• Download and install SAP SecureLogin Client
  (SAP SINGLE SIGN ON / SAP SINGLE SIGN-ON 3.0 / COMPRISED SOFTWARE COMPONENT VERSIONS / SECURE LOGIN CLIENT 3.0)

• Create a new SAP GUI connection. An example of the connection string: “conn=/H/mysaphost.sap.mycompanydomain.com/S/3200&sncqop=9&sncname=p:CN=PRD, OU=SAP-HEC, O=SAP SE, C=DE”.
  You can verify the SNCNAME using SNCCONFIG transaction, parameter snc/identity/as.

• Go to STRUST and download the certificate:
  SNC SAPCRYPTOLIB
  (If not, try SYSTEM PSE and SSL SERVER STANDARD)

• Install the certificate into macOS KeyChain (SYSTEM keychain) and make it “ALWAYS TRUSTED”

• Run the terminal and execute the following command:
  kinit [email protected]
  or
  kinit –keychain [email protected] for keychain storage
  Using the keychain, it should prompt for a password again when the Kerberos ticket expires
  or
  You can use “Ticket Viewer” app to create and update the credentials

• Check when the ticket expires:
  klist
  
• Run to remove the record:
  kdestroy

You run FIORI Mass Maintenance tile and got unexpected results, such as hudge and unwanted range of edited documents. How to figure out what data you used in the selection screen of the FIORI tile?

Running Fiori Mass Maintenance tile creates a job in SM37, however the job doesn’t contain used variant. Actually it’s just not visible.

Getting actual variant name:

• Catch using time stamps and determine the job name for the executed program MM_POMASS_UPDATE. Even FIORI uses this program for mass changes
• Verify that you can’t see the variant name there
• Run SE16n > table APJ_D_JOB_EXE. Use the determined job name
• Get the variant name in the field “Variant name”

You won’t believe how much time it took to identify that table. Thanks Vladimir for conducting this exploration!

Determining which data (selection screen variant data) was used:

• Run SE37 > FM RS_VARIANT_CONTENTS
• Use the report name MM_POMASS_UPDATE, determined variant name , move_or_rewrite = W. Execute the FM.
  
  
• Find VALUTAB table in the results of the FM execution. You should see plenty of entries.
• Press on the data icon of the table. As you can see, the variant starts with “!”, it’s used to hide it in SM37:
  
• You should see a table with all parameters. Selname = PF_EBELN wil reveal the filter data that was used for the tile processing:

• There is an additional inclusion of documents, it works in addition to the main (upper) filter.
  Field P_INCLSN. Check it too. Obviously, the both parameters work in the filter if both are used:

The problem is that if we use the following filter, we will not be able to see “*45”:

This topic might help you to save 6 hours! Welcome!

If you would like to know, for audit purpose for instance, the email data for background jobs (email notification for failed background jobs) is stored in the table TBTCCNTXT.

@wmic datafile where name='C:\\Program Files (x86)\\SAP\\FrontEnd\\SapGui\\saplogon.exe' get version 2>null | find /i "."

This command can be used for the Zabbix agent to collect the SAP GUI version from all the company’s computers

Some companies prefer to make a ME51n preconfiguration for new users. The values are stored in ESDUS table. If you don’t have a custom transaction or maintenance dialog for this table, it might be helpfull to make the change in this table directly. It’s not recommended but it always depends on..

Here are several interesting fields that can be changed:
ReqProposer AFNAM – Requisitioner
ReqProposer BSART – Document Type
ReqProposer DISPO – MRP Controller
ReqProposer WERKS – Plant
ReqProposer LGORT – Location

Ok, let’s do a mass change of the specific value for all users.
SE37 > SE16N_INTERFACE > I_TAB = ESDUS, I_EDIT = X, I_SAPEDIT = X > Execute

Use a filter like “REQ*AFNAM” because the actual field name is “ReqProposer AFNAM”.
Export this filtered table in a spreadsheet, change the necessary values and copy this table to the clipboard. Then select the left upper element of the table in the modifying table and press paste. The source and the target table are the same by fields count, so it will be pasted and changed values will be rewritten with the new. Press save, press green tick.

Before: S/4HANA on-premise systems with HANA Cockpit. Alert notifications were configured to send each alert to the corporate service desk system.

After: S/4HANA was migrated into the SAP Cloud. No access to the OS, HANA databases, or HANA Cockpit. Alert notifications continue to be received every day, but it’s not needed anymore. The SAP Cloud team is responsible for these databases now.

Reflection: I know that even if the HANA Cockpit is turned off, configured database backups continue to work. It happens because the HANA Cockpit is only the configuration point. However, the scheduled job is stored directly in the HANA database. Maybe alert notifications are arranged in a similar way?

All that I have is access to the application server. Lets check it in DB02:

SELECT * FROM "_SYS_STATISTICS"."STATISTICS_EMAILRECIPIENTS"

And voila:

By the way, SAPHANADB user have read/write access to _SYS_STATISTICS scheme, if you know what I mean. But I didn’t say that =)

As is well known, all SAP GUI configuration parameters can be made in Windows Registry. It could be convenient to make a group policy to have a single point of administration for all workstations.

Here is my collection of lovely registry keys:

Security level:
If you don’t want to let users accidentally press the “DENY” button and lose access to write to the file.

[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Security]
“SecurityLevel”=dword:00000000
“DefaultAction”=dword:00000000

Branding:
If you want to use your own logo for all SAP LOGONs.

[HKEY_CURRENT_USER\Software\SAP\General\Appearance]
“UseBrandingImage”=dword:00000001
“BrandingImage”=”\domain.local\LogonScript\SAP\SAP_LOGO.png”

The one SAP GUI theme for all users:
[HKEY_CURRENT_USER\Software\SAP\General\Appearance]
“SelectedFallbackTheme”=dword:00000100
“SelectedTheme”=dword:00000001

Available themes:
0x1 (Dec=1) = SAP Signature Design
0x2 (Dec=2) = Enjoy Theme (Enjoy Design)
0x4 (Dec=3) = System Dependent Theme (Enjoy Design)
0x8 (Dec=8) = Streamline Theme (Enjoy Design)
0x10 (Dec=16) = Tradeshow Theme (Enjoy Design)
0x20 (Dec=32) = Classic Design
0x40 (Dec=64) = Corbu Design
0x80 (Dec=128) = Blue Crystal (MS Windows 7 and higher)

Show dropdown key for all lists:
[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Customize]
“Dropdown.ShowKey”=dword:00000001
“Dropdown.SortKey”=dword:00000001

Show keys within dropdown lists:
[HKEY_CURRENT_USER\Software\SAP\SAPGUI Front\SAP Frontend Server\Customize]
“ListLines”=dword:00000001

Don’t show border:
If you use something like an RDP server without hardware acceleration, it could be helpful.
[HKEY_CURRENT_USER\Software\SAP\General\Appearance]
“ShowShadowBorder”=dword:00000000

Use logon language as default:
There is a hierarchy of language configuration parameters: profile language parameter, sap logon language parameter, and SU01 language preference. Disabling this parameter will allow you to use the logon language preference from SU01.
[HKEY_CURRENT_USER\Software\SAP\SAPLogon\Options]
“UseSAPLogonLanguageAsDefault”=dword:00000000

Logon language value:
[HKEY_CURRENT_USER\Software\SAP\General]
“Language”=”EN”

SAP System color for Signature theme:
[HKEY_CURRENT_USER\Software\SAP\General\Appearance\Systems\<SID>]
“ThemeName”=”SAP Red”

Available themes:
SAP Gold
SAP Green
SAP Purple
SAP Red
SAP Signature Default

SAP System color for Belize theme:
[HKEY_CURRENT_USER\Software\SAP\General\Appearance\Systems\<SID>]
“ThemeNameBelize”=”Belize Red”

Bonus. Secure login kerberos preference:
[HKEY_CURRENT_USER\Software\SAP\SecureLogin]
“TokenType”=”kerberos”
“allowFavorite”=dword:00000001

You can change this setting by using the followin FM:

PRGN_SET_BROWSER_OPTIONS_USER

UNAME – User name
FLAG4 is responsible for this checkbox