User:

Using the software at the end or after the implementation is an End User.

In sap HR , we do come across entire Org Management creation by an end user after the Personnel strucutre iscreated. OM objects like creation of Org Unit means functional area or dpt , creation Job and Position and itsoccupancy is with in the limits of an enduser. Initiallly the OM is created by sap consultant . In course of time anew department has appeared in the company of the client .. this has to be created by the enduser rather thandepending up on the implementor... similarly new job and position..like this small things are always done by theenduser.

The entire work of OM is purely depends upon the enduser.



After from this running periodical payroll and Ensuring of the Time schedules ( Work Schedules) of each employis done from sap easy access by an enduser and the show run of payroll everymonth is by the enduser only. Likethis lot of roles are there for an end user.

Whatever the problems come across during the enduser utilisation of sap ...that will reach as ticket to the supportteam

What is SAP Landscape?

By: Kunal

Landscape is like a server system or like a layout of the servers or some may even call it the architecture of theservers viz. SAP is divided into three different lanscape DEV, QAS and PROD.

- DEV would have multiple clients for ex: 190- Sandbox, 100- Golden, 180- Unit Test.- QAS may again have mutiple clients for ex: 300- Integration Test, 700 to 710 Training.- PROD may have something like a 200 Production.

These names and numbers are the implementer's discreet on how they want it or they have been using in their previous implementations or how is the client's business scenario.

Now whatever you do in the Sandbox doesn't affect the other servers or clients. Whenever you think you aresatisfied with your configuration and you think you can use it moving forward, you RE-DO it in the golden client(remember, this is a very neat and clean client and you cannot use it for rough usage). As you re-do everything thyou had thought was important and usable, you get a transport request pop up upon saving everytime. You save iunder a transport request and give your description to it. Thus the configuration is transported to the Unit Test cli(180 in this example).

You don't run any transaction or even use the SAP Easy Access screen on the 100 (golden) client. This is aconfiguration only client. Now upon a successful tranport by the Basis guy, you have all the configuration in theTesting client, just as it is in the Golden client. The configuration remains in sync between these two clients.

But in the Testing client you can not even access SPRO (Display IMG) screen. It's a transaction only client wheryou perform the unit test. Upon a satisfactory unit test, you move the good configuration to the next SERVER (DEV). The incorrect or unsatisfactory configuration is corrected in Golden (may again as well be practised in thesandbox prior to Golden) and accordingly transported back to 180 (Unit Test) until the unit test affected by that particular config is satisfactory.

The Golden client remains the 'database' (if you wanna call it that) or you may rather call it the 'ultimate' referencclient for all the good, complete and final configuration that is being used in the implementation.

In summary:

1. Sandbox server: In the initial stages of any implementation project, You are given a sandbox server where youall the configuration/customization as per the companies business process.

2. Development Server: - Once the BBP gets signed off, the configuration is done is development server and savein workbench requests, to be transported to Production server.

3. Production Server: This is the last/ most refined client where the user will work after project GO LIVE. Anychanges/ new develpoment is done is development client and the request is transported to production.

These three are landscape of any Company. They organised their office in these three way. Developer develop th program in Development server and then transport it to test server. In testing server tester check/test the program

and then transport it to Production Server. Later it will deploy to client from production server.



Presentaion Server- Where SAP GUI have.Application Server - Where SAP Installed.Database Server - Where Database installed.

An Introduction to SAP

SAP was founded in 1972 in Walldorf, Germany. It stands for Systems, Applications and Products in DataProcessing. Over the years, it has grown and evolved to become the world premier provider of client/server business solutions for which it is so well known today. The SAP R/3 enterprise application suite for openclient/server systems has established a new standards for providing business information management solutions.

SAP product are consider excellent but not perfect. The main problems with software product is that it can never be perfect.

The main advantage of using SAP as your company ERP system is that SAP have a very high level of integrationamong its individual applications which guarantee consistency of data throughout the system and the companyitself.

In a standard SAP project system, it is divided into three environments, Development, Quality Assurance and

Production.

The development system is where most of the implementation work takes place. The quality assurance system iswhere all the final testing is conducted before moving the transports to the production environment. The productsystem is where all the daily business activities occur. It is also the client that all the end users use to perform thedaily job functions.

To all company, the production system should only contains transport that have passed all the tests.

SAP is a table drive customization software. It allows businesses to make rapid changes in their businessrequirements with a common set of programs. User-exits are provided for business to add in additional sourcecode. Tools such as screen variants are provided to let you set fields attributes whether to hide, display and makethem mandatory fields.

This is what makes ERP system and SAP in particular so flexible . The table driven customization are drivingthe program functionality instead of those old fashioned hard-coded programs. Therefore, new and changed business requirements can be quickly implemented and tested in the system.

Many other business application software have seen this table driven customization advantage and are nowchanging their application software based on this table customizing concept.

In order to minimized your upgrading costs, the standard programs and tables should not be changed as far a

possible. The main purpose of using a standard business application software like SAP is to reduced the amount time and money spend on developing and testing all the programs. Therefore, most companies will try to utilizedthe available tools provided by SAP.

SAP Load Balancing

The benefit of segregating user groups by line-of-business (using logon groups) is related to the point that groupsusers (like SD users or HR users, for example) tend to use the same sets of data. They (generally) work with thesame groups of tables and hit the same indexes using the same programs (transactions).



So, if you can group all of the users hitting the same tables, onto (or one set of) App server(s), then you can tune App server buffers to a much greater extent. If the FI users (generally) never hit against the HR tables then the Aservers in the FI group don't (generally) have to buffer any HR data. That leaves you free to make memory and buffer adjustments to a more drastic extent, because you don't have to worry (as much) about screwing the HR us(as an example), when you're adjusting the FI server group.

So, (in opinion only) you should start with a buffer hit ratio analysis / DB table & index access analysis (by user group) to see where you would get the best benefit from this kind of setup. If you don't have this kind of info, thecreating logon groups by line-of-business may have no benefit (or worst case, may make performance degrade forthe group with the highest load %). You need some historical information to base your decision on, for how to bsplit the users up.

You may find that 50% of the load is from the SD users and so you may need one group for them (with 3 Appservers in it) and one other group for everyone else (with the other 3).

The logon group(s) will have to be referenced by SAP GUI, so SAP GUI (or saplogon.ini + maybe the services fionly) will have to change to accomodate any new groups you create in SMLG. Also consider that there's variablfor time-of-day (load varies by time-of-day) and op-mode switches (resources vary by op-mode).

SAP System Performance Issues

My server becomes slow when more users login. What could be the reason? Is it because of less hardware resource?

Server configuration is 104GB HDD, 2GB Ram. OS:Win 2003 server. Database:Oracle.

I manage SAP R/3 4.6C systems on Risc 6000 machines, under Oracle 9.2.

The overall performance problem for me is to know if SAP response time is acceptable ; if not, do this :

- at AIX level : utilities are topas, to catch what's wrong : Disk I/O ? CPU bottleneck ? Too much swap ?- at Oracle level : tkprof but don't know much about this.- at SAP level : you can manage SAP memory, Oracle and OS too.

If SAP response time is acceptable, then try this :

Try to have a look at OS response time : ST06 : look at CPU, Memory, Swap, Disk and Lan response time.

Try to have a look at buffer quality : ST02, if many fields are red, investigate each fields dependant parameters.

Try to have a look at DB response time : ST04N, databuffer quality (SGA zone), how much physical reads / logic

reads Ratio, wait times, number of user calls, Shared Pool cache hit ratio should be >96%, Sort usage, Redologging.

I use this kind of procedure to manage my systems.

SAP Tips by: Christophe Rabeau

It depends how much you allocated for SGA (database buffers, shared pool buffer, redo log buffers), how much yallocated for SAP buffers esp. Program buffers and whether the server have any other external processes/programrunning.



How many Dialog Work Processes you allocated…I think your problem most likely is you don’t have enough of these Dialog processes. Also maybe users running inefficient reports/programs which are holding the Dialog processes, goto SM50 & check all DIA (Dialog) with status “waiting”…if ALL are “running” then you have waittime (problems !) for other users wanting to process transactions .

To troubleshoot performance, you need these tcode tools:-

ST04 – Database ß in here, check especially for Expensive SQLs (Detail Analysis à SQL Request)

ST02 – SAP buffers

ST06 – OS stats

ST05 – SQL trace

SE30 – Abap runtime analysis

SAP Tips by: Derek Phung

A few step which you can exercise to sort/identify performance issues.

* ST03, ST02, ST04 are the tcode for workload, tuning and DB Performance Monitoring codes.

* ST06 FOR Operation System Monitoring.

** SM51 OR SM50 is process overview which tells you the workprocess sequence. ( Ideally 10-15 process withOLTP and batch process scheduled at peak and off peak times respectively) say 8-17 hrs and 17-8 hrs for BatchProcess)

Operation Mode can be configured in RZ04 tcode.

** Check for top CPU in ST06 tcode. CPU should not exceed more than 60% for long time for any process.

** Based of No. of instances ( Application Servers ) should have adequately sized.

** Most resources intensive process have to be scheduled in Batch Process ( in Background in Non Peak Hours )

** Look for unnecessary Jobs Active During Prime Time** Look for Parameters Set To Your Business Process.

( RZ10, RZ11 ) Check Snote:0124361

** Refer Early Watch Alert Periodically for Overall System Performance.. ( Tcode SDCC )

Tuning Summary In Transaction ST02

My current system is SAP R/3 Enterprise 4.70. I have some questions about tuning summary in transactio

ST02 :

To the best of my knowledge I am answering your questions. Ok

1. Do we have to increase every profile parameter value which is displayed in red alert in transaction ST02

Ans: Ofcourse it shoud be, since each buffer holds different values, wherever the red alert is there change the

parameter value.



2. Why do the swapped objects always increase after a few days of tuning (in RZ10) & system restart?

Ans: Since more data had been fed into the server, it needs more space to hold in buffer while retrieving the data.Since buffer is shot in space, swap memory will be used. It is not enough to increase the buffer and that does notmean tuning, tuning in the sense full analysis of the problem and working in that particular area to resolve the issFor example, creation of index, data archival, availability of statistics, alotting of no. of work process, etc.

3. Is there any standard in tuning ST02 to hold up the increasing value of swapped objects?

Ans: No. It depends on requirement.

4. After analysing ST02, how can we calculate the value of the parameter profile to be increased (in RZ10)

Ans: yes, use the command:sappfpar check pf=\\usr\sap\trans\tpparam(or)sappfpar check pf=\\usr\sap\trans\tp_domain_<sid>

Tcodes used for Daily System Monitoring

After running daily system monitoring transaction, what should we check for:

In st22 look for the core dumps if any and report to the respective consultants and try to know why it happened.

In sm21 try to check for errors.

In sp01 try to see if any spool jobs have failed.

In st02 look if any swaps are happening, swaps are not good for performance.

In st04 look for Database alert logs and Performance.

In st03 look for ratio hits.

In sm59 look for connectivety tesing if there are other systems also connected to your SAP R/3 system

In db13 look if the jobs have run successfully.

In sm37 look for any cancelled scheduled job and take action appropriately.

In sm12 look for any pending locks from the previous days.

In sm13 look for any hanged updates, or updates pending for long or updates in PRIV mode.

SAP Administrator Daily Activities

SAP DAILY ACTIVITIES

1] Check that all the application servers are up:sm51 SAP Serverssm04/al08 Logon Users

2] Check that daily backup are executed without errorsdb12 Backup logs: overview



3] SAP standard background jobs are running successfully. Review for cancelled and critical jobs.sm37 Background jobs--- Check for successful completion of jobs. Enter * in user-id field and verify that allcritical successful jobs and review any cancelled jobs.

4] Operating system Monitoringst06

5] Extents monitoringdb02 Database monitoring--Check for max-extents reached

6] Check work-processes(started from sm51)sm50 Process overview-- All work processes with a running or waiting status.

7] Check system logsm21 System log-- Set date and time to before the last log review. Check for errors ,warning, security, message-

bends, database events.

8] Review workload statisticsst03 Workload analysis of <sid>sto2 tune summary instance

9] Look for any failed updatessm13 update records

10] check for old lockssm12 lock entry list

11] Check for spool problemssp01 spool request screen-- check for spool that are in request for over an hour.

12] Review and resolve dumpsst22 ABAP Dump analysis

13] Checking .trc file in SAP trace directory for block corruption on daily basis.C:\ORacle\sid\saptrace

14] Archive backup brarchive -f force -cds -cInsert the archive backup tape

15] Review NT system logs for problem-> NT system log- look 4 errors or failures-> NT security log- failed logon 2 sap servers-> NT Application log -look 4 errors or failures

The Step required to Audit at the User Level

The followings will help you to Understand how to Audit at the Users level:

Creating a User Audit Profile 1. Log on to any client in the appropriate SAP system.2. Go to transaction SM19.3. From the top-most menu bar on the Security Audit: Administer Audit Profile screen, click Profile -> Create.

4. On the Create new profile popup, type in a new Profile name and click the green Enter picture-icon.



5. On the Filter 1 tab of the Security Audit: Administer Audit Profile screen, click the BOX to the left of Filter active to place a TICK in the box. In the Selection criteria section, select the Clients and User names to be tracedIn the Audit classes section, click "on" all the auditing functions you need for this profile. In the Events section,click the radio button to the left of the level of auditing you need. Once you have entered all your traceinformation, click the Save picture-icon. You will receive an Audit profile saved in the status bar at the bottom othe screen.6. Please note that while the user trace profile has been saved, it is not yet active. To activate the user trace, see thnext section Activating a User Audit Profile.7. You may now leave the SM19 transaction.

Activating a User Audit Profile 1. Log on to any client in the appropriate SAP system.2. Go to transaction SM19.3. On the Security Audit: Administer Audit Profile screen, select the audit profile to be activated from the Profiledropdown. Click the lit match picture-icon to activate it. You will receive an Audit profile activated for next systestart in the status bar at the bottom of the screen. The audit will not begin until after the SAP instance has beenrecycled.4. You may now leave the SM19 transaction.

Viewing the Audit Analysis Report 1. Log on to any client in the appropriate SAP system.2. Go to transaction SM20.3. In the Selection, Audit classes, and Events to select sections of the Security Audit Log: Local Analysis screen, provide your information to filter the audit information. If you need to trace the activities of a specific user, be suto include that user's ID. Click the Re-read audit log button.4. The resulting list is displayed. This list can be printed using the usual methods.5. You may now leave the SM20 transaction.

Audit of SAP multiple logons

When a user logs onto SAP multiple times a selection screen pops up.

If the user wants to continue with the multiple logon the following message is part of the option:

"If you continue with this logon without ending any existing logons to system, this will be logged in the system.SAP reserves the right to view this information."

If you have users who are logging in with other users login and need to view where this information is stored, chethe table 'USR41_MLD' via transaction code 'SE16'.

The field 'Counter' tells you how many times the user have done a multiple logon.

SAP Security and Authorization Concepts

R/3 audit review questions.

Here is a list of items most commonly reviewed by internal/external auditors when reviewing your R/3 system.

It is always a good idea to review this list a couple times a year and to take the appropriate steps to tighten your security.

Review the following :-



* System security file parameters (TU02) (e.g. password length/format, forced password sessions, user failures tend

session etc.) have been set to ensure confidentiality and integrity of password.

Security-Parameter-Settings-Documentation

* Setup and modification of user master records follows a specific procedure and is properly approved bymanagement.

* Setup and modification of authorizations and profiles follows a specific procedure and is performed by someonindependent of the person responsible for user master record maintenance.

* An appropriate naming convention for profiles, authorizations and authorization objects has been developed tohelp

security maintenance and to comply with required SAP R/3 naming conventions.

* A user master record is created for each user defining a user ID and password. Each user is assigned to a user group, in

the user master record, commensurate with their job responsibilities.

* Check objects (SU24) have been assigned to key transactions) to restrict access to those transaction.

* Authorization objects and authorizations have been assigned to users based on their job responsibilities.

* Authorization objects and authorizations have been assigned to users ensuring segregation of duties.

* Users can maintain only system tables commensurate with their job responsibilities.

* Validity periods are set for user master records assigned to temporary staff.

* All in-house developed programs contain authority check statements to ensure that access to the programs are properly

secure.

Select a sample of :-

* Changes to user master records, profiles and authorizations and ensure the changes were properly approved.(The changes can be viewed with transaction (SECR ).

* Ensure that security administration is properly segregated. At a minimum there should be separate administratoresponsible for:

- User master maintenance. (This process can be further segregated by user group.)

- User profile development and profile activation. (These processes can be further segregated.)

* Verify that a naming convention has been developed for profiles, authorizations and in-house developedauthorization

objects to ensure:

- They can be easily managed.

- They will not be overwritten by a subsequent release upgrade (for Release 2.2 should begin with Y_ or Z_ andfor

Release 3.0 by Z_ only.)



* Assess through audit information system (SECR ) or through a review of table USR02, whether user master records have been properly established and in particular:

- The SAP_ALL profile is not assigned to any user master records.

- The SAP_NEW profile is not signed to any user master records. Verify that procedures exist for assigning newauthorization objects from this profile to users following installation of new SAP releases.

* Assess and review of the use of the authorization object S_TABU_DIS and review of table authorization classe(TDDAT) whether :-

- All system tables are assigned an appropriate authorization class.

- Users are assigned system table maintenance access (Through S_TABU_DIS) based on authorization classescommensurate with their job responsibilities.

* Assess and review of the use of the authorization objects S_Program and S_Editor and the review of programclasses

(TRDIR) whether:

- All programs are assigned the appropriate program class.

- Users are assigned program classes commensurate with their job responsibilities.

* Ensure through a review of a sample of :-

- In-house developed programs that the program, code either:

- Contains an Authority-Check statement referring to an appropriate authorization object and valid set of values

or

- Contains a program Include statement, where the referred program contains an Authority-Check statementreferring to

an appropriate authorization object and valid set of values.

I think an auditor would want to know what methods you are using to approve who gets what profile and whatmethod you are using to document it so that if you review your documentation you could compare it with whatauthorization the user currently has and determine if the user has more authorizations (roles) than he has beenapproved for by the approval system in place.

What is private mode? When does user switch to user mode?

Private mode is a mode where the heap data is getting exclusively allocated by the user and is no more sharedacross the system. This happens when your extended memory is exhausted.

What is osp$ mean? What if user is given with this authorisation?

OPS$ is the mechanism the <SID>adm users uses to connect to the database .

Why do you use DDIC user not SAP* for Support Packs and SPam?

Do _NOT_ use neither DDIC nor SAP* for applying support packages. Copy DDIC to a separate user and use thuser to apply them.



Can you kill a Job?

Yes - SM37 - select - kill

If you have a long running Job, how do you analyse?

Use transaction SE30.

How to uncar car/sar files in a single shot?

on Unix:$ for i in *.SAR; do SAPCAR -xvf $i; done

When we should use Transactional RFC ?

A "transactional RFC" means, that either both parties agree that the data was correctly transfered - or not. There ino "half data transfer".

What is the use of Trusted system. I know that there is no need of UID and PWD to communicate with

partner system. In what situation it is good to go for Trusted system ?

E. g. if you have an R/3 system and a BW system and don't want to maintain passwords. Same goes for CRM andlot of other systems/applications.

Let me know if my understanding below is correct: 1) By default the RFC destination is synchronous 2) Asynchronous RFC is used incase if the system initiated the RFC call no need to wait for the response

before it proceeds to something else.

Yes - that's right.

But keep in mind, that it's not only a technical issue whether to switch to asynchronous. The application must also be able to handle that correctly.

Which table contains the details related to Q defined in SPAM? Is there a way to revert back the Q defined

If yes, How?

There is a "delete" button when you define the queue. If you already started the import it's no more possible sincethe system will become inconsistent.

What is a developer key? and how to generate a developer key?

The developer key is a combination of you installation number, your license key (that you get fromhttp://service.sap.com/licensekey) and the user name. You need this for each person that will make changes(Dictionary or programs) in the system.

What is XI3.0 ? EXPLAIN XI = Exchange Infrastructure - Part of Netweaver 2004.

SAP Exchange Infrastructure (SAP XI) is SAP's enterprise application integration (EAI) software, a component othe NetWeaver product group used to facilitate the exchange of information among a company's internal softwareand systems and those of external parties. Like other NetWeaver components, SAP XI is compatible with softwar products of other companies.



SAP calls XI an integration broker because it mediates between entities with varying requirements in terms of connectivity, format, and protocols. According to SAP, XI reduces integration costs by providing a commonrepository for interfaces. The central component of SAP XI is the SAP Integration Server, which facilitatesinteraction between diverse operating systems and applications across internal and external networked computer systems.

How to see when were the optimizer stats last time run? We are using win2k, oracle 9, sapr346c.

Assumed DB=Oracle

Select any table lets take MARA here but you should do the same for MSEG and few others to see whether thedates match or not.Run the following command on the command prompt:-

select last_analyzed from dba_tables where table_name like '%MARA%';

This gives you a straight answer .Else you can always fish around in DB14 for seeing when the optimzer stats weupdated.

How to apply OSS notes to my R/3 system?

In order to fix one of the problem in R/3 system, SAP will asked you to download an OSS notes which is a ".car"file.

To work with a CAR File do the following at OS Level:

Get into OS as <sapsid>adm

Copy the .CAR file to a Temporary Directory.

Uncompress the file with SAPCAR

Copy the the data file generated in the data transport directory( ej: = /usr/Sap/trans/data).

Copy the the cofile file generated in the cofiles transport directory( = ej: /usr/Sap/trans/cofiles).

Run transaction STMS

Upload the support package with SPAM transaction and the support package will show "New support packages".

**********

Examples of CAR command :-

1) UNIX only:

Log on as user <sapsid>adm.cd /usr/sap/transCAR -xvf tmp/<ARCHIVE_NAME>.CAR -V

2) Windows NT only:



Log on as user <SAPSID>ADM.cd \USR\SAP\TRANSCAR -xvf TMP\<ARCHIVE_NAME>.CAR

This Will create two(2) FILES

After you run SPAM you MUST run STMS and check the transport queues

**********

As per 315963 note you can direct made the changes in the program or you can apply the support pack.

a) If you want to apply correction then first you need to register the object in SAP, so that you will get the Accesskey and then you can make the changes.

b) If you want to import the support pack then you need to down load from SAP market-place. and this is in CARfile. and then you need extract the same using CAR utility.ex: CAR -xvf abc.car

or

you can directly apply the patch from SAPGUI, login to 000 client and then you can load the patch fromPresentation server.

Also check what is your current basis patch level?

Upgrading the SAP Kernel and SAP Hotpatches

Kernel upgrade is an easy process.

Go to the SAP OSS Site :-

http://service.sap.com/SWCenter-MainSAP R/3

SAP R/3 4.6CBinary Patches

SAP KERNEL 4.6D

Download the kernel programs in a temporary folder.

Create a folder and copy the executables /exe/run/ then uncar the downloaded files and replace the executables.

It is recommended to shutdown the R/3 database and all services including saposcol.

Then restart your system.

A couple of important points to remember are :-.

a) Always make a copy of the files you're going to replace. For e.g. Create a directory (oldkern) and copy all the files

before replacing them (this helps when sometimes the new Kernel has problems, and you can revert it)



b) You have to shutdown SAP and the Database using the OLD kernel file. Again it is good practice to shutdowneverything

first.

Refer to this OSS note which is pretty useful :-

102461 - Installation of 4.0B/40B_COM kernel with 4.0A/40B

How do I find out the current patch level in SAP R/3 4.7

You can use either of these two methods:

1: Follow the path

System --> Status --> Component Information (The Magnifying glass button in the SAP System Data section)

2: Use the Transaction code ---- spam

spam(Support package manager) --> package level

SPAU and SPDD

When you apply a package, a large number of objects are changed.

If you have applied any OSS notes to objects in your system, the hot package may overwrite these objects.

SPDD is used to identify dictionary objects

and

SPAU (repository objects), will identify any objects where the hot package is overwriting changes you have madthrough OSS notes.

You must check all objects identified in SPAU and decide whether you need to reapply the OSS note or reset thecode to the original SAP Code.

If, for instance, you are applying hot package 34, SPAU identifies an object where you have applied an OSS noteYou must check the OSSs note and see if SAP have fixed that note in a hot package.

If the OSS note has been fixed in hot package 34, then you should reset the object to its original source code. Th

means that there is no repair flag set against this object again and it is now SAP standard code.

If, however, the object is not fixed until hot package 38, or there is no fix available you have to reapply the OSSnote, otherwise users will encounter the problems they had before the note was applied.

You must transport all reapplied notes and Reset to SAP Standard objects after you apply your hot package to yoQAS and PRD systems.

Reporting a Problem to SAP



When I tried to report a problem to SAP using

http://service.sap.com/message url it provided 4 steps to follow:

1) Choose system 2) Prepare Solution Search 3) Find Solution 4) Enter Message

I could do the step 1 but dont know what to do at steps 2, 3 and 4.

SAP changed the customer message screens so you now have to navigate through a search of the SAP Notes befo being able to create a message.

We usually search the Notes extensively before we create a message, so we just enter a blank search and then go to create the message.

Follow the steps, It may solve your problem:

1. Copy following url into web browser : http://service.sap.com/message

It will ask you for your OSS ID and password .A Screen which contain a push Button Select System displayed .

2. Push the Button Select System .It will open a sub screen in which there will be a hierarchical structue which looks like

- <Your SAP Customer Number >-<SAP Installation number for a specific product1 >

<radio Button><System SID1 for which you have registered a license><radio Button><System SID2 for which you have registered a license>

+<SAP Installation number for a specific product2 >+<SAP Installation number for a specific product3 >

Here + indicate that you have a sub tree .Specific product like SAP R/3 T for Services , SCM , CRM , ERP etc

3. Select the system for which you need to log a messageIt will take you to message screen screen.

4. Select you domain for problem for example Basis problem with Database where dataBASE IS oracle thenMessage type will be BC-DB-ORA* .5 Select priority of Message

6 . Write Message and send it to SAP

Different methods to Lock or unlock SAP users

I want to lock all the users in SAP during MTP. I know using SU10 we can do it. Any other alternative wa

to lock the users.

Is there a way in SAP to unlock a locked user for a limited time, then automatically after x time set the use

back to lock status?



You can fill in "valid from" and "valid until", but you cannot say from Monday to Friday from 8 - 12:00 for parttime workers.

Can we schedule to lock all users?

If users get locked, from SU01 you can unlock them.

Use SU10 to mass lock/unlock the users.

Use address data or authorisation data to get a list of users - select the ones you want and

click transfer.

Once this is done click on lock or unlock.

You can also use transaction code EWZ5 to mass lock/unlock the users

or

Execute program EWULKUSR in SE38

or

Set a profile parameter (login/failed_user_auto_unlock) to unlock at midnight the locked users.

or

Here's an ABAP code, short and simple, isn't it?

REPORT zreusrlock.

DATA: time_limit TYPE sy-datum.DATA: days TYPE i VALUE 40.

time_limit = sy-datum - days.UPDATE usr02 SET uflag = 64 WHERE trdat < time_limit.

If you don't want to specify the time in the program, you can use SE38 to schedule it as a daily background job wthe date and time.

or

Probably the easiest way would be to write a sqlplus SQL script that sets all the UFLAG fields in table USR02 to64 EXCEPT for the BNAMEs you don't want locked. When you are done, you can do the same again but changethe UFLAG field to 0.

The SQL statement would look like:

update SAPR3.USR02 set UFLAG = 64 where MANDT = <client number> and BNAME != <don't lock user 1>AND BNAME != <don't lock user 2>;

You can replace != with <> if you want. To run this from an OS command line, you would type:

Unix/Oracle 8---> sqlplus internal @<SQLpath+SQLname> NT/Oracle 8.0---> plus80 internal @<SQLpath+SQLname>



NT/Oracle 8.1---> sqlplus internal @s<SQLpath+SQLname>Unix/Oracle 9:--> sqlplus /nolog @<SQLpath+SQLname> NT/Oracle 9-----> sqlplus /nolog @<SQLpath+SQLname>

In UNIX you can cron the script to schedule it. In NT you can schedule it as a task.

or

This is another method to UNLOCK ALL users.

Start Oracle Server manager (I assume you are on Oracle)connect internalupdate sapr3.usr02 set uflag='0' where mandt='399';

When users are locked, the uflag is set to 64.

Finish, just query to check.

select bname, uflag from sapr3.usr02 where mandt='399';

Please note that unlocking users from low level (like Oracle sqlplus) should be used as last resort. Frequent use olow level access may tempt you to use on other things. Highly dangerous and your IS auditors will not be toohappy.

Is there a way to set a list of users that cannot be locked, even if we try to lock them manually, and even if

they fail connection ( wrong password )?

Increase this parameter in SAP Instance profile:

login/fails_to_user_lock = 6 (max is 99 wrong attempts, i.e, value 99). Currently you have a value of 3.

login/failed_user_auto_unlock (for your midnight unlocking).

Ask users to remember passwords!! If someone is deliberately login-in with different username/password (thereb blocking legitimate access of that user), check hostname from SM21.

This is considered as DoS (Denial of Service).

Changing the default password for sap* user

You are trying to change the password for sap* user, however when you go into su01 and enter sap* as the user name, the following message is displayed, user sap* does not exist.

You can delete the SAP* user using ABAP code :-Delete from usr02 where bname = 'SAP*' and mandt = '***';

Where '***' means your client no.

Then login to your client using password SAP* and password PASS

However, if you delete it, then it will automatically created once again with password PASS

The userid, SAP*, is delivered with SAP and is available in clients 000 and 001 after the initial installation. In the

2 clients, the default password is 07061992 (which is, by the way, the initial date when R/3 came into being...). It



given the SAP_ALL user profile and is assigned to the Super user group. When I say it is "delivered" with SAP, Imean that the userid resides in the SAP database; there are actually rows in the user tables used to define userids.

If you delete the userid, SAP*, from the database, SAP has this userid defined in its kernel (the SAP executablecode that sits at the operating system level, i.e., disp+work). When this situation exists, the password defined in tSAP code for SAP* is PASS. This is necessary when you are performing client copies for example, as the user information is copied at the end of the process. You can sign into the client you are creating while a client copy is processing using SAP* with password PASS (but you should have a good reason to do this - don't change anythinwhile it's running).

Anyway, if the SAP* userid is missing, you can sign in to the client you want and simply define it using transactiSU01 and, as I stated above, assign it to the SUPER user group and give it the SAP_ALL profile. You define itsinitial password at this point. If you've forgotten its password and don't have a userid with sufficient authorizationto create/change/delete userid,then you can use the SQL statements to delete it from the database and then you can use SAP* with PASS to sign back into the client you want to define it in and recreate it.

There is also a profile parameter which can override the use of SAP* with PASS to close this security hole in SA(login/no_automatic_user_sapstar). When this parameter is defined either in your DEFAULT.PFL profile or theinstance-specific profile and is set to a value of '1', then the automatic use of SAP* is deactivated. The only way treactivate the kernel-defined SAP* userid at this point would be to stop SAP, change this parameter to a value of(zero), and thenrestart SAP.

The default password for SAP* is 06071992. (DDIC has 19920706)

Mass Maintenance of Users Profiles

Goto transaction code SU10

Select your SAP User by Address data or Authorization data.

With the users you want to change selected, click :-

User -> Change -> Profiles

Filled in the Profiles and click save.

How can I create multiple User Id at Random

We usually created Id though SU01, it only one by one. Can I create multiple user id having same profile at once.

Yes you can, use tcode SCAT. First, make sure your client setting (SCC4) is enabled with ' X eCATT and CATTallowed'. Just in case your Production disabled this.

- Then, you need to create a simulation (test case) of creating new user id by calling tcodeSU01 later.

- Test case must start with Z, example ZCREATE_NEW_USER. Create this case, put title andchoose component as BC (basis components).

- Save and choose Local if you dont want to transport it or choose a dev. class (example ZDEV)if you want to transport it later.

- Go back and click Change button. Then key -in Object as example SU01, and choose Record



button on top. When it prompts to enter Transaction code, key in SU01 (if for roles,key-in PFCG) and begin recording. As usual in SU01 create 1 user id, dept field, password,roles, group and so on.

- Make sure you press Enter on each field because we want to capture the value/object andSCAT is a bit stupid if you become familiar later....but still useful...indeed.

- You will see a clock on the bottom which means the recording process is on going.Once done, click Back button and press End button to end the recording.

Note - I noticed you said the profiles are all the same. Then this is much easier...no need to enter the roles/profile just duplicate this ID and change the name, dept and password only.

Okay..first stage has finished. Then double click the Object to begin inserting parameters. Then you will see anobject for each fields that you run from SU01. Choose the right field example user id (BNAME) and choose butto'Insert Import Parameter (F6)' and you may click Next Screen to 'watch' what have been recorded and proceed tochoose several other objects like password field (PASSWORD1, PASSWORD2), roles field (AGR_NAME), grofield etc. If you happen to choose the wrong object, then you can reset back (Edit -> Reset Parameterization). Yomay see so many junk fields captured and this is because SCAT records every steps/dialogs.

Once done, choose Back and save this case. Then you need to click 'Goto -> Variant -> Export' and save it. Afterthat use Ms Excel to open it and begin inserting all other user ids. Save and close. Remember to close this file because SCAT will use it.

Then last one, get back to SCAT and click button execute, processing mode chose Background, choose external f'the one you created with Excel' and execute. At this moment don't use tcode SU01 bcoz you may interrupt thesimulation. Wait for the logs. If you see reds then error washappening.

How to delete expired roles?

Here are 3 notes you may want to review to see if there is any helpful info, plus some documentation that may behelpful for others....we are going from 40B to 47 and have had a few issues with role deletion

Notes: 312943 504412 & 313587

Additional info

First, the report PFCG_TIME_DEPENDENCY is functioning as designed. It was not designed to remove activitgroups.

Second, in transaction SU10 you must have the valid from and valid to fields filled in with the actual dates,04/08/2002, in order to remove the invalid activity group. You need to be sure that the remove user radio button in the role tab. But in the profile tab, the add user radio button is selected by default. What you have to do is go to

profile tab and select the remove user radio button. You have to make sure both role and profile has the same rad button selected, i.e. remove from users. Only then when you click save, it will allow you to delete the role fromuser.

In transaction SU10, you need to complete the following steps:

1. Click on the Authorization data button.2. Entry the users name, latimerc3. Click on the execute button.4. Put a check in front of the users name.5. Click on the transfer button.

6. Now highlight the user.



7. Click on the pencil button.8. Click on the Activity Groups tab.9. Enter the profile name (PM_NOTIFICATION_PROCESSOR).10. Enter the valid from and valid to dates (04/08/2002).11. Change the radio buttons to remove user from both the Activity Group and Profile Tabs.12. Click on the trash can.

In another customer message the following was provided by developement:

We don't have a regular functionality for mass deletion of roles. But if you want to avoid the deletion by hand orwith an own created report, I would suggest the following:

The attached note 324962 includes the report ZDELETE_RY_T_AGRS which could delete all roles with nameslike 'T_....' or 'RY....'. The report gives you a list of all these roles and deletes then the selected ones. You canmodify the report to get all your roles in the selection list. Therefore you have to change the following:

SELECT * FROM AGR_FLAGS INTO TABLE L_AGR_FLAGSWHERE FLAG_TYPE = 'COLL_AGR'AND FLAG_VALUE = 'X'.

SORT L_AGR_FLAGS BY AGR_NAME.LOOP AT SINGLE_ACTGROUPS WHERE AGR_NAME+11 <> SPACE AND <<< delete

( AGR_NAME(2) = 'T_' OR AGR_NAME(2) = 'RY' ). <<< deleteLOOP AT SINGLE_ACTGROUPS WHERE AGR_NAME+11 <> SPACE. <<< insert

READ TABLE L_AGR_FLAGS WITH KEY AGR_NAME = SINGLE_ACTGROUPS-AGR_NAMEBINARY SEARCH.

Text from an additional customer message as further help:- go on role tab- select remove from user - enter ZR.PRD.GENERIC and date : 06/04/2002 12/31/9999- go to profile tab- select remove from user - save- do the same for ZR:HR:ESS from 01/01/2002 to 12/31/9999 and workedfrom date for testid was 01/01/2002 and testid2 02/01/2002 and the 2 assignement were deleted And the roles

wereremoved from the 2 UMR.

So it works as designed.

Upgrade SAP or Installation of SAP R/3 and ECC

What is ECC? Where to find the installation steps of ECC 5/6.0 with SQL as database and on windows

platform with the steps including Solution Manager installation?

http://service.sap.com/instguides

ECC means Enterprise Central Component.

There are all the relevant installation guides. You NEED SAPNet access because without a registered and licenseSolMan installation number you will not be able to generate the SolMan key for the ECC installation.



Upgrade to 4.7

Have you gone through an upgrade to 4.7?

What are the difference or changes associated with 4.7.

If you are currently on 4.6C and are inching forward to upgrading to 4.7 then this information might be

useful to you.

There is very little difference between 4.6 and 4.7, the only "steps" you should need are steps in SU25 ( skip stepThen go through all your role and perform a merge old new to bring in the new authorization objects

Just to forewarn you of a potential problem which have been encounter at the point of writing.

After updating/ modifying roles in step 2C, when going back into 2C to make sure all roles are now green, 70%have gone back to red!

The maintenance done is ok, but there seems to be a problem while trying to go back into the roles again to re-generate.

SAP recognizes them as needing "adjustment", so you cannot pick them up in mass generate in PFCG as they donot come in, even though the authorizations tab is red.

This problem is currently with SAP and it is confirmed that nothing have been done wrongly.

Generally, the work is quite manageable in the upgrade, but don't be surprised at how big the upgrade is whencompared to upgrading from 46b to 46c.

If we have full software of 46c and 47E is it possible to upgrade 46c to 47E or there is a seperate 47E upgra

software need to be requested from SAP?

Where I can get the document with upgrade steps on the service market place?

It is of course possible and supported:

http://service.sap.com/inguides

--> SAP Components--> SAP R/3 Enterprise--> (choose your version)at the bottom there is an "Upgrade guide" for Windows and Unix.

For Upgrades it is recommended to read ALL the notes mentioned in theupgrade guide and to make sure one is using

- the correct version of the "tp" program- the correct version of the "R3trans" program- the correct version of the "R3up" program

All that is explained in the upgrade guide and in the corresponding notes.

If this is your first upgrade you should take a person, that has some experience on doing that for the first time.

Installation of SAP R/3



Currently we are going to install SAP on a new IBM server from the existing COMPAQ server. Where can

get the steps for that.

Configuration is : OS - windows 2003 server DB - Oracle 9i SAP 4.7

http://service.sap.com/instguides

--> SAP Components--> SAP R/3 Enterprise--> SAP R/3 Enterprise Core 4.70 / Ext. Set 2.00 (SR1)--> Inst. Guide - R/3 Enterprise 4.7 x 2.00 SR1 on Win: Oracle

The above url is the SAP Service Marketplace with all the information you need to install, configure and runsystem. You need to be a valid licensed customer with a user ID and PASSWORD to use that.

Without access you won't be able to successfully run any SAP systems because it has notes, patches etc.

Find transports imported into system by search criteria

Content Author: Ryan Fernandez

To find transports imported in a particlar system log into it,

1. Use transaction se16

2. Table name is E070

3. Table contents

4. Enter your search criteria, by Name, Date, Time, etc.

Good to use if you suspect a problem in your system and want to trace back transports that went in that possiblycould have caused the fault.

Transporting a Request From OS

To import a transport request from OS .

# cd /usr/sap/trans# tp addtobuffer <transport request> <SID> pf=<transport profile> # tp import <transport request> <SID> pf=<transport profile>

Restrict The Transport Access In Production

How to restrict the transport access in Production?

You can control by 2 way :

1. Limit the authorization object that can limit your transport activity, please use authorization object S_TRANSP

and remove the value 60 (import) at your production server



2. Remove the STMS from the role.

List of transports that have been transported over a period

I need to know how we can get a list of transports transported over a period of time. I tried SCC3 but I'm not able pull up the data. Is there any other way?Example: List of transport request that have beem transported during Jan, Feb 20xx to production.

System Landscape: Dev-->Test--> ProductionDB:--Oracle Machine--SUNAppln Servers: AIXSAP version: 4.6C

Goto STMS --> Import overview --> select the system which you want to see the log of import queue --> selectgoto--> import history --> there select the data coloum and set the filter as per your requirement.

You can also execute SE03, Requests/Tasks, Find Requests, in the production system or use SE16 to query tableE070.

How to import mass transport request using SCC1 in local client?

We have 3 clients in development system , we need to import multiple requests at a time using SCC1 in another client. Using SCC1 I am able to select mass request at a time but not able to see mass transport menu.

How to do mass transport steps using SCC1 in local clients.

You could try using SCCL and select "Customising" Profile.

What is Role Transportation from development server to Production server. I have also create New role, b

how to bring out the role to production server. We have installed IDES 4.7 Server.

In Development:

Run TCD PFCG

- Enter the Role to be transported in the text box.- Click on truck symbol left corner of options bar - then series of screens will appear.- In one of the screen don't select user assignment.

It will also ask you the change request no.

After that go to TCD SE10 and release the request.

NOW go to stms and select Quality system and import the request into it. After testing you can import the requesin PRD system.

Guideline to upgrade from 3.1 to 4.6 with HW upgrade at the same tim

1. Do a system copy of the 3.1 instance to the new box.



2. Bring up 3.1 instance in new box.

3. Upgrade the Development/Staging instance and resolve all errors and issues. Create SPAU/SPDDmodifications, if any.

4. Timing the upgrade processes - to determine how long the whole processes take.Your managers will like to know how long it takes to complete the upgrade.

5. Do a system copy of the 3.1 instance to the new box again

6. Bring up 3.1 instance in new box.

7. Make the 3.1 instance in new box as the Production instance.

8. Make the 3.1 instance in the old box as the Development/Staging instance or a standby Production Box in casthe upgrade fail.

9. Upgrade the Production instance as planned (i.e. 3 full working days).

10. Acceptance testing.

How To Do the TMS Configuration?

We have two systems with version ECC 5.0

The SID is XY1 - Development & Quality XY6 - Production

Now we need to configure TMS between these two systems by assigning XY1 as domain controller. I beleiv

we also need to establish an RFC Connection for this. Also explain how to update the local files of this

systems?

How can I make thro it?

First decide which system you would like to define DOMIAN controller. Configure the Domain Controller Stepsconfigure------------------1. Login to the system with sap* in client 0002. Goto SE06.3. Click Post installation activities4. Goto STMS5. It will ask for Domain controller name.

6. Enter DOMAIN_<SID> as domain controller name and enter the description.7. Click Save button

Steps to add the other system with Domain controller ----------------------------------------------------1. Login to system with sap* in client 0002. Goto SE063. Click Post installation activities4. Goto STMS5. It will ask for Domain controller name.6. Enter System ID of the Domain controller

7. Enter DOMAIN_<SID> as domain controller name and enter the description.



8. Click Save button9. Login to Domain controller system10. Approve the added system.

Mass Lock All Printers with SPAD

If you have lots of printers (50 or more) and need to lock them for maintenance, you can used this mass

locked printers tips to locked or unlocked all the SAP printers at one go.

To mass Lock all the printer in SAP:

Go to transaction code SPAD

On top of the screen menu click Utilities -> For output devices -> Export devices

On the screen Import and Export of Device Descriptions:

Export/Import file name: c:\temp\printer.txt

Frontend computer: Tick

Export: Tick

Export Export: Tick

Output device: Choose the Selection options Pattern and type a *

(* for all or a* for all printers starting with a)

Click the Execute button

Open the text file do a replace all of PADISABLED = "" to PADISABLED = "X"

Then import the same file.

or

Another way is to go through each output device in SPAD and click on 'Lock Printer in SAP System' which is ithe DeviceAttributes tab

Incorrect SAP login logs

With report RSUSR006, you can check those users that have been locked.

For those that are not locked, the report will list down the number of wrong login that the users have done.

List of Inactive Users Logs

To list out all the users who are inactive for the last 6 months, which means they have not logged into the SAPserver.

If you have lots of affiliates to your main company, this will result in lots of users. Out of them, there might be lo

of inactive users who have left the company.



You may wish to delete those inactive users.

Use SA38 to run RSUSR200.

This report is part of the AIS (Audit Information System) and will report users who have not logged on for aspecified period of time.

Information on how the OPS$ Users Work

Does anyone have information or a good understanding of how the OPS$ users work and operate under an

Oracle SAP environment.

I would greatly appreciate some assistance as I have problems with my Brconnect and Brbackup within

DB13 due to the OPS$ users.

I need info on how to permanently delete the OPS$ users and then recreate it, due to the fact that I have

incorrect OPS$ users in some of the tables affected by the OPS$ users.

Below is the document I have prepared on recreating the OPS$ machanism. It helped me solve all my problem onDB13 and also on Schema owner connecting to database.

Hope this could help you.

Also refer to the following sapnotes:1. 400241 : Problem withe ops$ or sapr3 connect to oracle2. 134592 : Importing the SAPDBA role (sapdba_role.sql)3. 361641 : Creating OPS$ users on UNIX4. 50088 : Creating OPS$ users on Windows NT/Oracle5. 437648 : DB13: External program terminated with exit code 1/2

----------

select owner from dba_tables where table_name='SAPUSER';

## If owner is not the sid you require, then drop the table SAPUSER

Drop table "<owner>".SAPUSER;#or#Drop table "domain\OPS$SIDadm".SAPUSER;

## IF THE ANSWER IS 0 ROWS SELECTED THEN CREATE THE TABLE SAPUSER

# Check whether OPS$<SID>adm user exist, if no then create it

create user OPS$SIDadm default tablespace psapuser1d temporary tablespace psaptemp identified

externally;

# if exist then drop it;

DROP USER OPS$SIDADM;

# Grant connect & resource roll to OPS$<SID>ADM;



grant connect, resource to OPS$SIDADM;

# Creat table SAPUSER

create table "OPS$SIDADM".SAPUSER ( USERID VARCHAR2(256), PASSWD VARCHAR2 (256));

# update "OPS$<SID>ADM.SAPUSER with the follwoing command

insert into "OPS$SIDADM".SAPUSER values ('SAPR3', 'sap'); #sap = <password>

# Under NT it is required that user sapservice<sid> can also access the SAPUSER table. In order

to avoid problems with the data consistency, it does not make sense to create an additional

SAPUSER table having the same contents. You should rather define a synonym. Check if a suitable

synonym exists by using the following call:

SELECT OWNER, TABLE_OWNER, TABLE_NAME FROM DBA_SYNONYMS WHERESYNONYM_NAME = 'SAPUSER';

# IF NOT THEN CREAT IT

create public synonym sapuser for OPS$SIDADM.SAPSUER;

# if synonym already exists drop the existing synonym by the following command

drop public synonym sapuser;

#If another name <name> is returned as first value:

DROP SYNONYM "<name>".SAPUSER;

# AND CREAT it again with above command

# To allow access to the synonym (or the associated table), a grantneeds to be executed. The authorization for this has only theops$ user who is the owner of the actual table - that isops$<sid>adm. Therefore, you need to log on with thecorresponding operating system user (<sid>adm) and execute thefollowing commands:

CONNECT /GRANT SELECT, UPDATE ON SAPUSER TO "OPS$SAPSERVICE<sid>";

# Now you can recreate the synonym (not PUBLIC, if possible):

CREATE SYNONYM "OPS$SAPSERVICESID".SAPUSER FOR "OPS$SIDADM".SAPUSER;

CREATE SYNONYM OPS$SAPSERVICESID.SAPUSER for OPS$SIDADM.SAPUSER;

Successfully Implementing SAP

Documents

Transcript of Successfully Implementing SAP