SAP R/3 SAP (Systems Application and Programs, Real time) SAP is 3 Tier Architecture SAP Standard version starts

with 3.0 4.6B 4.7EE NW.04 (came in 2004) NW.04S ECC5 ECC6 OTHER VERSIONS SAP – Industries (Business Related Industry) SAP – Applications (Collaborative for Cross Application) MySap Business Suit OR MySAP.com: has been introduced for small and medium industries SAP Netweaver – Using Internet SAP Netweaver is a combination of My SAP Business Suit and Sap Applications MySapBS+SAP application Steps to Install SAP • Operating System (OS) • Database (DB) • SAP First we have to install OS , DB then SAP. Java introduced in 4.7EE Versions. Real Java came in NW04 Version SAP DATABASE using • SAO ORACLE SAP • SQL SERVER • DB2 ABAP – Programming language designed by SAP (ABAP+J2EE) - included in NW04 Components - NW.04 • WAS-Web Application Server(ABAP+J2EE) • EP- Enterprise Portal • XI-exchange Infrastructure • MDM • Acrobat Reader ECC5 and ECC6+Solution Manager ECC5 ECC6 CRM SRM NW (are Web Application Server) XI- Exchange Rate MDM - Master Data Management (Manages Data) SAP will consist: Developers (ABAP) + Functional Consultants + Basis BASIS is a Mediator for Database Administrator + Security SAP Software Life Cycle Ramp-up Phase (SERVICE.SAP.COM) - What is Total Life Cycle - What are the new Sap Products in the market - PAM (Product Availability Matrix) Software Maintenance two keys - List of SAP packages - Software Release New SAP S/W release SAP Maintenance Strategy & Planning

1

5-1-2(Formula) (Total 8 Years) 5 years of standard maintenance 1 year of extended maintenance + with a free of 2% of standard maintenance 2 years of extended maintenance + 4% Standard maintenance Navagation 3 types of GUI in SAP Default Windows Based GUI - SAP GUI for Windows HTML Based GUI - SAP GUI for HTML JAVA Based GUI - SAP GUI for JAVA SAP Login - Client: - User Name: - Password: Two Types of Menus in SAP 1. Standard Menu(SAP Menu) 2. Roll Based Menu Each User will get roll based menu USER_SSM: is a table where all the menu’s related information is stored. (whether it is roll based or standard based) SMEM_BUFFC – is a table where favorite information is stored SMEN_BUFFI – is a table where favorite information is stored Downloading from SAP to desktop as well as Uploading desktop to SAP stepes are: ->System ->List ->Save ->Local file Shortcut Commands /n – Takes to new session in session /o – New window in new session /nend – Logging of current session /nex – To close entire system (without saving) /I – unsaved session logout Help – SAP In SAP there are two types of helps F1 – Technical Help F4 – It provides possible entries for a particular field. (Maximum 500 entries are allowed in F4) Filtering Data in SAP SE16 – Is the Transaction Code to view the contents of the particular table. GUI - SAP Two Types of GUI in SAP - SAPgui.exe - SAPlogin.exe Button on GUI - Group - Server - New item - Delete - Change - Login - Validation

2

- Change item SAP log: Start SAP logon file. Every System will have a port number 32 with (00-99) 3298 – nipping 3299 – SAP router SAP Architecture: Three types of Architecture - Single Tier -> Presentation Layer - Two Tier -> Application Layer - Three Tier -> DB Layer If P, A, and DB are in one box, it is called Single Tier architecture. If P and A are in one box and DB in other box, it is called Two Tier architecture. If P in one box and A in another box and DB in another box is called Three Tier architecture. Presentation Layer:- Front End Application Layer:- Real calculations and Computing Database:- Database been stored SAP Landscape (3 system landscape) How SAP systems are arranged

Basis guy can accesses Development, Quality and Production boxes. Each box will have a system ID i.e. (SID NO) In Production box we have only one client (No changes are allowed in production box) In Development box we have three clients In Quality we have two clients All the changes are done in only in Development box Only testing is done in Quality box Changes done in Development box should be moved to quality box and get tested and finally it is transformed to production box. End user have accesses to only production box and very few end users will have accesses to separate training box.

3

-

SAND box is used only for R&D purpose. Whatever changes you do in SAND box will not be transported out of the box i.e. the changes are stored under $TEMP (local server only). Training box is used by end users for training purpose. Both SAND and Training box will have the exactly the data as production box.

Development Box - MAST - CUST - SAND MAST 000 001 066 – Clients 000 to 999 client number names Type of Changes in Development box - In SAP there are only two types of changes.  Workbench change: T.C. is SE09  Customizing Change: T.C. is SE10 Workbench Change: changes made to the default values provided by the SAP in the tables is called workbench change. Customizing Change: is a change which a totally new change in a system.ex. creating a new program or modifying structure of a program. Transaction code SE01 = SE09 + SE10 What ever workbench changes are transported using the transport layer ‘SAP’ Customizing transport layer Z<SID> Anything starting with Z in SAP it’s a customizing change.

4

-

CTD: is a physical location which has to be configured at the time of installation. - CTD in most cases is configured in development box. - Client number and user name will be same in all boxes MAST = Client 000 001 066 000 Master Client 001 066 Backup Client Early watch User ID sap* ddic early watch Client

In SAP there will be always one export and ‘N’ number of inputs. Ratio of export to imports is E:I; 1:N In three system landscape one export and two imports. Data moved out of development box is called as export Data pulled into quality and production box is called as import. The process is called as transportation

Password 06071992 19920706 surpass/support

These all are SAP client user ID, Client and Password.

-

6th July 1992 when SAP moved from two Tier architecture to three Tier architecture. R/2 is Mainframe R/3 SAP

- Basis guys will have accesses to DDIC only. - Initally all newly created client use dummy i.e. it will not have any data. - We have to do a client copy in order to populate the data in the newly created client. This process is called as client copy. - In order to login into a newly created client should use user ID sap* password is pass. - ddic is also called as god like user. - Early watch is a user ID is used by SAP AG people for trouble shoots (ISDN line and router configuration is require for early watch). 3 Tier + 3 system landscape (SAP-model)

5

V.e 101) we need a new instance 6 . S We have seven types of work process in application layer Each work process can be configured in a particular instance or server The no of work process which can be configured in instance is 099 If we need to configured more then 100 process (i.Multi System Landscape Server: I) II) central instance application instance For set of software components to work we need a set of work process Presentation DB Gui web browser gui for win html • • • • Application D. B. G. M. E.

M.0-99 D 0-99 E 1M DisPatcher 0-99 B 0-99 V 0-99 G 0-99 S • Each work process will have one • dispatcher Dispatcher is called as waiting queue Updates are of two types: I) Primary V/v1 II) Secondary V/v2 Instance: Instance is an application server which provides various services We have 2 types of instance: 1) Central instance 2) Application instance Instance is defined by set of services ie D.G.V. user for reducing the load from directly falling on central instance. NOTE: the server in which DB is present is referred as DB server or central instance.e.E.B.G.M. Work process: 1) Dialog : the instance in which they are Max no of dialog work process is called as dialog instance Note: • For an instance to work we need a minimum of two dialog work process 7 .S) 2) This is identified by message work process 3) Generally message and enque will be hosted on same instance Application Instance: 1) AI is an additional layer of R/3 architecture i.E. 2) There in no DB in an application instance.S Central instance: 1) This is an instance where all the services are configured ( ie D.V.B..

Jobs like list of financial accounting Data.G.B. • The servers in which other type of work process available except message(ie D.E.2) Enquee: The instance in which they are Max no of Enquee work process is called as Enquee instance Note: • Enquee work process are used for locking and unlock of sap objects in a table • We should have minimum of one enquee work process in an instance (By default we have one work process) 3) Background: The instance in which they are Max no of back ground work process is called as background instance Note: • This work process is user for handling the jobs which are scheduled in the background Ex: . profit and loss sheets Production related info etc…… Note: Jobs are of three types 1) Medium : 2) High 3) Low: These are represent by different colors as well as monitored and administrated by using third party tools Update work process: this is of two types 1) Primary update (v) : task critical activities are primary update 2) Secondary update (v1) : non critical activities are secondary update Note: Max no of job are of secondary update type Gateway: gateway is used for communication between 2 SAP R/3 system Note: • Between SAP R/3 system and non SAP and between R/3 to R/2 • Gateway work process is used for external communications • Minimum of one work process is needed Spool: is used for handling request to external devices like printers and fax machines Note: A minimum one spool work process is required Message: They are three functions of message work process • Handling the input request from the presentation layer • Communication with dispatcher and the work process • Logon load balancing Note: We will always have only one message work process in any R/3 installation.V. • The server in which M + enquee work process available that server is called central instance or central server.S) such server is called as application server or application instance • The transaction code to monitor the type of servers or instance is SM51 • In SM51 we can see only active servers or instances • The transaction code to monitor both active and inactive instance is SM66 • SM66 is also called as global process overview • Transaction code to monitor the list of work process present in particular SM50 Note: Each work process required around 75 to 115 MB of memory to be configured • We can set the execution time for each and every work process by using profile parameters 8 .

Note: we need to enter the target system OS and DB to generate this key SAP Data is segregated into three layers 1) SAP standard objects 2) Cross client objects 3) Client specific objects or Data 9 .com) and generate the key by providing the system number. Note: in order to obtain SSCR key we need to follow certain steps 1) login to SAP market place with s user ID 2) select the system for which SSCR key needs to be generated 3) specife the program ID. 3) Go to market place and get registered and get permanent license key 4) Get the installation number 5) Click on key icon to install license 3) SSCR key: (SAP software change registration key) :.in order to modify the objects in SAP main space we need to obtain SSCR key. (Y or Z) Note: this key stored in table “Dev Access”.• Default execution time for a work process is 60 sec Dispatcher: There will be one dispatcher for an instance • Dispatcher is user to handle a request • Dispatcher receives a request and kept them in queue till that particular work process is free • Dispatcher follows FIFO method • Dispatcher can be monitored from OS level by command DPMON • Dispatcher runs by an executable file Disp+Work.Dialog = rdisp/wp_no_<dia> = 0-99 Background= rdisp/wp_no_<B+C> = 0-99 Spool = rdisp/wp_no_<spool> = 0-99 Types of key available in SAP service market place : 1) Developer key 2) License key 3) SSCR key 4) Migration key 1) Developer key: is required for a developer to develop or modify objects in the customer name space.exe located in run directory • The profile parameter to display the no of work process is rdisp/wp_no_<type of wp> Ex.SAP.object type and object name along with your SAP R/3 version 4) Migration key: in order to migrate one OS to another OS or from one DB to another DB we required a migration key. 2) License key : this key used to get the license for sap systems • In order to authenticate our production sytem we need to apply the license key • After installation the license key will be valid for 14 days and again we need to apply for permanent key till 31/12/9999 • Even those license is expired the developer not lose any Data • In order to apply original license we need to register our system or server in market place (service. The command for SAP license key: Saplicense – get = hardware key Transaction to check license = S license Steps to install license key using S license : 1) log into sap and goto S license 2) get the hardware key using the command saplicense-get.

All changes made to default profile will affect the entire instances. In MMC right click on <SID> will give the following options Start Stop View Start Profile View Instance Profile Trace  The color-coding for the status of the sap server Yellow Green Red Error Start Stop Three types of profiles Start/Stop of SAP systems at the background is controlled by set of profiles which are located at \USR\SAP\DEV\SYS\Profile where DEV is the SYSID 1) Default Profile 2) Start Profile 3) Instance Profile     DEFAULT.. application Data. measurement table. • what ever changes we make of type cross client will effect all the users present under that clients 3) Client specific objects (or) Data: a change which are specific to a particular client is called client specific Data.. This profile is specific to the instance in which the SAP is installed..PFL  START_DEVBGMS01_<HOSTNAME> Where 01 is the instance number  <SYSID>_DEVBGMS01_<HOSTNAME> Where 01 is the instance number  Never edit the startup profile because this profile is related with starting/stopping of SAP system. • All these are in the name space of A to X Note: never try to change the repository objects unless and until it is required 2) Cross client objects : These are cross client tables which can be modified Ex: currency table. First profile which is read while staring SAP system is start profile and is followed by instance profile. customized Data These are three types 1) User master Data: 2) Application Data: 3) Customized Data: Starting and Stopping of SAP  When we start SAP the following sequence is executed Database Central instance Dialog Instance or any other Instance <Optional>  The starting and stopping from windows can be done using SAP Microsoft Management Console. programs. All work processes are configured in instance profile. transaction. Contents of Startup Profile: SAPSYSTEMNAME INSTANCENAME SAPSYSTEM 10 . which are configured.1) SAP standard objects: These are nothing but repository objects which includes functions. client administration table etc…. Ex: user master Data. Any changes made to the startup profile will affect only that particular instance.. screens etc……….

There are two types of of profile parameters 1) Static Parameters 2) Dynamic Switchable For dynamically switchable parameters. Use TC – SM35 • Check if there are any update processes running. 5) Trans Code to edit or change the profile parameters is RZ10. Use Transaction Code – SM04 • Check if there are any Background process is to define – SM36 • Check if there are any Background processing is going on. 2) All transaction codes that we monitor are executed in the central Instance only. In the table “TPFYPROPTY”. Inside is the following sub directories are present. To be filled. we need to restart the SAP system to make the changes effective. Work in Progress. 3) To view the users who are logged into all the instances we can use Transaction code AL08 (Global User Overview) 4) Transaction code to view profile parameters RZ11.SAPGLOBALHOST Startdbs.cmd  DB Msg_server. Incomplete section. 6) Report “RSPFPAR” is used to provide the same functionality as RZ11. StartSAP StopSAP <DB> <R3> <ALL> Note: How to start/stop java engine will be covered later? Directory Structure:The directory structure for SAP installed files will be \USR\SAP\<SYS_ID>\ PRFDOG TMP TRANS One of the most important directories is Trans. the dynamic indicator (X) identifies all dynamic switchable profile parameters. we need not restart the SAP system after making the changes. Note: • Use Transaction code SE16 to view the contents of a table. Use TC – SM13 Note: 1) After verifying the above status we need to send a message to all the users stating the shutdown time using Transaction Code SM02.exe  Dispatcher Igswd. • To display profile parameters from OS level we need to use the following Sappfpar <Parameter Name> <ALL> <Check> 11 . Use TC – SM37 • Check if there is any Batch input session. What are the steps involved in stopping SAP system? Before stopping SAP system we need to check the status of the following • Check if there are any logged on users.exe  Central Instance Disp+work. For static parameters.exe  Java Start/Stop in Unix: Commands used to start and stop at OS level in Unix environment.

• In the new screen opened to edit the profile parameters. This step is used to read 3 profile parameters from OS level to SAP level. Operation Modes There are two types of operation mode 1) Day Mode 2) Night Mode  In real time scenario during day mode.  Basic Maintenance: allows adjusting most important parameters and provides logical description. Copy == Changes are temporarily copied Save == Changes are permanent saved to database  Changes to instance specific profiles takes effect only after a restart of the corresponding instance. Name of instance and the time of last activation.  In order to make these changes we need to setup operation mode Note: During switching operation modes.  Changes are done in 2 steps.<Help> Eg: sappfpar ALL will return the list of all parameters.  In extended maintenance we can change the values.  Extended maintenance: display the unformatted content of the profile i.e. To change the value of the existing parameter. any errors in reading the profiles. Night 12 . maximum number of background work processes is scheduled. Modes of Editing Profile There are 3 types of edit profiles 1) Administration of Data 2) Basic Maintenance 3) Extended Maintenance  Administration of Data: contains type of profile. path of profile. Output of these steps is that it displays profile check log. 2) Press back button 3) Select profile tab and select instance profile.  During night mode. In which it will show status of the three profiles i. 4) Goto extended maintenance and select [Change] button Note: To create a new parameter select [Create Parameter] button. Hence we need maximum number of background work processes in the night.  Profile parameter related to security administration starts with auth* in RZ10  Profile parameter related to work processes starts with rdisp* in RZ10 Steps for tuning Work Processes • In the command prompt of SAP Execute RZ10. select the parameter under the parameter name column and click on change button. choose Utilities option from the Menu 1) Inside Utilities choose the option Import Profile of Active Servers. add values as well as delete. we need maximum number of dialog work process to be set. neither the instance nor the effected work processes need to be restarted.  You can perform the maintenance of parameters using either basic maintenance or extended. short description. technical names of the profile.e. Setting up of operation Mode  In the command prompt of SAP execute the Transaction code RZ04  Create operation mode Day.  Change the value and select [Copy] button  Select [Back] and again click on [Copy] button  Click on [Back] and click on [save] button. This profile mode is used only to display the profile parameters. we have maximum number of users logging into SAP system hence.

Note: In live environment we will not be required to perform this step regularly. Why only 15 minutes? 10) Select start time and end time and select assign and select operation mode. DB and R/3? 8) What is the patch level of R/3 used in your project? 9) What are the IP addresses of your R/3 systems? 10) If the dispatcher work process fails can I login to SAP system? 11) How to check the status of dispatcher from OS level? 12) What are the start/stop commands for SAP system from IS level? 13) If dialog work process fails where can I check the logs related to the dialog Work Process? 14) What are the three types of profile parameters and what is their naming convention? 15) What is the technology used by SAP systems to process user requests? 13 . Maintain Operation mode and Instances 1) Select [Instance/Operation Modes] 2) Select [create new instance] 3) Enter Hostname. V2 Update.  Go to RZ03 to display server status and Alerts. select start profile. Update.  Work process type = Dialog. Note: This step is selected for manual switch of the operation mode.  Class A work process are allocated primarily for background jobs of priority high. Enque and Spool. Select Server name and Choose Operation mode Select the mode and click on Choose Go to Control | Switch operation Mode | All Servers -> Selected Servers -> Simulation Very important Questions 1) Which directory do we have the exe files? 2) Which directory do we have errors or logs or traces recorded? 3) What is the profile parameter for increasing the number of background work process? 4) Difference between Central Instance and Application Server Instance? 5) How many Application server instances are there in your company? 6) How many modules did you support? 7) What is the version of OS. Note: Always use consistency check button because operation mode switch will not work if there is any inconsistency.  Switching up of operation modes should be set in SM63 (Time Table maintenance)  Click Save Note:  Work process allocation is made primarily between dialog and background. and instance profile. Call all active instances of the system  Select work processes that are needed based on the operation mode and assign to it as default. 8) Goto SM63 (Timetable maintenance) and select [Change] button. and instead we choose Instance  Maintain Instance  Work Process Distribution. 7) Click on [consistency check] Button. 11) Repeat these steps for Night mode. 4) Click on [save] button 5) Work process distribution window pop’s up 6) Select type of operation mode and tune the number of work processes and click on [save]. Class A. 9) Choose the following menu Edit  Time Period  15 Minutes. Background.

• Plain HTML File It is the simplest type of help stored in standard html format. • Dynamic Help This help is used on all front-end platforms. The files are available using knowledge warehouse server.chm (Compiled HTML format). Microsoft/Unix} Area (Auto Populated field) Path (Should be the path of help file installation) Language (should be English) Default check box. * Transaction code to configure help is SR13 Supported help types in SAP • HTML-Help File. It is located in the following directories a) Windows directory b) Local (or) Central GUI c) Program Files/sap/front end/SAPgui • SAP Help Portal Help. Documents are available using a file server and displayed with standard web browser. Steps to configure a Help function • At the command field type the Transaction Code SR13 • Click on the Edit Icon • Choose the [New Entry] option. Documents are available using a web server and are displayed with standard web browser.e. CLIENT ADMINISTRATION The list of very important transaction codes for client administration 14 .ini. These files are available using a file server and are displayed with the html help weaver. it is considered as the only help available whenever you login. This has to be installed and configured in DEV only. These files have extension of . Documents are stored in standard html format. documents are displayed in standard web browser. It uses standard html format. This is a compressed format of help supported by Microsoft.sap. Note: The OS file related with help is SAPDOCCD.16) What is the transaction code to check whether all my instances are active or not? 17) What is the transaction code for finding out number of work process present in a particular instance? 18) How do I do manual switching of operation mode? 19) How many work processes are required in order to login to SAP system? What are the types? 20) In what sequence does the system read system parameters? 21) What is the transaction code to check the consistency of individual profiles? 22) In which sequence we perform the setting up of operation modes? 23) Which SAP processes are started when the SAP system or an instance is started? 24) How do I find out which are dynamically switched or static parameters? 25) How do I display current values of system parameters? What are the ways of displaying current values of system parameters? 26) If I make any change to the startup profile do I need to restart SAP system? Configuring Online Documentation Online help in SAP is termed as online documentation. it is set as default. • Plain HTML HTTP. If the default check box is selected i. On click of that enter the following details Variance {Help Description} Platform {Operating system.com provides Internet based access to online documentation.

Note: SAP recommends scheduling client copies as background jobs. Why? Answer) 15 . Note: It is strongly recommended when doing client copy to use the profile SAP_CUST. Note: New clients are based on SAP reference client 000 when the R/3 system was first implemented. Question) Do we need to transport clients between systems (or) what is the procedure for copying clients between systems? Ans) We no longer require to transport clients instead we make a remote client copy. Features When copying clients you can select the data that you want to transfer from source to target client. e) Client Specific and Cross Client Customizing and Master/Transaction Data: This option is selected to setup a test client based on production client of another system. c) Client Specific Customizing and Master/Transaction data: We select this option if we want to setup a test client i. identical to the production client in the same system. The new clients are Training. Note: When a client copy process is completed the client copy tool automatically generates all ABAP dictionary objects that we created as a result of a generation process. Note: What is the amount of storage space a client will occupy? A client without application data needs approximately 150-200 MB of storage space in a DB Implementation Considerations Question) Why do we need to do client copy? Ans) To create new clients. Question) Why do we need to perform a test run? Ans) Test run determines which tables are to be changed. Various Types of data are as follows a) User Master Data: We select this option only if we want to copy all the users of an existing client with same authorizations into target client. Restrictions: Background Processing: We can copy clients either online or in background. Test and Production Clients.e. d) Client Specific and Cross Client Customizing: We select this option if we want to setup a quality Assurance system based in the production client of another system. Demo.Activity Activity Description Transaction Code Client Creation Create a new client SCC4 Client Deletion Delete an existing client SCC5 Local Client Copy Copying local client data SCCL Remote client copy Remote client copy SCC9 Client Export Client Export SCC8 Client Import Client Import SCC7 Client Copy Logs Client Copy Logs SCC3 Note: CATT – Computer Aided Test Tool Resource Requirements  Copying clients requires large amount of system resources  To avoid any bottlenecks we should ensure that there is enough resources available by considering the following 1) DB Storage Space 2) Perform a test run before copying a client. b) Client Specific Customizing: We select this option if you want to setup a new client in an existing system.

In target system.  Before performing a client copy set the profile parameter MAX_WPRUN_TIME and it is recommended to set for 30 minutes. Steps for Client Creation 1) Goto SCC4 16 . Question) Why should we not transport the client data? Ans) this is explained with the help of a scenario.  If the source client is production client.  For client transports RFC connection should be established between the systems. user data and user profiles. Note: In normal situations for some technical reasons we should not lock users in source client. • In source client we can lock the users. To avoid inconsistencies. this may lead to inconsistency if users are not logged off. SAP_CUST Copies all customizing tables including user profiles SAP_VCUS Copies all customizing tables. This is the reason for locking this user in different environments. we have set up clients whose data must not be affected. The cross client data must not be imported into the system from outside.• During client copy we must ensure that no users logs on to system (Source Client) • Users already working in target client cannot be locked automatically before the client copy starts and we must ensure that they leave the system. SAP_ALL Copies all data belonging to a client. Copy Profiles For copying clients R/3 offers a set of profiles Copy Profile Description SAP_USR Copies user master records and profiles only. since the cross client data overwrites existing data so that customizing data of other clients in the target system no longer effects. Authorizations To be able to copy and transport clients we need appropriate authorizations  There are two Types of authorizations 1) General Authorizations for client copy 2) Special Authorizations 1) General Authorizations for client copy Authorization Allows you to S_TABU_CLI Maintain cross client tables S_TABU_DIS Maintain system tables S_CLIENT_IMP Import data when performing a client copy S_DATA_SET Access the file system Copying of clients: Authorization Allows you to S_USER_PRO Copy user profiles S_USER_GRP Copy user master records 2) Special Authorizations Authorization Allows you to S_CTMS_ADMI Create object list for client transport and copy object list between two clients. This authorization object should have the values TYPE=CLCP and ACTVT=01 Question) what default user has all the authorizations? Ans) SAP*. Note:This authorization is related with client transports. Note: Client copy tool generally uses minimum of 2-dialog work process even if you start in background. Eg: Production client.  During client copy large volumes of data is transferred and hence it may take several hours for which we need dialog processes. the related tables are copied together with other tables.

Restrictions Locked due to a client copy: This option is used while performing client copy.  A client with protection level 1 and 2 cannot function as target client.  In DEV protection level is always no restriction  In PROD No overwriting but external availability is there. no transports allocated. no transports allocated.e. Cross Client Objects Changes to repository and cross client customizing Allowed No Changes to repository and cross client customizing objects No Changes to repository and cross client customizing objects No Changes to repository and cross client customizing objects No Changes to repository and cross client customizing objects Protection Level 0 1 (no Overwriting) 1 (no Overwriting) 1 (no Overwriting) 1 (no Overwriting) Changes to repository and cross client objects allowed. 1 (no Overwriting) Protection Level  1 is for copying data  Aim of protection level attribute to present the client from being overwritten intentionally or unintentionally by copying additional client dependent data from another client.2) Select [Change] button 3) Select [New Entry] Fill the following entries 1) Client No and Description 2) Select the client Role System Client Specific Objects DEV (Default Automatic Options) Recording of changes PRD No Changes Allowed (Scenario 1) QAS No Changes and Testing same Allowed setting as PRD (Scenario 2) QAS No Changes Allowed TRNG Changes w/o automatic recording. SNDB Changes w/o automatic recording. R/3 Repository Objects and Enterprise img  In table related with client information T000. Protection against SAP upgrade: Data in R/3 is of 2 types Client Dependent data: Example: Customizing. locking the entire client.  CATT scripts are only used in test systems as well as QAS systems.  Client present in non-IDES: 000. 17 .  This option provides access for testing of data using various testing tools. i. Application and User data Client Independent data: Example: ABAP Program. 001 and 066  Client present in IDES: 000. 001. 066 and 800 (Totally customized Client) Note: Option – “No Transport Allowed” deactivates CTS (Change Transport System) in client. “mandt” is a field in the table T000 that stores name/number of the client. CATT  CATT Stands for Computer Aided Test Tool  They generate test data that may be helpful for demonstration purpose.

 Client import post processing is always necessary and must be performed in the target client after import of transport request. This is how local client transport is done.e. Instead you can make a remote copy. Thus the client transport is done. Steps: 1) Login to target client and go to SCC9 2) Select the copy profile 3) Enter the RFC destination 4) Start the copy process Note: Transaction Code to create RFC destination is SM59 Transporting Clients between systems Note: You no longer required transporting clients before you can copy clients between systems. Note: Client Transport = Client Export + Client import Log onto target client go to SCC1. Either schedule it as a background job or start immediately. go to SE01 or SC09 and check for transport request crated. We use this option if we want to use the selected profile as default settings.  If you the expected output of the copy process is to copy only user data and profiles then we can run it online i.Local Client Copy Copying clients within the same system 1) Execute the transaction Code SCCL at the SAP command line 2) Select a copy profile that matches your requirement. then data is transferred directly via RFC Interface.  Output of export includes the names of transport requests that are to be imported as <SID>KO<no> Cross client Data <SID>KT<no> Client specific Data <SID>KK<no> Texts and Forms  Once we are done with export.  They overwrite the text in the target system. Post processing activities after client import 18 . Starting of copy process can be done in 2 ways. Note: Logon to source system in the source client with a user that has transport authorization. Never the less SAP continues to provide support for transport function. [Start Immediately]  In order to perform a client copy the most critical step in logging into target client and perform the above process. Click on [Choose] button 3) Save the profile value by choosing the button [Save Profile Value]. Copying Clients between Systems When a Client is copied from one system to another. Note: In a live environment we schedule it as a background job only.  During client transport all languages of source system are transported.  Data export is performed automatically asynchronously. whose language exists only in target system but not in source system Steps 1) Log onto source system SCC8 2) Select a copy profile 3) Select a target system client. 4) Enter the source client 5) Start the copy process. give the source client and transport request number and schedule it in the background. Therefore all text are lost in the target system.  Goto SCC7 to check the import Queue and verify the request number and export system and click on background job tab or start immediately.

Run log display to determine the name of last exit program that caused termination Client deletion:  Deletion of client using an R/3 script in not advised by SAP Client deletion pre-work: 1) Ensure that there is no backup currently running for the system. where copy problems occurred and statistical info.  If the restarted process fails. Note: Do not delete None System log message “SYN MC Maintenance deactivated Fully” or “Buffer TABL/TABLP Reset” Termination in exit program after runtime of several hours (ABAP runtime error log = ABAP Dump) These messages document special function that is used to improve performance and guarantee consistency. position your cursor on appropriate run and then select the [Choose] button. the system automatically proposes restart mode with the same parameter settings used for the copy that caused the termination. Tables.Use the following menu for post processing activities. Error handling in client copy and transport Error Cause Solution Remarks Write Error target Client in Usually a table space overflow problem.  To view further details choose [Details] button. Check system log to determine the name of table space. Error has caused the termination. Client copy program has not terminated but an appl. Tools -> Administration -> Client Admin -> Client Transport -> Post Processing Import Note: We can use this option to transport customizing changes to the target client. Restarting Client Copy  If the process terminates for some technical reasons like database shutdown. User.  The system displays the list with the info Copy Type. Displaying Client Logs  Goto SCC3 to check for the logs  To display the detail log for a run. Depending on data involved and system configuration the most likely errors are given below with corrections. the log displays a special note indicating possible reasons for the error. Profile. Status. a) Log on to the system at OS level b) Go to cd /oracle/sid/sapbackup type 19 . that have been made in the source client after the client copy.  If you start a client copy or a client transport. Extend table space and repeat entire copy process. Error Handling Client copies usually involve large volumes of data which places strain on CPU and storage resources of a machine. and the previous process terminated prematurely. you can always restart the process from the point of termination.

Choose option f. when message instance started is received check the instance is running or not by typing ps –ef | grep dw and looking for SID that we have just restarted c) Remove the system message if it is still valid 4) This step will be followed only UNIX OS only. 3) Turning archive off: a) First if there are any used currently logged on to the system. Enter SAPDBA-U/ VII. If the written code listed is the backup is still running and you will need to wait till it ends. In unix type the command sesu_<SID>adm II. check the system is down or not by typing ps –ef |grep dw. if there are any process running that particular process ID needs to be stopped IV. 2) Ensure that any scheduled backup for the target system is held while archiving is turned off. Enter ‘kill <PID> -9 5) Since client-deleting process involves five processes. and important step before starting any process is to check that these are enough batch process available in order to carry out my work. A consequence of shutting down SAP is interrupting of SMTP mail process within UNIX you must manually restart the process I. Enter start SAP R#. By default archiving should be on. When you receive a message instance stopped. Check if the process are still running by issuing a command ps –ef |grep ml. III. The archive mode menu should now show that database log mode is off XII. Type stopsap R3 III. AL08. There should be no entries visible for SID you have just stopped. a) Enter SM50 and check these are at least 5 batch process available (Note: see that equal no of dialog process are also available) b) If they are not enough batch process available the operation modes will need to be switched. Exit SAPDBA XIII. this will display the last l lines of backup log. 20 . After a few movements reply or type y once again to startup the instance XI. Exit from SID adm V. IV. Select the create option and enter the message into dialog box displayed III. Go to SM02 II. Type y to the message instance will be bounced and shutdown immediately” X. Type sesu_oracle<SID> VI.archive mode VIII. issue a system message that the system will be used in a few moments I.<SID>adm (Status of the system) II. Exit from ora<SID> in order to restart SAP ensure that you are in SID adm mode. the last line will display the latest backup.tail back*. Select option A (toggle database log mode) IX. XIV. Sesu. mail server. Go to cd /sapmnt/<SID>/exe. Set the expiration date and select save button These are steps to create system message b) To turnoff archiving first shutdown SAP I.

SAP authorization concept only specifies whether a user can call external program or not.e. Background JOB Administration: 1. a command or a program outside a SAP system. certain external commands can only be processed by particular users in the system. Start criteria for background job: A job can be triggered by the following options 1) By scheduling a job on a particular data at a particular time. 4) An external command is any OS command. i.c) Enter Trans-Code RZ04. Ex: time control scheduling 2) By the occurrence of a particular event defined in the sap system (event based scheduling) 21 . Background processing is used not only for long running tasks but also for recurring tasks Ex: daily database backup or financial accounting status A background jobs consist of one or more steps a) An abap program b) An external command c) An external program Note: every job is processed without interruption by one single background work process. you can create the input required in the form of a variant. double click on current operation mode and increases the batch processor assigned to that operation mode d) Manually switch the operation modes using RZ03 e) To check if the operation mode successfully changed go to SM50 and count no of batch work process 6) This step is to prepare the user for the deletion process a) First login to target client for the deletion process b) Go to SCC5 c) Specify whether you want to delete the client and also select T000 and execute the process at background ***NOTE: selecting option T000 will not only delete the client locally but also remove the entire physically from T000 table. Class C normal priority Note: we must ensure that large share of all background tasks are normally scheduled as class C without target server specification (90% task) Ex: task scheduled using transaction DB13 A step within a job can call one of the three actions 1) Every ABAP program can be scheduled as a step of a job if the abap program has one or more selection screen. Class B medium priority III. We mainly use background work process for long running task called batch work processors 2. 3) The execution of external command Is protected using SAP authorization. With external commands we can mask OS calls and stored them in SAP system under a new name. 2) An external command is a call of a predefined script. Background job can be scheduled with different priorities I. Class A highest priority II.

which specifies the time period in which time dependent job scheduler is active rdisp/bcttime. We can create a new job by copying an existing job by choosing JOB-copy Time Based Scheduling There are three options to execute a job. Particular Date/Time 3. 1. A job scheduler has placed job in the wait queue for a free background work process 4) Active: the job is currently being executed and cannot be released or changed 5) Finished: All steps of the jobs are successfully completed 6) Canceled: the job is terminated reasons for this are I.  If the transport system is used there must be at least 2-background process. An administrator deliberately terminated the job in transaction code SM37 by choosing job _ cancel active job button II. The job has been define completely defined including the start condition II. On a particular work day (i. Here we can monitor different status of background jobs Status of Jobs 1) Schedule: The steps of job have already been defined however start condition must still been defined 2) Released: I.Scheduling and monitoring: use transaction SM36 to define new jobs • We can manually schedule the jobs as well as call the jobs wizard • Most of the case we schedule manually Required specifications for defining a job: 1) General specification such as job name job priority and target sever (optional) 2) Definition of one or more job steps 3) Definition of start conditions (time or event based) Q) Why it is not preferred to use job wizard? A) Unlike classical scheduling we cannot perform individual steps with different users. Immediately 2.  Execution of jobs with the start condition “Immediate” usually avoids the timebased scheduler.  The profile parameter to configure the background work process is rdisp/wp_no_btc  The number of background work process depends on the number of tasks to be performed in the background.  In this case the dialog work process of the user performs the job scheduling.  Default time for time dependent job scheduler us set to 60 seconds (rdisp/bcttime = 60) 22 . factory calendar)  A job scheduler in the background handles all time-based jobs. Only a relevant authorized user can release a job 3) Ready: the start condition of a released job has been fulfilled.  Profile parameters. A job step is terminated with an error. A job cannot be released without a start condition III.e. Note: we can change a job status as long a job still has the status scheduled or released III.

 System events are events predefined by SAP that you can neither modify nor trigger.  Jobs that are not assigned to any particular target server can be executed by any free background work processes. The reservation of work process for Class A jobs does not reserve any particular work process rather it ensures that a particular number of workprocess is always kept free.  All standard jobs that are defined in the table REORGJOBS.  To set number of reserved background workprocess for Class A. Outside SAP at OS Level. Using an ABAP program 3. you define an operation mode is RZ04 and maintain the workrocess allocation for this operation mode. The b/g processing system receives events and then starts all the jobs that are linked to this event. that automatically runs in a dialog work process. we have the option of reserving work process. 1. using the program “sapevt” which runs at OS level.  An application (Central instance) Server is specified for processing of event based jobs.  To define an additional standard job that is not yet available in the table REORGJOBS choose “Predefined New Jobs” Event Based Scheduling An event is a signal to the b/g processing system. Operation mode  Trans-Code to define a new event is SM62  When defining an event. Manually using SM64 2. SAP_MSSY2 (An automatic abap program). 23 . are scheduled with specified variant and period.  As a part of our monitoring we need to take care.  In SM36 we go to standard jobs.  Event based jobs can be scheduled with one of the following 3 start conditions. After Event 2.  If a job is scheduled on a particular target m/c it will run only based on the load of that machine. This means that workload is automatically distributed between the systems.Note: An ABAP program. that a particular status that has been achieved in the SAP system.  To schedule all default jobs. After Job 3.  For time based job scheduling we have a job-scheduling table in the DB.  To schedule individual jobs choose the particular job using SM36 and set the execution period.  Triggering events is done in various ways 1.  SAP strongly recommends not to reserve more than one bgwp for processing Class A jobs. The automatic selection option is being disabled in this case.  They mainly perform certain clean-up activity of a system such as deletion of obsolete spool requests. choose the “Default Scheduling” option. Reservation for Class A Jobs:  There are very few jobs which will be reserved of type Class A. the administrator differentiates between system and user events. Standard Jobs Standard jobs refer to background jobs that should run regularly in a production system. By doing so.

SU01 – Tcode to create users.  RFC connection should be bi-directional Configuring Printers in SAP Systems The way in which documents are created may be completely different.  This particular user shall have authorization for executing the jobs. RFC (Remote Function Call) It is call of a function module i.  To perform this action we should have the authorization S_BTCH_NAM. Enter a different user name if your job should not be performed using your own authorizations. to enter the names other than your names in the user field. 4) Queued RFC (QRFC) – QRFC is an extension of TRFC. we can assign each step of the job to a user.  Use the “System” user type when creating background users.e. the job will be executed using the current user in which I have logged in.  KeyOn is a 3rd party tool configured for single sign-on for SAP systems.  RFC is an SAP interface protocol i. It is possible to select a job group for a particular job. it is based on the common programming interface for communication (CPI-C) this means that ABAP functions can be called for external applications and tools. 2. is used for authorization check. TRFC ensures transaction like processing of steps that are originally defined. Note:  If the SNC is configured. however RFC are mostly used in calling different systems. we get a tab in SU01 – user administration. by default that name of logged on user.  You can also call a function module in the same system as a RFC. A job server group contains one or more instances with available bgwp.e. By default.  A dialog logon with this user is not possible. 3) Transactional RFC (TRFC) – A special form of ARFC.  If I define a job using job wizard. There are 2 options 1. RFC Destinations: 1) R/3 connection 2) Internal Connection 3) Logical destinations 4) SNA/CPI-C connections 5) TCP/IP 6) Connection using ABAP/4 drivers  Transaction code for RFC connections SM59 Types of RFC’s 1) Synchronous RFC (SRFC) – This is used for communication between different systems and between SAP WAS and SAP GUI. But the output on paper is always performed using same mechanism in two steps 1) A spool request is created 2) The spool request contains device independent print data and includes administrative info and the actual print data.  TCode to setup a job group SM61  Ttrans-Code to setup an extended job selection SM37c Background Users  With the definition of jobs in SM36. 2) Asynchronous RFC (ARFC) for communication between different systems and for parallel processing of selected tasks. It also ensures that individual steps are processed in sequence. 24 . running in different system to the calling program.

You can configure multiple spool work process for an SAP instance.  In Microsoft windows OS. Remote Printing: With remote printing.  Actual document content of a spooled request is stored in TemSe (Temporary sequential Objects)  We can define the storage location for TemSe objects using the profile parameter rspo/store_location  Spool requests are stored in DB table TST03. Create an Output Device Go to trans-code SPAD to create output device parameters to be given in SPAD  Output Devices  Devices/Servers 1) Output Device: Enter the name (Case Sensitive) of output device.3) Only when the spool request is to be output on a particular device. Windows = C Local Printing is the fastest and most reliable connection from SAP to OS. saplpd. max of 30 characters 2) Short Name: Can be generated automatically 3) Device Type: Printer model needs to be given.  We can specify the storage location for the output device using the Transaction Code SPAD. he has to choose “PRINT IMMEDIATELY” option. The access method for front-end printing is F. Device type “SWIN” is used for front-end printing.  Device independent print data from the spool request is converted to the printer language that the selected output device understands. This procedure allows the user to display spool request before output. Local Printing: The spool workprocess and the OS spool are running on the same host machine. Access Methods of Remote Printing: Unix = U and Windows = S as Well as U (Unix Berkeley Protocol) Front End Printing: We can connect output devices to our front-end machines. spool work process and OS system spooler are running on different hosts. 25 .  Since front-end printing requires a connection to the front-end PC. Note: 1) SICK (SAP Initial Consistency Check). If I want to install a new language use SMLT to configure new language setting. It’s the first Trans-Code used in post SAP installation. we cannot use background processing. is an output request created. transfer program receives the data stream and forwards it to the default printer. 2) SPRO (Customizing) Installation Of languages (SMLT) German and English are provided by default. Location = Room + Building where printer is located. Note: Default profile parameter related with languages is zcsa/installed_languages. Access Methods of Local Printing: Unix = L.  If the user wants to create a spool request and an output request at the same time.  We can specify max no of spool work process used for front end printing by the profile parameter rdisp/wp_no_fro_max (Default value is 1) Note: Front End printing is not suitable for production or mass printing.

spool server c. Page Format  This describes the format of printable page in the SAP system.Spool Server It is a SAP Application server with Spool work process or logical server name.  Character Set: Contains characters that can be an output to a device.  Print Control: This allows the control of display options of output devices. it uses the specification of device type. Device contribute step iii. This describes how output should appear on paper. such as font-size.  Format is a device specific implementation of a Format Type. Host only for local printing and is calculated automatically from the spool server. to get into a change mode ii. In select process by choosing Type = Spool and Status = Wait Q Can we change number of spool work process by operation mode switching? Ans) No. Only background and dialog work process can be modified. The user receives the message “No immediate Printing”. It represents the name of the host where OS system spooler is running. Select the change button i. Goto SPAD->device/server tab i.  Host Printer = Name of the printer at OS level (Case Sensitive) Note: The specification _DEFAULT is set for front-end printing. bold face. device type iv. Q) How to find which printer is defined at OS level of your server? Ans) Go to start -> Settings -> Printers (Revisit) Steps to create a local printer a. choose output device b. Destination Host: This is used only for remote printing. Device Type  SAP uses device type to format the output device printout.  This device type describes how print data should be formatted for a particular output device. Example: To perform an output on a page with letter format. Go to SM50 and count the number of work process with SPO Q How many spool processes are configured in out entire SAP system? Ans) SM66 and check for SPO work process. Accesses method-> host spool access method (c) host printer (name of the printer) the same.  When the spool work process generates an output request. Lock Printer in SAP system Output request for printers for which this indicator is selected are created but not transferred to the printer. Q How to make setting for an individual SAP user so that an output request is not created immediately for a spool request? Ans) SU3 go to Default tab and ensure that output immediately option is not checked. {Questions} Q How to identify how many spool work process are setup in a particular application server? Ans) Trans-Code SM51 and select the application server. Output a list: 26 . Q How to identify how many spool servers are available in your SAP system? Ans) SM51 or SM66 and check for application server with at least one spool workprocess.

Go to ‘SM51 and select the print option. it is rather part of network process that works with oracle.To create the suggest list go ‘SA38’ enter the report ‘RSPFPAR’ and execute it.e. i. * When an oracle instance starts a special process called listener.Shared global are allocated (SAG is allocated) .Database Overview . * In SAP dedicated server configuration is used. What happen when oracle instance is stored? .Oracle manages database data in logical units called table spaces. Enter the parameter ‘RSPO*’ and execute again. * In unix we can identify oracle process as individual system process * In windows these processes run as threads with one common oracle OS process i.e. for each work process we have dedicated server processor called as shadow processes.Backup Restore & Recovery . * The ratio of work process to shadow process is 1:1 * To handle database request for SAP uses a work process communicate with its core shadow process. .Monitor Cateradf Oracle database: is a collection of data stored in one or more data files on disks. Creating a remote printer: Procedure is same as local printer. * Listener process is not part of oracle instance. Creating front end printer: Go to SPAD. Table space: One or more data files.Oracle background processes are started. 27 . ‘Oracle. devices/server/page and choose output device Database . Instance: Set of oracle background process and memory buffers form an instance. process opens and establish communication between net weaver and oracle.exe’.

. * Redo events are stored in redo. * Current online redo log file. * Each committed transaction will have a system change number (SCN) stored in redo log file. * At every log switch oracle will increase the log sequence number.if the number of scanned buffers reaches a certain thresh hold.Current log sequence number * if physical structure of database is occurred then co.files in three locations during installation of SAP. * Sometimes oracle writes the least recently used data blocks in buffer cache. * SAP stores co. Q: what is the size of oracle data block? Ans: 8 KB (fixed size) * Oracle keeps most recently used data blocks in the database buffer cache. * Modified data blocks are call as Dirty blocks. . ‘LGWR’ is writing into is call active online redo logo file. These are four predefined collections of online redo log files. . * Scanning of the buffers is done by shadow process. * Oracle background process “log writer – LGWR” writes data in redo log buffer to online redo log files which are stored physically on disk. . * To accelerate read and write access data it is cached in database buffer cache in SGA * Shared pool divided into executable SQL statements which are stored in shared SQL area of the shadow pool. r Q: What are the conditions in which log writer writes redo log buffer data to online redo log files? Ans: There 4 conditions: .file available for writing. * Size of Oracle redo log file is 40MB (fixed number). * Circular buffers records all committed and un-committed changes made to the database.State of database .When transaction is committed.log files and performs roll forward recovery. * Redo log buffers is also called as circular buffer.When redo log is 1/3rd of full. * Oracle data dictionary is stored in row cache of shared pool. . * Shadow process never copies modified data into disk. * If database = open then co. . What are the entries in co files?.Names and location of data files and redo log files.files get updated automatically. * Changes are done in two ways: . * Redo changes = committed changes = new value = after images. write ahead logging. What are the situations in which DBWO writes dirty blocks to disks? .When DBWR is about to write modified buffers to disk and some of the corresponding redo records have not at been written to online redo log i. * Oracle shadow process records redo changes and stores in redo log buffer of SGA temporarily.* Database data is permanently stored in datafiles or disks.At a specific time that is when check point occurs.Roll forward changes. Control files This file is used to start and operate database.Roll backward changes. . 28 . * Undo entries stored in undo table space performs rollback.e. it is first copied by associated shadow process from disk to the database buffer cache in SGA.Table space information . It is recommended to store the files in three physically separated hard disk.Physical structure of database . * Coping data into disk is done by a special background process called as ‘DBWO’ (DW writer). * Undo changes = un committed changes = old value = before image.For every three seconds. * Data processing never takes place directly on disk.

stops shadow process and frees resources incase of a client process crash. Oracle Directory Structure in SAP In Unix all directories are present under one single tree.e. Check point Functions: * Checkpoint wakes up the database writer to copy all buffers that are dirty to the disk.ora /database (Unix) init<SID>.e. . “cofiles may grow by factor 10”. * Offline redo log files and data files should be on different disk. *If cleans up temporary segments that are no longer in use. • • 29 . . Oracle_SID = system ID for DB instance 2.. • Define redo log files: original arch. * If writers information about the check point position in online redo log files into the cofile. Database Recovery: * Online redo log files used for database recovery (instance recovery). * Archiving must be exclusively activated by tuning on archived log mode i. Hence online redo log files must be mirrored i. because they contain information about RMAN backup. *Online redo log fines are limited in size. * Less frequently the checkpoint occurs the longer is the time the instance need for recovery. where as in windows all directories are present under separate drive letters. its uncommitted data. Oracle_HOME = the directory for BR* tools. SAP DATA_HOME = the data file directory. the system performs automatic recovery. After restart. * It also updates header of all data files to record details of the check point.. They have 3 files inside the directories /database (Windows) init<SID>. 3. we need both a database backup and all redo log information written after the backup. This information is used during database recovery. SAP arch.. Note: All previous versions till oracle 8i has saparch directory.sap Spfile<SID>. a complete recovery is not possible. * Oracle it self mirrors online redo log files by default. * If online redo log files are lost during a crash. SAP trace = Alert <SID> log = SAP trace/background/user trace Data files = SAP data1 .. PMON (Process Monitoring) * This monitors shadow process.. * ‘RMAN’ for backups. * Archiving is take care by an oracle background process called as “ARCO” (archive) *Oracle cannot mirror offline redo log files. SMON (System Monitor) * SMON performs recovery at instance startup * It writers alert log information if any instance process fails.* Normally caches are small and don’t grow. and cannot grow automatically.ora (only from oracle 9i) • Online redo log file = original log and mirror log. SAP data <n> There are 3 environment variables on database server 1. * PMON roll backs.. hence we must use RAID. * Automatic instance recovery of online redo log files is possible. “LOG_ARCHIVE_START” is true. * Checkpoints occurs at log switch. two or more copies needs to be maintained. * To manually restore and recover data files which are missing.

Database Users: 1. where as <SAPSID> admin. <SAP service. • SYSOPER has all SYSDBA privileges except create DB and without ability to look at user data. • The privileges allow accesses to database instance even when database is not open. • ‘Listener_ora’ = contains all oracle system ID and protocol address. Default user used by SAP to connect to database is system. 4. SAP <SID> are SAP <SCHEMA_id> is created by SAP. • The location for data files and online redolog files is stored in database.ORA’ = Contains all the list of server names for all the databases that can be accessed in the network. • ‘TNSNAME. • OS files stored in ‘ORACLE_HOME’ directory. ‘ora_<SID>_OPER = db operate group Extra Groups: SAP_<SID>_Global Admin = SAP Global Admin Group. ie. • SAP workprocess at OS level connect oracle with the user name ‘SAP<SCHEMA_ID>. Note: Always assign database rates to users. Groups: 1. and SAP <SCHEMA_ID> Note: OPS$ is an user which is created by SAP and doesnot need a password. Data base rolls have privileges.The home directory for oracle is ORACLE_HOME The location for cofiles and offline redo logs is configured in the oracle profile init<SID>. where as OS group OPER will have restricted privileges. ‘ora_<SID>_dba’ = admin group 3.SAP<SID> created in windows system. • Control at this privileges is outside the database. SAPDBA are the two rolls. ‘BRCONNECT’ to change the password. • The Roll DBA has all admin privileges except the ‘SYS DBA’ and ‘SYS OPER’ system privileges Note: The privileges ‘SAPDAB’ provides accesses for administrating certain tables. 3. • • • Rolls: DBA. During installation oracle database. you will be promoted to enter the password for the user SYS. • Never change the password for ‘SAP SCHEMA_ID’. ‘ora_dba’ = Member of this groups can connect to oracle database as dba without a password. groups) Users: <SAP SID> Admin and ORAdb<SID> are the two users which are created in unix system. System. 2. SAP_<SID>_Local Admin = SAP Local Admin Group SAP_Local Admin = SAP local Admin Group • Operating System group DBA will have administrative privileges. ‘SYS’ and ‘SYSTEM’ are created by oracle. • The password for this user is stored in oracle system table ‘SAPUSER’ • Workprocess first connect to ‘OPS$ user and get the password for ‘SAP SCHEMA_ID’ from the table ‘SAP USER’.ora. 30 . DBA rolls is created by oracle SAP DBA rolls is created by SAP. • The oracle tool to ping is ‘TNSPING’ Oracle System Privileges • SYS DBA and SYSOPR are oracle system privileges. always use ‘BR*’ tools. Operating System Users and Groups (Start->programs->Admin tools-> Configure Management -> users. 2.

4. hence always use BR* tools. Admin = Detail Trace BR* Tools (Used for entire backup administration) • BR* tools is a package name which contain various tools. DB26: Database parameter overview with history. Oracle has one listener i. 12. Options: 1. RZ20 – DB Alert Monitor (Optional) 11. These background jobs look into table ‘SDBAC’ Q: Why do I need ‘SPFILE<SID>. 5. DB21: Configuration of Statistics 7.ora? Ans: From Oracle 9. DB14: To check the status and logs of all database operations. DB02: Table and index monitor 9. 8.ora is server side initialization parameter file (oracle database server) • Do not make parameter changes on oracle level. • The transaction code DB02 and ST04 still use ‘init<SID>. 3.e. DB13: Schedule backups and other administrative jobs. SPfile is created using SQL*plus ‘CREATE SPFILE’.ora’ even though I have ‘init<SID>.ora’ • SAP installation tool do not create SPfile. 2. ‘LSNRCTL’ Options: OS level : lnsnrctl_help OS level : lnsnrctl_status = oracle.ORA’ = Contains client side information. • These tools are divided into various ways based on their performance. • Once you connect a SYSDBA. User = Limited Trace 3. while calling ‘SQL* PLUS call the interactive program using the command ‘SQLPLUS/NO LOG’ • ‘SQLSTARPLUS by default connects to the db defined in enhancement oracle database.ora or ‘SPfile. .ora. Note: ‘DB13C’ : This is used to schedule backups and admin activities centrally for all SAP systems and database.7). Location of parameters and listener log files. • Changing the password for SAP user is done using ‘BR CONNECT’ Note: Passwords for DB user ‘SAP SCHEMA ID’ or ‘SAPR3’ should not be changed using oracle methods. • These are two modes while calling the various options in BR Tools. be called in main menu mode. because it monitors consistency by copying the contents in both files. (Less than 4. Db17: View and maintain check conditions for database system check. DB16: Overview of database system checks. Note: If you get an error message while calling BR tools then your version might be older. Off = Offered 2. ST04: Database performance monitor 10. • ‘BRSPACE’ and ‘BRRECOVER’ always make a ‘CONNECT/AS SYS DBA’. password. Database Transaction Codes: 1.Quick Mode BRConnect: is must. Note: ‘Listener_Ora = Listener tracing files. because if only changes parameter values in SPfile. 6. • SPfile is stored in ‘oracle_home’ directory same as ‘init<SID>_ora’. if you do not want to enter a user name.i ‘init<SID>. DB13 is used as an interface to schedule back ground jobs starting with DBA*. SPfile. DB20: Maintain Statistics. because their actions require SYSDBA privilege.Main Menu Mode .‘SQL NET. • • 31 .ora’ is replaced by ‘SPfile<SID>.

PMON ends all user sessions and performance roll back of any open transactions then only shutdown database. database is shutdown in a consistent state and does not need recovery at next restart. No mount = reads parameter files. Note: With all the above first three methods. (Q) If a file is missing from the chain of offline Redo log files. user trace which is located in ‘SAPDATA_NAME’ directory.log. Abort: no new connection and transactional allowed. database instance started and allocated memory buffers. All files are closed and database is dis mounted and instance is shutdown. • Background directory store alert log file. • Oracle info messages. background. dropping. • Do not use ‘BRCONNECT’ to start and shutdown database. then what we’ll do? (A) We have to perform a restore and recovery of Database. • No mount space is used for creation of database and for recreation of lost cofiles. Mount face: opens cofiles. 2. Normal: Oracle waits till all users are disconnected from the database. 32 . Users are disconnected and oracle processes are stopped. Open: opens all data files and online redo log files. 4. • Default mode for oracle shutdown is normal • Oracle commands shutdown immediate and shutdown abort stage oracle instance even if work process still has connections of database. (Q) Is Point in Time Recovery a standard Solution for logical errors in production system? (A) NO (Q) Where do we use the Point IN Time Recovery? (A) Point in Time is very critical in a system landscape with Data Dependencies between Systems. • Mount face is used for database recovery. 3. for removing and moving data file and also for adding. for changing archive log mode. No roll back of open transactions. instead use ‘BRSPACE’ because it tried logfile actions. (Q) What are the causes for logical errors related to Database? (A) (i) Manually deleting parts of Database objects such as Rows in a table. Whereas user directory store trace files written on behalf of shadow process. warnings and errors are logged in oracle dump files i. Immedaite: No new connections and transaction are allowed. (Q) How do we verify Consistency of Oracle Database? (A) By performing by a logical data check. Starting of Database 1. Alert_<SID>.e.• RZ20: Database alert monitor. 3. 2. Transactional: Oracle waits till all open transactional to finish and then it disconnects users and shutdown database. (ii) Manually dropping Database Objects. (iii) Manually dropping Application Objects. Recovery is performed using the method “Point In Time” by which all the Offline Redo log files older than the last one is used for recovery. renaming online redo log files. Start and Stop Commands BRSPACE_C FORCE_F dbstand_S <State> BRSPACE_C FORCE_F dbstand_S <State> Stopping of Database 1.

(Q) Why do we need to perform a logical check? (A) In order to verify corrupted Data blocks (Ora – 1578) (Q) Why do we need to perform a physical Data check? (A) To verify the tapes used for Database backup.After data backup an additional information . because it needs all oldest Backup Offline and Online recovery Processes. (Q) What are the tools used by Oracle Admin in an SAP System for Backups? (A) Database Backups = BRBACKUP Offline Redo log files = BRARCHIVE (Q) What are the occasions in which changes to Tile Structure of Database is made? (A) 1) When a Data file is added 2) When a Data file is moved to a Different Location.e. Complete Backup is again divided into 2 Types 1) Full Backup:. 3) When a Table Space and its Data files are reorganized. Incremental Backup is useless. Incremental Backup: i) This Backup Is used for taking needed Data blocks that have changed since the time of Full Backup. 2) Whole Backup:. i.Sum of individual partial Backups form an Entire Complete Backup. Catalog is Written into Cofile by Recovery Manager. ii) During Incremental Backup the amount of data to be backed up to get shorten and not for The Backup time. (ii) Perform additional Backups after each system upgrade and also if Database structure is Modified. (Q) If the Corresponding Full Backup is already overwritten and can I use Incremental Backup? (A) NO.It creates a Backup of all the data without the Catalog. 33 . (Q) What are the various Backup types? (A) There are 5 Backup types 1) Online Backup 2) Offline Backup 3) Complete Backup 4) Incremental Backup 5) Partial Backup Complete Backup: All the Data in the Database is backed up.Recovery Backup using partial Backup data is very much time consuming. *NOTE:. iii) During Incremental Backup is only based on previous Full Backup. *NOTE:. (Q) How often we perform Online Backup and Offline Backups? (A) Online Backup = Daily Offline Backup = Once in a Week (Q) How do we perform Backup of Offline Redo log files? (A)(i) Backup of every Offline Redo log files is taken TWICE on separate tapes before the files are deleted from Archive Directory. (Q) Can I perform a Backup of Individual data files using Incremental Backups? (A) NO Partial Backup: The backup of Database in smaller parts is called as Partial Backup.

(2) BRARCHIVE: Backup of Redo log files. Db Redolog files. we need a longer time to perform a recovery from media crash.(Q) What are the various Backup strategies used in SAP? (A) There are 3 Backup strategies in SAP i) Complete Backup:. Disks as well as Backups with Third party Tools. (2) Both BRBACKUP and BRARCHIVE supports Backup to Tapes. it calls BRRESTORE for restoration of missing Data and Offline redo log files.SAP) (A) Backup_mode = All(Whole) Full(full backup) Incremental Backup Partial(Table space name.Replace complete backup with partial Backups . copy (Copying files to disks) Cp is used in UNIX Copy is used in WINDOWS (G) Expire_period = (1)We have to specify the expiry period of a tape (2)Tape_use_count = Max number of times. (J) DD_Flags and DD_IN_FLAGS= Specify block ( Size of at least 64kb) Integration of Oracle Recovery Manager (RMAN) into SAP Tools: (1) RMAN is Default Oracle Backup and Restore Program (2) RMAN executables run in Client process and connection to Database (3) Backup with RMAN is done in 2 ways (i) RMAN classifies complete backup level 0 Backup (ii) Level 0 serves as basis for Level 1 (Incremental) (4) Backups performed without RMAN call CPIO or DD to save Database files to tape *NOTE: RMAN always writes the information in a separate file recovery catalog 34 . Restore Offline Redo Log files writte during and after this Backup. volumes can be written to tapes. TOOLS: (1) BRBACKUP: Backup of Oracle Data files .s) (B) Backup_type = Online and Offline Backup (C) Backup_dev_type = Tape or Disk or External Interface (D) Util_file = BACKINT(External Backup program through Interface BACKINT) (E) TAPE_COPY_CMD = CPIO or DD or RMAN(Copying files from Disk to Tapes) NOTE: DD = Raw devices are copied with this option CPIO = Directories are copied with this option The Profiles init<SID>. ii) Incremental Backup:. update them with restore from last Incremental Backup. Important Parameters for Configuration of BRBACKUP and BRARCHIVE(Init<SID>. Cofiles. NOTE: (1) Both BRBACKUP and BRARCHIVE records their actions in log files. (3) BRRESTORE: Restore all Db files and Offline Redo log files (4) BRRECOVER: Checks for Database for missing files . Dir path.Restore missing Database files from complete Backup. Oracle Software Directories and SAP System directories. (F) DISK_COPY_CMD = cp.sap and Summary and detail logs are copied with this CPIO.ora and init<SID.. File id. (H) Volume_Backup: Names of volumes used for backups(BRBACKUP) Volume_Archive: Names of volume used for backups of Offline redo log files(BRARCHIVE) (I)Tape_Address = Identifies device address of tapes. iii)Partial Backup:.Restore missing Data files from last Full Backup. BRRESTORE uses above logs for restoration of missing files.

the Volume is not locked at all and can be over written • If a lock occurs on a tape. (Q) Why do we need to perform a preparatory run? (A) If Backup with RMAN is supposed to form sets then we need to run Preparatory run. i.hdro) containing the tape name. TAPE MANAGEMENT: (1) Each and every tape used for Backup. It is recommended to perform preparatory run per one Backup cycle. The command to start the initialization is BRBACKUP or BRARCHIVE or – I/Initialize. (2) During tape Initializing SAP specific label is written on lable as First file (Tape. tailer and blocks of atleast one Database or one raw disk file to a file called SAVESETS (10) Using SAVESETS speeds up Backup Process. (Q) What are the contents of tape lable after a tape is Initialized? (A) (i) Tape Name (ii)Name of the Database (iii) Time stamp of last backup recorded on the tape (iv) Number of Backups performed with the tape Before writing data to tape if the lable is Red to check the following (i) Tape Name (ii) Tape Locked or Expired(Expire_period) (iii) No. of times the tape already been read(Tape_use_count) If Expiration_period = 0 days. II) Only used blocks are copied to Backup media III) Empty blocks used before are always backed up (Q) Is whole Backup can be consider as level 0 Backup? (A) Whole backup is not level 0 Backup and can’t be used as basis for Incremental Backup. it automatically expires at midnight. Preparatory run can be run from DB13 prepare for RMAN Backup.e. only estimates Compression rate of BRTOOLS to compress the files and to determine compressed and decompressed file sizes. (7) The Parameter to set the controls of copying data to Backup media to RMAN is TAPE_COPY_CMD or DISK_COPY_CMD= RMAN_DISK (RMAN Value) (8) Advantages of using RMAN: I) All blocks are checked for block corruption to ensure the consistency state. (9) RMAN writes Header. (3) BRTOOLS-> Backup-> Dbcopy-> Additional Functions-> Init of BRBACKUP tape Volume or Init of BRARCHIVE tape volumes. No Backup is created during preparation run. BRBACKUP and BRARCHIVE needs to be initialized. 35 . PREPARATORY RUN: Preparatory run is used to determine the optimal SAVESET distribution of data files we want to backup.(Q) Can RMAN recover the Database automatically without Recovery catalog? (A) NO (5) RMAN performs Backups directly to Disks and not to Tapes (6) RMAN uses Oracle shadow process to check for data block corruptions and filters those blocks and then writes used blocks to backup media.

log ANALYZING Database PROBLEMS: (1) Check Database alert log and trace files belonging to Bgprocess (SAP Trace/Background) (i) Check for status of Database = Available or NOT Available (ii) Check for Error = Media or User error (iii) Check for corrupted files and file types = Data. If the number of days passed since the tape was last used is less than value of parameter Expir_period. Verification of Archive log Backup (iv) The option USE_DBV(DBVERIFY=NO). Cofile. (ii) DB Block consistency: This checks the Database block by block using Oracle tool “DBVERIFY” to identify and restore from bad blocks. then the tape is physically locked. only tape is verified (If yes Tape verification + DB Block Consistancy Check) STATUS OF OFFLINE REDO LOG FILES: (1) During Backup to tape= ARCHIVE (2) First Status= SAVED SECOND STATUS=COPIED AFTER DELETION = DELETED During BACKUP TO Disk = DISK NOTE: All the above status are recorded in ARCH<SID>. (ii) Logical lock check: This value is derived from the time stamp written to tables SDBAH. (Q) How do we verify Backups? (A) Verification of backups is of 2 types (i) Tape Verification: The files are restored file by file and compared with original files to verify if the backup is redable. SDBAD (Q) What are the various tape selection processes? (A) (i) Auto tape selection BRBACKUP and BRARCH (ii) Manual selection by the Operator (iii)By external tool (Q) What is the option to select the tapes automatically by BRBACKUP and BRARCH? (A) Set the parameter Volume_Backup and Volume_archive to TAPE (Q) What is the command to check which tape will be automatically selected? (A) BR Backup | BRARCHIVE –Q | Query { check } (Q) How do we switch off automatic tape Management? (A) By setting up the parameter(Volume Backup and Volume Archive) to the value “SCRATCH” (Q) How do I turnoff the tape management performed by SAP tools? (A) Configure the parameter Backup_dev_type= UTIL_FILE OR UTIL_FILE_ONLINE and also configure BACKINT interface in init<SID>. PATH: BRTOOLSBackup & DBcopyVerification of DB Backup.sap NOTE: BackINT Interface program is only supported for external Backup. Online Redo log Files 36 .(Q) What are the methods used by BRBACKUP and BRARCHIVE to check tape locks? (A) There are 2 types of locks (i) Physical lock check: Physical lock check is done by checking tape label parameter Expir_period.

In Database instance shutdown main menu select option 1 shutdown DB. Note: if the users are logged in to the SAP system then I cannot use immediate. that is close mode(Default mode is immediate) f. it will shutdown the DB instance first and then starts the DB instance. (4) Save Offline Redo Log Files in ORARCH Directory using BRArchive only. Oracle has 4 segment types 37 . BR Tools: Login to ORA<SID> using putty Type BRTOOLS There are totally 9 option in BR tools Select Instant management. (5) To check the reliability of Backup strategy . it is option 1 b. each table space consists of one or more data files. Select option 1 and enter string value for ‘mode’ (Immediate| normal|transcations|abort). Once the DB is up and running always check the status before performing any action. Under options for shutting down the DB instance we have to choose option 1. Alter DB Instance (Switching off archive mode): Shut down SAP  Stop SAP [SID<adm>] Log on to ORA<SID> user and start BR tools In BR tools  Select option 1 (Instance Management) Start up database  Select option 1 Alter DB instance  Option 3 Enter ‘c’ to continue Enter ‘c’ to continue Select option 4 for set non archive mode Enter ‘c ‘to continue and select option 5 to show instance status Note: while switching to archive mode and non-archive mode. (Q) If SAP is running and I try to shutdown the DB using BR tools what will happen. In Database instance management select option 2 to shutdown the database. (7) If the list of RedoLog files after the last Database Backup is too long.(iv) Check if Software or Hardware Mirroring = Available or Not (2) Safest method is to perform a complete Offline Backup before the files are copied back in restore place using BR Backup or any Backup Tools. Oracle stores data in table spaces. transactional modes. (3) The above step is Very Important for Point In Time Recovery or for Database rest because these stratagies always involve Data loss. Table space administration: 1. (A) It will show an error showing that SAP instance is running. 2. e. c. Please showdown first or use force option. then perform a complete Database Backup. run regularly restoration report in SAP using DB12 (6) The above report is used to find out which backup to use for recovery as well as it displays information about last successful Backup. (Q) If SAP started and I am trying to switch to non-archive mode what will happen. Data files are plain files stored on local system 3. using abort mode will forcefully shutdown and will result to data loss hence never use this option so to be on the safest side always shutdown using normal mode. In each of these cases the time stamp is recorded that is data and time. (A) It through an error saying that SAP is running please shutdown the SAP first or force option and then continue. normal. Type ‘C’ and click enter to continue d.

a. There are two options for “COALEXE” extent. Data  This segment contains table data in rows b. To meet the demand of large DB. System  Oracle data dictionary PSAP ROLL  Roll back segment Note: From WAS 6. (Q) If table space is full then what are the possibility to extend the table spaces? (A) Option 1: Add another data file to table space 2: Existing data file can be manually resized 3: Properties of existing data file can be changed to auto extendable (Q) What id the formula to increase the data files size? (A) Data file size = Expected DB/100 (Q) How many number of data files will be there by default? (A) Default there are 100 data files (Q) Expected DB size and Data file size Expected DB Size Up to 200Gb 200 to 400Gb 400 to 800Gb Greater than 800Gb Data File Size 2Gb 4Gb 8Gb 60Gb (Q) What is the error related with table flow? (A) For table ORA1653. This index is used for faster access to table data and to enforce unique constrains. Index  Each table has one primary index and ‘n’ number of secondary indexes (optional). 5. If max extent is reaching it limits. The DBA must use “COALEXE” free extent into one large extent. d. then increase next extent. ORA1654 for indexes. When extents are dripped they are marked as free and their blocks can be used by new extents. 1. 38 . 3. DB designers creates partition tables and indexes. 2. An index segment in oracle DB used in SAP holds either all data for take that is not partitioned or all data for a partition of partitioned table. Temp Segment  This segment is used for sorts and to create indexes. Roll back/undo segment  this segment is used to provide read consistency that is ability to roll back changed to tables for recovery. c. Common table spaces: 1. PSAP TEMP  Temporary segment. (Q) What will happen if max extents are reached? (A) ORA1533 is the error forms extent reached. 4.1 version we have SAP undo as roll back segment. BRCONNECT –f check  COALEXE free extent automatically 2. BRSPACE –f check  COALEXE free extent use locally managed table spaces. but adjacent blocks are not combined.

File increment size in MB = [20] i. Log on to ORA<SID> and enter into BR tools. ORA1653  Table space full 39 . Last added file name b. Segment Sizes Next segment Size Max. File auto extend mode = YES g. This will list all table spaces and percentage used Example Table: “PSAPR3700” 8. Max file size in MB = [10000] h.old] Once co-file is created. SQL Command = [alter table space name] Note: the last added data file name and new file to be added will show the exact location where the data file is residing that is Oracle/<sid>/sapdata 1 to n/ 10. Extend table space (option 1) 7. Last added file size in MB c. Extent table space (option 1) 4. Select the table space that is ‘pos’ position 9. 14.of Extent Less than 1Mb 1 to 64Mb 64Mb to 1Gb Greater than 1Gb Less than 64Mb 1Mb 8Mb 64Mb 16 63 126 Unlimited Advantage of LMTS (locally managed table spaces) is “ORA1533” error eill no longer occur.news Top 10 Oracle errors: 1. Select ‘NO’ to continue with the current data file addition. Space management (option 2) 3. ORA1631 and ORA1632 Max extent full 2.no. Press ‘c’ to continue 13. Enter option 5 to change the size of new file in MB 12. Enter ‘c’ to continue 11. one successfully completed it switches to next online redo log file for database instance and finally creates a copy of co-file with new time stamp that is CMTRL<SID>.To solve above problem with extent we must use locally managed table spaces. New file to be added d. Increase the Table space: 1. extending of table space is done. Note: this action will update the time stamp in co-file that is. The only disadvantage of LMTS is. Raw disk/link target e. Enter ‘c’ to continue 5. Size of the new file in MB f. Enter ‘c’ to continue It will give “Table space extension main menu” Note: First use option 2 to show the table spaces and percentage full and make a note of a table space which is 80% and above fill and then add a data file as per the specification using the option 1 that is “extent table space”. always it checks for used and free space. Enter 2 to select above example table Note: options for extension of table space a. 2. 6. Select ‘YES’ to add a new data file to the current table or add new data file to a new table. it created a copy of co-file in the location /oracle/<SID>/SAPREORA|[CNTRL<SID>.

ORA1144  When back is shutdown immediately 6. User administration II. change. ORA600  Hardware Failure Note: option 4 and 5 are also called as missing end backup. password reset Note: user naming convention should be alpha numeric. delete. In Logon data UserType: By default Dialog A Note: • With user type Dialog we can login into SAP system • To create a user we need to maintain the validity of the user. In address tab only field we need to mention LAST NAME 3. The most common tickets 1. Role administration (role of a particular user) Create / Change / Delete }  Any one role has to be given to an user. First character should be there in the beginning. ORA1113  When backup is aborted 5. ORA1578  Data block corrupted 7. Enter the user and press create button. Changing Oracle Parameters Q) Create server parameter file from init<sid>. locking and unlocking accounts 3. Steps to create User Accounts 1.ora A)  Login to oracle user (ora<sid>) Security We have two parts of security I. lock/unlock and password reset. creation\deletion of user accounts 2. • For permanent user valid through 31-12-9999 and for Temp and Contract user validity through date will be given in the ticket. SOD: segregation of duty Time sheet Permanent user(X) Temporary user(Y) Contractor user(Z) Do Do Don’t Travel expenditure Do Don’t Don’t User administration (SU10) This is user for creation of user accounts and other functions besides creation. • Any request in security should have approval from a manager. 2. copy. ORA272 and ORA255  Archive struck 10. display. ORA1654  Index full 4.3. ORA1555  Buffer mode is OFF 9. 40 . ORA0255  Database struck 8.

Default Date Format: DD-MM-YYYY Spool Output Device…. To.System trace/authorization trace Basic Terminology of Authorization Overview of elements of SAP Authorization Concept User Role Authorization Profile Authorization 41 .Mass lock and unlock . Eg: ESS roles i. GROUPS Already maintained in Logon Data PERSONALIZATION Set of Transaction Codes to work LICENSE PFCG SU10 SE16 SUIM SU24 EWZ5 SU53 ST01 – User License – Roll administration . parameter values are assigned.. BSSR (Business Security Service Request) Default user group is SUPER. We can set the Role Validity from ….e related with Time sheets ROLES Is where we assign the roles. Note: Always assign the role first and not the profile. Every role by default has its own system defined profile. Based on the region or department we assign the user groups.Maintained authorization check . Default value is 31-12-9999 PROFILES Do not enter any profile directly instead it will be pulled automatically once it’s assigned in roles tab. By default it will be Empty Parameter: By default based on the roles. For example.• • By default approval comes in the form of an email in some cases a third party tool is used. It can contain an approval form.Mass user administration – Table view – User info management . Sample Ticket UID Mgr ID: UName Mgr Dept: Position Status Department SAP Requirements Default Values Default Language: ENG & GER Decimal Notation: Is divided as 2 parts 1) Germany 2) Rest of the world.Missing authorization error .

Note: A role describes activities of a user. Q) What are the total numbers of activities? A) As per 4. Role: Is generated using profile generator (PFCG) and allows automatic generation of an authorization profile. Authorization classes.7 total number of activities=168 01 – 99 = Activities A1 – VF = 69 STEPS to CREATE a ROLE (PFCG) Creation of parental Role: Any customized role should start with Z or Y. Enter a valid description. User / User Master Record: This is used for logging on to SAP system and grants restricted access to functions and object of SAP system based on SAP profiles. These roles are used as templates for creating customized roles. Note: Authorization and authorization profiles are customizing objects. If at all you want to. Authorization Field: Smallest unit against which a check should run. Q) Is a role without Auth-profile considered as complete or not? A) No Q) What are the types of roles? A) Roles are 2 types 1) Parental Role 2) Derived / Base Role Q) What is the relationship between parent and derived roles? A) In Parent role we maintain the list of Transaction Codes whereas in derived role we assign the parent role name so that an inheritance hierarchy is being maintained and hence the transactions are automatically pulled into derived roles. Enter the role name and select role name button. Authorization Profile: Contains instances (Auth) for different Auth objects. Always generate derived roles and maintain the field values as well as organizational values in derived values only. then first make a copy of pre-defined role and then add the user to the role. Q) Can we assign pre-defined roles to a user? If so. Q) Where do all possible activities are stored? A) In the table TACT Q) Where do valid activities for each authorization Objects are stored? A) In the table TACTZ Q) How do I identify pre-defined roles and what is their use? A) Pre-defined roles begin with the prefix “SAP_”. Go to Menu tab to add the transactions Click on Save Select add transaction Note: Default transaction to be added for every user of SAP SU53 Assign Transaction and Save the Role 42 . how? A) No.e. Authorization: An instance of an authorization object i. a combination of allowed values for each Authorization field of an Authorization object. objects and fields are development objects. never assign a role to a user.Authorization Object Authorization Object Class Authorization Object Class: Logical grouping of authorization objects Authorization Object: Group of 1-10 authorization fields together form an object. Note: As per SAP recommendations never generate a Parent Role.

The developed changes are then transported to quality and get tested and approved in Quality and then only moved to production.e. then automatically the status is changed from standard to changed. report. Deletion 2) Relationship between Parent and Derived role is 1:n 3) First time creation of role. whenever we try to add a new value and generate. warehouse. i. if any functional related Transactions are added in a role. List of Tabs:Manually: Adding authorization objects manually to a role. the fields in which the values are not maintained (Represented by color yellow) Changed: To view the changed authorization objects. an empty field appears i. Note: All roles will be created in development system. Maintained: It will show the fields of the authorization objects for which the missing values are maintained.e. 3) Make the changes only in the copied one. Go to Authorization tab to generate the derived role. Note: 1) Always maintain a value in the open field 2) If any standard value is changed. Note: 43 . Q) Why should we not add organizational values directly in a role without using org levels button? A) Value maintenance using directly no longer changes values i. 2) First time while creation of a new role. Rules to be followed in editing the standard Objects: 1) Copy the standard object 2) Inactivate the standard. Any modifications will be done in Dev system only. i. when adjusting derived roles authorization value is overwritten. the first one. Hierarchy in a Role:Role Name: Blue Class = Orange Auth Object = Green Authorization = Yellow Fields = White Q) What is the default authorization object which is used to check for any role? A) S_TCODE Note: 1) We cannot edit S_TCODE object in a Role. always go to export mode. comp code and call center.Creation of Child / Derived Role: Select the derived role name and Under Transaction Inheritance in Derive from Role and Click on “Yes” Note: 1) In derive role we can’t make any changes under menu tab. Open: To view all open fields. Organization Levels: This field is used to maintain organizational hierarchy like Plant. The only way to add a transaction code is in parent role. 3) Red color indicates missing organizational values 4) Yellow indicates missing field values and not organizational values.e. and then we have to maintain organization level in a popup. 3) By default all the auth objects the type will be standard. Eg: Adding transaction.e. 4) Always maintain the organization values using organizational levels button only.

Authorization Troubleshooting for a User Whenever a user tries to execute a Transaction which is not assigned or tries to perform an activity which is not defined for existing Transaction.1) Once we make changes in the copied one.e. In such a case ask the user for SU53 screenshot for any authorization issues. the status changed to maintained. meaning that the authorization profile the user master record always have the most up to date in the morning. in this way we can manually process errors that have occurred. 5) If we choose edit old status then it will not reflect in any open fields even though they are present. Go to Authorization Object 1 from SU53 screenshot and select entry values button Enter the values as per SU53 under the authorization Object and select Execute button. 9) In order to refresh user buffer with new values we have to always go for user compare. 6) Never try to select delete and recreate profile. now he is trying to create for plant 0001 and he got the error no authorization to the plant 0001. in order to avoid the duplication of fields we need to follow the above rule/procedure. SUIM  Go to Roles  Roles by complex selection criteria and deselect the user. a new open field appears. always choose maintenance as read old status and merge with the new data. Go to Find Button (Cntrl +F) Enter the authorization object in authorization field and clicks enter on Find Object. 2) If we do not follow the above steps. Hence. 4) Whenever we generate a derived role. Once you receive the screenshot Go to SUIM In SUIM check the roles which are having access to plant 0001. we have to generate all the child roles under the parent role. Go to Utilities and select Technical names on Second Method of Role Maintenance 44 . 3) If we make any changes to a parent role like add. Compare User Master Record: Comparing user master record can be done in 2 ways 1) A default background job i. then the user gets “Not Authorized To” error. SU53 Analysis SU53 has 2 parts 1) Authorization check failed: It captures actual cause of the error. Double click on the role on which we want to assign. delete or Transaction Code. 2) Users authorization data: It captures the existing access to the users Note: In order to check SU53 analyses of other users go to SU53. 2) Using transaction pfud (User master record reconciliation). click on display for different users authorization object. Go to Authorization tab  Select Display authorization data. It will automatically take us to PFCG transaction. As an admin. Solution: Request for SU53 screenshot. we should regularly execute this transaction. Report called “pfcg_time_dependency” is executed before start of the business day. then during the regeneration of a role next time. Analysis using SUIM Scenario 1: User is having access to plant 1000 in MM01. but after mid night. 7) Once the role is generated then we have to assign the role to a user using SU01 (or) Add a user to a role using PFCG  User tab 8) Always assign only derived roles to a user whenever add a user in a Role always compare with user compare.

the same role has to be deleted in prod because these roles are finally used by the users in prod box only. 2) Changes done using SU24 is of type work bench 3) Changes using PFCG is type customizing. select all and copy Come back to multiple role selection and select upload from click board button Select check entries button And select copy button & select execute button. Q) Why do I need to add a role to transport? A) All the changes to the roles are done in development box and move to production. Assignments of users to a role are done only in production box. Go to SUIM  Change docs for user  Enter the user name and execute Note: Locks are of 2 types 1) Locked due to incorrect log on 2) Locked by admin 45 . Keep the role in a transport by selecting transport role button. Note: The generation of child roles/derived is always done from the parent role. deleted as well as password reset and user lock/unlock information. Besides this we can track info regarding the roles like when the roles are added and deleted and who has performed this action/date of action. Make changes in parent role Generate Parent Finally generate derived roles button (or) select Auth  Just Derived  Generate derived roles This will generate automatically all the derived roles from the parent role. Note: In this method org values cannot be maintained using parent role. Scenario 1: Q) Unlock a user or track why the user is being locked? A) Go to SU01 Enter the user ID  Log on data and check the user is locked. Process: Go to Authorization Edit Read old/merge with data. Hence the deleted role needs to be transported. If I delete a role in dev box. Mass Generation of Derived Roles: Copy all the derived roles into a notepad Goto PFCG  Go to utilities  Select mass generation  In mass generation screen Select all roles under presentation Select Display data when created and changed Click on Role  Multiple Selection Note: Go to notepad. we have to individually maintain org values in the derived roles. Go to PFCG select the role to be deleted. Note: 1) In choose objects options never check user assignment. 2) Create child roles and assign the parent and generate the child nodes. SUIM change documents:For users:1) In order to find when the user is created.1) Create a parent role and Add Transaction codes in menu tabs and generate the role. Deletion of a Role:Before deletion of any role first add to a role to transport and proceed with deletion.

As part of our daily activities we might receive the tasks as follows 1) Changes in form of tickets. Scenario 2: Mass user locking during upgrade: 1) Go to SU01. b) Rectification of changes is done again in development. 8) Once changes are in production. Process steps followed in security . the CR owner or the end user tests and confirms the final status. copy/paste the users and select the lock Note: In SU10 we cannot set the password for all the users Reference User is for internet purpose. Resolution Time: This is the time in which we have to solve the issue. then we need to contact the admin for the reason for locking hence never unlock directly. Based on the priority there will be response time and resolution time for each request. If lock is due to incorrect logon then go to SU01. Note: Assignment of reference user Go to SU01  Under roles tab  ref user for additional rights where we enter ref username. 6) Once testing is completed in QAS the CR Owner will send an approval regarding the test results a) If test results are positive then move to PR13 else rectify the changes needed.e. chatting tool or phone.e. select * under user column 2) This will give entire list of user in my system 3) Copy the usernames in a notepad 4) Got to SU10. SLA Priority 0 1 2 3 Type Very Critical High Medium Low Response Time 10 min 30 min 60 min 4 hrs Resolution Time 30 min 1 day 4 days ---- Note: Response time is time in which we acknowledge the user request. (Various 3rd party tools are available) 2) Changes in form of CR Each ticket has its own priority i. 7) Based on approval.e 2nd approval in PRD then we can close the CR. Select the user and press unlock button. Note: By default the status of any ticket is in Open status 46 . 9) Once we get the final confirmation i. SLA. i. we move the changes to production.Requests coming in form of CR / Templates 1) Request comes in form of Approved CR form (Unique ID = CR Name) 2) Login to DEV and perform the action as per CR form requirement 3) Put the completed task in DEV under a TP ( CUST/WORKBENCH) 4) Transport / Move the TP to QAS for testing 5) Create a test id in QAS with the above changes and send the test id details to the CR Owner.If the lock is of type Admin lock. once a ticket comes into our queue the first major priority is to accept the ticket on our name. c) The rectified change has to be kept in a new TP with description of above CR Name and moved to QAS. once this is done we have to send an acknowledgement to the user informing that someone is working on this issue via email.

creation of totally new roles. we have 4 quarterly releases in a year.e. In order to indentify the various defects and conflicts in roles and between transactions we use various SOD (Segregation of duty) tools like VIRSA.e. during this period all the POS (Purchase Orders) or any items coming into owners inbox will go to the delegators inbox. During this release different people i. based on the ticketing request raised by the user using the ticketing tool we decide whether we need to create a defect CR. but it was lost due to some reason and we investigate and find out that these changes have to be there for users. Ex: MM01 x MM02 1) Create X Change 2) Change X Delete 3) Create X Delete Note: Default access is Display HR Security Activities There are two types of HR security Activity 1) Delegation of Authority 2) Structural Authorizations Delegation of Authority:. 5) Hold + Waiting due to user unavailability i. Types of CR ( Change Requests) Work bench / Customizing 1) New functionality CR: This CR carries new functionality changes which are done for the first time i. The process of identifying the defects or conflicts among the existing transactions and rectifying them as mitigation.Stages of ticket: 1) Open 2) Working / In-progress + Assigned to our Name + Inform the user + Copy the comments in the tool under notes column.e.e. Note: The delegator can delegate the access only to a person to a same hierarchy or higher hierarchy.e. 4) Waiting + Needed some inputs from the user to solve the issue + inform the user + Copy the comments in the tool under notes column.Is a process by which a delegate delegates/assigns his/her access to a delegator for certain period of time i. Eg: Some access is already there for a user.e. modification of roles and deletion of roles. i.e. technical + functional consultants + security administrators get involve and analyze various roles based on the inputs provided by the auditors This is where SOX policies come into play. Items not appearing in the inbox 47 . The only issues which we get here is the problem with workflow. BIZRights. (Or) If the user wishes to cancel his /her request then copy the confirmation under the notes and select cancel button. 2) Operational CR: This CR carries the changes which are done on a day to day basis i. 3) Closed + Issue Resolved + Inform the user + communicate + Copy the comments in the tool under notes column. To rectify a defect CR CR forms are created based on the quarterly release i.e. In this scenario we raise a defect CR. user has gone for vacation + Copy the auto response regarding user unavailability and paste the notes 6) Cancelled: If there are duplications or same request being raised then we can cancel one of the requests by mentioning the previous request no under the notes column. 3) Defect CR: This comes in form of ticketing request i.

enter New Role Name. display HR master data Enter the personal details Select the organization assignment and period today Output will be position number or personal number Copy Position No. Steps Related with Assignment of HR Roles i. Before we provide the approval access we have to identify that particular person having an access or not. holders are assigned to position and not to jobs Whenever we create an organization unit structure we have to create first the root. go to PA20. organization unit and then only create additional lower level organization units.An item appearing in inbox even after the period is expired Don’t have access to approve the POS appearing in the inbox.mgt. enter the delegates User ID and Press Enter • Make changes in dates Valid From to Valid To Select Save Button Structural Authorization: Is a concept under HR security using which we assign roles to user based on this organization object. If he’s having an access then keep on email notifying him that as per the security policy any user can have either create/approve access and not both. Structure of organization management: 1) Organization Unit 2) Position 3) Job 4) Task = Description of an activity i. in maintenance Go to  settings  Complete View (Org management and Workflow) Create role Authorization Go to User Tab  Select org. 2) Composition Roles 48 . 2) Select inheritance hierarchy. Special PFCG Roles: 1) Customizing roles: We can assign projects/views of the implementation guide (IM) to this role. Go to PO13 (Maintain Position) Paste under position number Under Infotype (Select Name and Relationships) Under Time period select All and Press Overview button Select the Row where the object type=P and End date = 31-12-9999 and Press Copy button Under related object change the type of related Object from person to user Under ID of related Object. i. Here we assign any roles to positions and not to user. The users are called as Holders.e. i. Go to PFCG. performed within organization units. Steps related with delegation of Authority 1) Log into HR box. The first two problems are rectified by workflow administrator.e. Button Choose create assignment button Select the job [Object Type] After completion select user comparison. The last issue is related with the approve access. Structural Assign 1) Go to PFCG select over all under view.e.e.

Installation and Upgrade The basic profile parameter Auth_no_check_in_some_cases=Y has to be set if we want to user profile generator (PFCG). When it is assigned to the user. that control the behavior of profile generator after the trans has been selected. we are no longer possible manually assign transaction to roles This means that the role can only be used for generating and assigning customized authorizations. It will automatically prompt us to place a request under a transport.e. Note:Under check indicator column if no check is there. Go to own request select the transport of type work bench. Table USOBT_C defines for each transaction and each authorization object. Q) Where do the default value in a Role comes from i. Select the object and click on change button. Select the particular authorization object. once implementation is completed normally we delete this. Modifying values in SU24. we should maintain end date for the role. Go to SU24. Note: Any workbench changes in security are done in SU24. During implementation we use transaction SU25 for security related settings besides this we also use SU24. activities under auth object? A) Tables USOBX_C and USOBT_C are the tables. These tables are filled with default values and used for Initial fill of custom tables. select Cust_Authorization Select Add Tab Img Project / Img Project view Select the customized object based on our requirement Continue. Table USOBX_C table defines which auth are to be performed in a transaction and which should not be. which we want to modify. 49 . SAP delivers tables USOBX_C and USOBT_C. These roles are used only during implementation period.If the transaction request number is created by another team member then go to Other requests button and enter the user ID Output = All the requests created using the user id will be displayed. which default values and authorization created from the auth. Select the object again and change field values. If a project/Project view has been assigned to view.Steps:Go to PFCG  Menu  Go to Utilities. Note:. Note:Any role to which transactions have been manually assigned. After the initial we can modify the custom tables. enter the transaction code and select execute. Go to proposal column and select “YES”. After changes in particular field select save. Object should have in the profile generator. then select the auth object and check indicator.

The main purpose of this transaction code is to move the default changes which are maintained in the current version to new version. go to properties network and check the secure network settings and enter the SNC string. Select the button change owner and go to SC01 to release the request. change the start up type of the service from manual to automatic NT LM support provides. We need to go to SU01 and check allow access for the string. comparing by tables USOBX_C. Steps to configure SSO 1) Go to OS services. Versions are 2 types 1) Version in which no PFCG tool 2) Version in which PFCG tool.6 B) Upgrade Scenario 1: Release without PFCG tool: Always use step 6 in SU25 to convert manually created profiles and authorizations into roles Scenario 2: Versions with PFCG 1) Execute the profile generator with comparison with SAP values i. Single Sign-On (SSO) SAP GUI 3rd Party Tool (Keon) HR Secure UID HR Unsecure PIN FI Secure PWD FI Unsecure SU01 (SNC)tab What is single sign-on? 1) Single sign-on. Q) How do I deactivate authorization object globally? A) Go to SU25 select step 5 deactivate authorization globally.Profile generator for upgrade and first installation. This transaction code is used only during implementation and during an upgrade. through which we create credential. 4) Edit the central instance profile and set the toll parameters /SNC/Data_protection/max = 1 /SNC/Data_protection/min = 1 /SNC/Data_protection/use = 1 /SNC/enable = 1 /SNC/GSSapp_lib=C:\usr\SAP\SID\SYS\EXE\run\GSSNTLM /SNC/Identity/as = P:/SID/sap service <SID> /SNC/Accept_Insecure_CPIC=1 /SNC/Accept_Insecure_GUI=1 /SNC/Accept_Insecure_RFC=1 50 . /usr/SAP/SID/SYS/exe/run 3) Set the environment variable snc_lib to the location of the library.e. select one server. later on logon to SAP without entering any credentials. 2) We can even logon through internet using SSO. 3) SSO is represented in form of SNC (Secured Network Connection) string for the SNC String to be activated we need to configure certain DLL files at OS files. (4. 2) Copy the GSSNTLM. select service NTLM security provider.e. SU25:.Select the Workbench request based. 2) Add affected transactions 3) Update the existing roles with new authorization values 4) Display all values for where changed transaction codes Note: Do not execute step 1 (Initially customer table) Step 3: Once the above steps are done transport these changes using step 3. i. 4) Once we confirm DLL files then we need to go to SAPGUI.DDL file to the dir on our central instance. Third party tool Eg: Keon. USOBT_C tables.

choose SNC user uppercase to enter the name of windows user i. to assign to sap system user P:\<Domain Name>\<User Name> and select insecure communication permitted and save our entries. 51 .6 B 4. Steps to Configure CUA CUA works with RFC’s steps to config CUA. 9) User transaction SCUG in central system to perform the synchronization activities between the central and child system. 7) Save the entries 8) Once we expand test for individual systems we normally see the message for each system.e. ALE distribution was saved.Derived Activity Group Derived Role GAG – Global Activity Group Parent Role Q) If all the users are locked mistakenly. Central User Administration Administering users centrally from one central system SAP System CUA works with RFC’s. 4) Create RFCS to child systems from central and central to child using SM59 5) Log on to central system using SCUA to config CUA (Central User Admin) 6) Enter the model view and enter all child system RFC’s Note: RFC naming convention must be same as central sys naming convention of logical system. 1) Create logical systems to all the clients (using BD54/SALE) 2) Attach logical system to clients using SCC4 3) Create user CUA_SID in central system with 3 roles and create user CUA_SID_CLIENT <number>/name in child system with 2 roles.USR02 where bname=’SAP*’. Security Extension Classes Conducted on Saturday (Dec 1st 2007) In SAP the nomenclature for roles are version 4. Note: If any problem messages refer to sap note 333441 in market place. central user admin activated and then comparison was started and should be in green.6 C DAG . how do we connect to SAP system? A) Follow the steps Step 1) Go to OS level and execute the following SQL scripts after connecting to Oracle DB Select * from <Application Server name>. 10) Use transaction SUCOMP to administer company address data./SNC/Permit_Insecure_start=1 /SNC/Permit_Insecure_comm=1 Preparing SAP GUI for single Sign on In SAP logon window choose edit advance/network Advance secure network communication P:\<Domain Name>\sap service <SID> Mapping sap system users to windows users for single sign-on Go to SU01.

Eg: Time sheet filling. AF 3) Every user who access portal must have one global role and ‘n’ of local roles. 1) Accessing portal using an URL 2) Accessing portal using Active Directory Service Note: 1) Any portal URL. Problems in Portal Problem 1) Global page missing Solution: Check in Active Directory whether the user is been correctly added under the role which is considered as global Note: In active directory services we have 2 types of roles 1) Global roles  Provide access for an user to login to portal i. assigned to a user Problem 3) User reports “He us able to access other global screens instead of his own screen” Solution: Find which global screens user is able to access. users need to enter travel expenses and file their timesheets using portal. Step 2) Then Login using SAP* user Step 3) Go to EWZ5 or SU10 transaction code and unlock all the users. for the initial screen to appear. Instead of logging into SAP system we use the portal screens from which the user provide the inputs and gets automatically saved in SAP DB.Delete from <Application Server name>. travel expenses. In Portal administration there are two ways of maintaining users and roles information. If it is added then remove the user ID and add the user ID to the correct global role and inform the user to restart his system in order to access new changes. 4) Some portal screens will be integrated with SAP system i.USR02 where bname=’SAP*’. Note: 52 . Portal Security All security related activities like Creation of User accounts and Creation of roles which are normally performed using SU01 and PFCG can be done using portal.e. For example: Africa. Local roles are categorized based on the location the user is situated.e. 2) Local Roles  Provide access for certain T – Codes or activities which the user needs to perform. Killing SAP* will automatically recreate a user master record in USR02 table. Eg: Country Wise IN.e. These roles provide access to users to display the screens as well as store the information in DB. Europe etc. Note: USR02 is a table in which all user master records are stored. PROS. Go to AD service and then to particular global role. Edit the role and check if the user ID is been added to that particular role. They are classified based on region the user belongs to. 2) For portal we need J2EE engine to be installed and no need of ABAP engine to run. Problem 2) User reports “Not able to access ESS” Solution: Check the global role Check the exact local role. USA. then separate roles are provided which are related with portal. the ports will be in the 50000 series. 3) All roles are configured in active directory service which are related with only portal i.

 This procedure is distributing the roles between source and target using RFC connections  If a role is being distributed to a target system only the structure is being copied and not authorizations. 4) SU3 is the transaction code for maintaining user own data. a profile indicates a unique identifier generated by system to identify a role. 11) All roles are of type Basic maintenance only whereas HR related roles and work flow related roles are of type complete view.e. it has to be added to a transport because these actions are performed in DEV system. immediately after executing SICK transaction. PRD. 3) The upgrade of SAP system from non-unicode to Unicode is possible whereas the other way is not. 2) One of the systems has to be configured as transport domain controller.e. 13) Profile names come by default if it has to be changed then it has to start with Z. 8) Notation for parent role is Z> and for Child / Derived Role it is Z: 9) Any role starting with SAP_ or SAP defined roles. All character sets of these languages are embedded in the software. creates. Red  No organization values b. generate and delete. Yellow  Some field values are missing. 7) In PFCG transaction code. T-code is used for running CATT scripts. an RFC connection needs to be created between source and target system. hence if we want to use any SAP role first copy a role to a customized role and generate it. This is similar to assigning users in SAP using PFCG (Direct assignment) and SU01 (Indirect Assignment).e. This configuration is done as a part of implementation i. 14) Color indications in authorizations a. 2) Unicode in SAP supports 13 languages. 5) SCAT. i. they should not be generated instead they are used as Templates. 10) SAP_ roles are used mainly during implementation. Green  All fields have values c. Hence we need to maintain the authorization for a role in the target system. 3) The transaction to configure transport management. DEV. Q) What is a transport group? 53 . By default the roles are of type basic maintenance.1) Assigning users using AD service is considered as a direct assignment where as assigning users using portal is considered as indirect assignment. Role Distribution Distribution of a role can be done using  Go to transaction code PFCG  Menu tab  Distribute button  Enter the target system i. STMS (SAP Transport management System) 1) SAP normally follows 3 system landscape with 3 tier architecture. To achieve the transition from non-unicode to Unicode we need to have Non-Unicode export kernel CD and Unicode import kernel CD. QAS. Non-unicode is language specific. STMS 4) RFC’s are generated when the Transport Management System when continued R/3 system to communicate with all R/3 systems in a domain.e. 12) Before we delete a role. change. 6) ACTVT field indicates the type of activity i.

it will propose the system as transport domain controller. select YES. Go to SAP systemDisplay 4. transport directory path (\usr\sap\trans) Note: The above steps are performed in Dev System which we can assume as domain controller Steps for Requesting inclusion of QAS and PRD systems into domain controller Log on to QAS with 000 and SAP* go to STMS Select other configuration Provide the description and target hostname of the transport domain i.e. 3. 2. DEV system domain name and instance no and save Login to Development using 000 and sap * and goto STMS Select the QAS Go to sap systems  Approve This will pop up message saying “Inclusion of system in Transport Domain” then click “Yes” Note: Repeat the above steps for inclusion of PROD system also In Dev distribute TMS configuration by selecting extras  Distribute TMS configuration It POPs us a message and then select “Yes” Backup Domain Controller Backup domain controller holds the copy of reference configuration and configuration changes can be managed when transport domain controller is not available.A) SAP systems that share a common transport directory tree form a transport group. 5. 3) Go to overview menu and select systems 4) Place the cursor on SYS ID and select SAP system display 5) Go to transport pool and check under global parameter transport directory. Transport Routes: Transport routes indicate the roles of each systems and flow of change request. Configuring Transport domain controller:1) Login to SAP using client 000 and sap* 2) Go to STMS. In STMS screen go to overviewsystems select the R3 system to be defined as backup domain controller. Log on to transport domain controller system using client 000 and SAP*. Q) What is transport domain? A) All R/3 systems that are planned to manage centrally using TMS form a transport domain. i. provide the description and save. Go to communication tab  Select change under backup. Q) What is transport domain controller? A) R/3 system with the reference configuration is called as the transaction domain controller. you have to mention “QAS” and save then it will give a pop-up windows requesting you to configure the changes immediately. 54 . Go to Extras from menu  Activate backup domain controller. Steps in defining backup domain controller: 1. Go to STMS T-code.e. It will give a pop-up windows as “Activate system QAS as a domain controller” click “YES”. In order to configure transaction domain controller we have to login using client 000 and user sap* or any user having similar authorization using sap*.

It is a predefined transport layer for DEV classes of SAP standard objects Create Transport Layer: 1. 1. Select the check box under the column “ASTV” as required and choose save. STMSOverviewTransport routes 2. Go to SystemSystem attributesDelivery after configuration and click on procedure button. What are the various configuration methods available in STMS? A. 2. To be approved by request owner Using TMS on day to day operations: Go to “STMS_IMPORT” = this will take us to the screen in which all the imports are available. Note: 55 . Development and Production systems 3. 1. Quality system consider as delivery system. What is SAP transport layer? A. To be approved by system administrator 2. Go to overviewTransport routesSelect display or change mode 3. 4. Go to STMSOverviewTransport routesSelect change mode and double click on QAS System. Three systems in a group Q. Q. 3. Production system is considered as integration system. What is a standard transport layer? A. Select the R3 system in the pop-up according to their roles and click continue and save and specify the type of configuration and choose continue. 4. This describes the transport route that the data from the development systems follows. Single system configuration 2.Steps to configure transport routes: 1. Graphical Editor 2. Go to EditTransport route and add transport routeSelect source and target and leave it then we get pop-up window transport layer and click continue. Enter the transport layer name and description. What are the three approval steps you need to follow as a part of approval procedure in QAS? A. Go to configurationStandard configuration Three system in group. Enabling Quality assurance approval procedure (QAS): 1. To be approved by department 3. STMSOverviewTransport routesSelect change buttonselect zoon in buttonSelect the particular transport routeGo to EditTransport layerCreate. Note: Development system consider as consolidation system. Go to STMS T-code and ExtrasSettingsTransport RoutesSelect the desired editor and choose continue (By default graphical editor) 2. 1. Hierarchical Editor Q. Q. What are the two editor modes in which we can configure the transport routes? A. it will ask you to distribute and activate the change then select YES. 2. Q. Select the import that is transport request and click the truck button (Half loaded truck). Configuring transport routes manually: 1. Select distribute and activate (F8) button icon.

2. To import the command is “TP import <request number><SID>Client <ClientNo> U0 Note: U0 is a qualifier to leave the transport in the buffer. Overwrite originals 4. Overwrite objects in unconfirmed repairs 5. Move transport number xyz to client 100. Q. Log on to any SAP system go to “\usr\sap\trans\bin” execute the command “TP add to buffer <request number> <SID>client <client number>” 2. Ignore predecessor relations 56 . Import transport request again 3. If the import request button are not appears under STMS_IMPORTS then go to Extrasother request and select add enter the transport request number manually which you want to manually import. What are the various qualifier option or what are the various import options? A. Leave transport request in queue for later import 2.1. Ignore unpermitted transport type 6. Transporting request in OS Level: 1. There are six import options 1.

Sign up to vote on this title
UsefulNot useful