Secure ABAP programming - training

Can anyone help me with any classroom/virtual training program or Code Jam related to Secure ABAP programming from SAP.
I was looking at something that can be arranged in my company's Mumbai(India) office.

Hi Ruhi
Thanks for your question. There isn't a standard SAP Education course on Secure ABAP Programming but the team at SAP Education in India may be able to help you. You can reach them directly at:
Phone
+91 080 4082 9000
Email
[email protected]
Kind regards
Rob

Similar Messages

SAP ABAP secure coding related training session

Hi Experts,
Do you know of any training or code jams provided by SAP for organizations related to SAP ABAP secure coding?

Thanks Alex for your reply.
The course and goals look perfect.
But I was looking for something that could be arranged in my company's Mumbai(India) office.
Can anyone help me with any classroom/virtual training or Code Jams related to secure ABAP programming.

Question on security in ABAP program with ITS. Please help!

Hi Experts,
I have a question on security in ABAP program.
I have a ABAP program which has a transaction attached.
I have added authorization check in ABAP program(Progran level security).
I have also attached the authorization object to the transaction.(Transaction level security)
If an end user runs the transactionm, then which authorization check will fire first? Will it be transaction level?
If I have web enabled my ABAP program via SICF (in other words, ITS). Then when I try to run my ITS service in the browser will the transaction level authorization fire? or Will the program level authorization fire?
Please help me understand this security aspect.
Thanks
Gopal

I have added authorization check in ABAP program(Progran level security).
i assume you have coded call authority within the program.
If an end user runs the transactionm, then which authorization check will fire first?
if he calls the transaction, then first authorization attached to the transaction will be checked.
but if he executes the program attached to the transaction, then the authorization attached to the transaction dosent help here, the one coded in side the program is checked.
If I have web enabled my ABAP program via SICF (in other words, ITS).
it depends,
if you are calling your transaction like
webgui/?~transaction=<tcode> then first tcode level authorization.
if you generate the templates for the program and callign the same, then i guess its progam level. (i need to check this)
Regards
Raja

Is there a SAP training course for HR ABAP programming?

Hi Friends!
I am new to HR ABAP programming. I heard that HR ABAP programming is different from other ABAP related areas. Is there a training program or course offered by SAP decicated only for HR ABAP Programming? If yes, please kindly post the links in your replies and I would be glad to award points.
Note: Please post only relevant links.

Welcome to SDN.
Check follwoing links -
<a href="https://websmp209.sap-ag.de/sapidp/011000358700003520202006">https://websmp209.sap-ag.de/sapidp/011000358700003520202006</a>
<a href="https://websmp204.sap-ag.de/sapidp/011000358700003520202006">https://websmp204.sap-ag.de/sapidp/011000358700003520202006</a>
It is the list of all the course in HR -
<a href="http://www50.sap.com/useducation/find/results.asp">http://www50.sap.com/useducation/find/results.asp</a>
Regards,
Amit
Reward all helpful replies.
got it this one is for you -
<a href="http://www50.sap.com/useducation/curriculum/course.asp?cid=60176624">http://www50.sap.com/useducation/curriculum/course.asp?cid=60176624</a>
<a href="http://www50.sap.com/useducation/curriculum/course.asp?cid=60197174">http://www50.sap.com/useducation/curriculum/course.asp?cid=60197174</a>
Message was edited by:
Amit Khare

Securing the HR data against unauthorized ABAP program access

Dears,
Is there a way to secure HR data against unauthorized user-defined ABAP program access; in other words is there a way to prevent a the HR tables access from within a newly created ABAP program (SELECT statement) ?
Thanks.
Reda

Hi, there's no way to prevent programs from accessing db-tables. Instead, you'll have to limit access on programs.
Especially, do not allow abap developers to run programs in your productive system. Encourage developers to implement authority-checks in their code. Consider well, who and who not, is to be allowed to run which program.
regards
Jörg

Authentication or Security Checks for ABAP programs

Dear experts,
     Please tell me where do we give the authentication or security checks to our ABAP programs and how do we do that. ( Do not allow all to execute our developed programs).
Regards,
Maanasa

If you know the authorization group u can use the following ways.
1. In the Attributes u can specify the authorization gourp name
2. AT SELECTION-SCREEN
AUTHORITY-CHECK OBJECT 'Z_TABU_DIS'
            ID 'ACTVT' FIELD '03'
           ID 'CUSTTYPE' FIELD v_class
            ID 'TABLENAME' FIELD p_dbtble.
CASE SY-SUBRC.
   WHEN 0.
    WHEN OTHERS.
Error message
     message I419(MO).
     STOP.
ENDCASE.

Abap program to maintain variants in RSRPARAMETRIZA

Hi,
SAP provided an ABAP example to maintain 3.5 variants in NW04s
Report Z_MASS_VARIANT_MAINTENANCE is available in the next u2018how tou2019 document.
[http://www.sapadvisors.com/resources/HowtoInformationBroadcasting.pdf]
This is only helpfull if you use 3.5 workbooks.
7.0 workbook variants are not save in RSRVARIANT anymore. 7.0 variants are saved in table-field RSRPARAMETRIZA-STRING (xml field with selection values).
I need to develop a program to maintain this variants. Can anybody save me some time and send me similar abap program for 7.0 workbooks ?
Thanks,
Pedro

Hi,
Bruno is right about class CL_RSR_PARA.
This is an abap example is used to maintain 'ZRT_M4M_Q0016' Query variants. In this case variant BC_SALST001 is updated.
If you need to update different report variant you have to change the 'form create_variant'.
In this variant I'm updating:
- 0S_MAT: empty
- 0S_MATGR: 5300-5399
- ZMM_STA2: Z0;ZZ
*& Program to mass update BEx Variants within SAP Netwever 2004s
REPORT Z_MASS_FR_BROADCAST_0003 .
constants: C_PARAMNM type RSPARAMNM value 'BC_SALST001'.
---> TYPE DEFININTIONS --->
NOTE: Ripped from class CL_RSR_PARA
TYPES: BEGIN OF t_sx_int_var_value,
 vnam TYPE rszvnam,
 data_prov TYPE string,
 range TYPE STANDARD TABLE OF rrrange WITH DEFAULT KEY
 INITIAL SIZE 1,
 END OF t_sx_int_var_value.
TYPES: t_tx_int_var_value TYPE STANDARD TABLE OF t_sx_int_var_value
 WITH DEFAULT KEY
 INITIAL SIZE 1.
<- TYPE DEFININTIONS <-
DATA: l_s_rsrparametriza type rsrparametriza.
DATA: l_s_range type rrrange.
DATA: l_s_sx_int_var_value type t_sx_int_var_value.
DATA: r_tsx_values type t_tx_int_var_value.
perform create_variant.
l_s_rsrparametriza-paramnm = c_paramnm.
l_s_rsrparametriza-objvers = 'A'.
l_s_rsrparametriza-parentcomponent = '1'.
l_s_rsrparametriza-workbookid = ''.
l_s_rsrparametriza-eltuid = 'ZRT_M4M_Q0016'.
l_s_rsrparametriza-plnfuncnm = ''.
l_s_rsrparametriza-template = ''.
l_s_rsrparametriza-planningseqeunce = ''.
l_s_rsrparametriza-version = ''.
l_s_rsrparametriza-personal = ''.
l_s_rsrparametriza-owner = sy-uname.
CALL TRANSFORMATION
id
SOURCE page = r_tsx_values
RESULT XML l_s_rsrparametriza-content.
get time stamp field l_s_rsrparametriza-timestmp.
l_s_rsrparametriza-conttimestmp = ''. " fix
*For security reasons I just change existing variants field.
update rsrparametriza
 set content = l_s_rsrparametriza-content
where PARAMNM eq c_paramnm
 and OBJVERS eq 'A'.
If sy-subrc eq '0'.
Write: 'Update sucessfull'.
else.
Write: 'No update: Probably variant does not exist'.
endif.
form create_variant.
*0S_MAT
clear l_s_sx_int_var_value.
l_s_sx_int_var_value-vnam = '0S_MAT'.
l_s_sx_int_var_value-data_prov = 'DP_4'.
" no selections
append l_s_sx_int_var_value to r_tsx_values.
*0S_MATGR
clear l_s_sx_int_var_value.
l_s_sx_int_var_value-vnam = '0S_MATGR'.
l_s_sx_int_var_value-data_prov = 'DP_4'.
clear l_s_range.
l_s_range-sign = 'E'.
l_s_range-opt = 'BT'.
l_s_range-low = '5300'.
l_s_range-high = '5399'.
append l_s_range to l_s_sx_int_var_value-range.
append l_s_sx_int_var_value to r_tsx_values.
*ZMM_STA2
clear l_s_sx_int_var_value.
l_s_sx_int_var_value-vnam = 'ZMM_STA2'.
l_s_sx_int_var_value-data_prov = 'DP_4'.
clear l_s_range.
l_s_range-sign = 'I'.
l_s_range-opt = 'EQ'.
l_s_range-low = 'ZO'.
l_s_range-high = ''.
append l_s_range to l_s_sx_int_var_value-range.
l_s_range-low = 'ZZ'.
append l_s_range to l_s_sx_int_var_value-range.
append l_s_sx_int_var_value to r_tsx_values.
That's all
Pedro

Basic Questions of ABAP programming

Hi Experts
I am new for ABAP programming. I wants to know some basic about ABAP. I have done 2 months ABAP course from a institute. They give me training on 4.7 IDES ver. Please give the answers of following questions.
1.Is there big difference between 4.7 and 6.0 Ecc ver in ABAP programming point of view?
2.for Traing purpose Should I install the full verson of SAP or there is any dummy software?
3.SAP Netweaver knowledge is must for ABAP programing?
4. When we install SAP 4.7 IDES version then all the modules will avialable or Only ABAP?
Thanks
Best Regards
Jitender

Hello,
For your own practice you can download the free version of SAP Netweaver ABAP in the downloads section of SCN. This is only for ABAP development. You wont find many of the stadard tables and functionalities with in it. IDES should be containing all the modules. But again that depends on the licesnse with which you are provided.
Your questions have no relevance from the ABAP technical point of view except the first one which is a basic question and should be asked here as per the forum rules. Thats the reason why you were suggested to read the forum rules.
For any queries of the trial version ABAP have a look at this forum
Vikranth

Help in abap program

hellow i have a table itab with value (ex. error value) and i wont to select some value from tables ( defined below.) and put it in table err_itab my problem is in the loop i dont now how to continued from their i thihk with append to intrernal tables and after to do read to err_itab, but im not sure this is my program any suggestion. thankes for your time and suggestion.
form write_2_file .
IF file_ser IS INITIAL.
CALL FUNCTION 'WS_UPLOAD'
EXPORTING
CODEPAGE = ' '
filename = l_name
FILETYPE = 'ASC'
HEADLEN = ' '
LINE_EXIT = ' '
TRUNCLEN = ' '
USER_FORM = ' '
USER_PROG = ' '
DAT_D_FORMAT = ' '
IMPORTING
FILELENGTH =
TABLES
data_tab = itab
EXCEPTIONS
conversion_error = 1
file_open_error = 2
file_read_error = 3
invalid_type = 4
no_batch = 5
unknown_error = 6
invalid_table_width = 7
gui_refuse_filetransfer = 8
customer_error = 9
no_authority = 10
OTHERS = 11
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ELSE.
OPEN DATASET file_ser IN TEXT MODE
ENCODING DEFAULT FOR INPUT.
IF sy-subrc NE 0.
MESSAGE e002(yhr) .
ENDIF.
DO.
READ DATASET file_ser INTO wa_itab.
IF sy-subrc NE 0.
EXIT.
ENDIF.
APPEND wa_itab TO itab.
ENDDO.
ENDIF.
endform. " write_2_file
FORM get_data .
CLEAR wa_itab.
LOOP AT itab INTO wa_itab.
IF wa_itab-action = 'y1'
OR wa_itab-action = 'y2'
OR wa_itab-action = 'y3'.
SELECT SINGLE ansvh
FROM t542a
INTO wa_b_itab-ansvh
WHERE molga ='IL'
AND ansvh = wa_itab-contract.
IF sy-subrc <> 0.
APPEND wa_b_itab TO b_itab.
SELECT SINGLE werks btrtl
FROM t001p
INTO (wa_c_itab-werks, wa_c_itab-btrtl)
WHERE molga ='IL'
AND werks = wa_itab-personnel_area
AND btrtl = wa_itab-personnel_subarea.
IF sy-subrc <> 0.
APPEND wa_c_itab TO c_itab.
SELECT SINGLE objid
FROM hrp1000
INTO wa_d_itab-objid
WHERE otype = 'S'
AND objid = wa_itab-plans
AND begda <= currnt_date
AND endda >= currnt_date.
APPEND wa_d_itab TO d_itab.
ENDIF.
ENDIF.
ENDIF.
ENDLOOP.

I have added authorization check in ABAP program(Progran level security).
i assume you have coded call authority within the program.
If an end user runs the transactionm, then which authorization check will fire first?
if he calls the transaction, then first authorization attached to the transaction will be checked.
but if he executes the program attached to the transaction, then the authorization attached to the transaction dosent help here, the one coded in side the program is checked.
If I have web enabled my ABAP program via SICF (in other words, ITS).
it depends,
if you are calling your transaction like
webgui/?~transaction=<tcode> then first tcode level authorization.
if you generate the templates for the program and callign the same, then i guess its progam level. (i need to check this)
Regards
Raja

Interfaces in abap programming

Hi,
Please tell me what is an interface in abap program and also let me know how many types are there with ex's.
Thanks
Ali

hi ,
check the below links too may be helpful for you
http://help.sap.com/saphelp_nw04/helpdata/en/78/217da751ce11d189570000e829fbbd/content.htm
http://www.sapgenie.com/sapgenie/docs/ale_scenario_development_procedure.doc
/people/kevin.wilson2/blog/2006/11/13/ale-scenario-development-guide
http://searchsap.techtarget.com/tip/0,289483,sid21_gci1230385,00.html .
for the geneal stuff on ale/idoc check the below links
http://www.sapgenie.com/sapgenie/docs/ale_scenario_development_procedure.doc
check out this link :
https://www.sdn.sap.com/irj/sdn/advancedsearch?query=interfacesinABAP&cat=sdn_all
For ALE -- IDoc's
http://www.sappoint.com/abap/ale.pdf
http://www.sappoint.com/abap/ale2.pdf
http://www.sapgenie.com/sapgenie/docs/ale_scenario_development_procedure.docs
ALE/ IDOC/EDI
http://help.sap.com/saphelp_erp2004/helpdata/en/dc/6b835943d711d1893e0000e8323c4f/content.htm
http://www.sapgenie.com/sapgenie/docs/ale_scenario_development_procedure.doc
http://edocs.bea.com/elink/adapter/r3/userhtm/ale.htm#1008419
http://www.netweaverguru.com/EDI/HTML/IDocBook.htm
http://www.sapgenie.com/sapedi/index.htm
http://www.sappoint.com/abap/ale.pdf
http://www.sappoint.com/abap/ale2.pdf
http://www.sapgenie.com/sapedi/idoc_abap.htm
http://help.sap.com/saphelp_erp2005/helpdata/en/0b/2a60bb507d11d18ee90000e8366fc2/frameset.htm
http://help.sap.com/saphelp_erp2005/helpdata/en/78/217da751ce11d189570000e829fbbd/frameset.htm
http://www.allsaplinks.com/idoc_sample.html
http://www.sappoint.com/abap.html
http://help.sap.com/saphelp_erp2004/helpdata/en/dc/6b835943d711d1893e0000e8323c4f/content.htm
http://www.sapgenie.com/sapgenie/docs/ale_scenario_development_procedure.doc
http://edocs.bea.com/elink/adapter/r3/userhtm/ale.htm#1008419
http://www.netweaverguru.com/EDI/HTML/IDocBook.htm
http://www.sapgenie.com/sapedi/index.htm
http://www.allsaplinks.com/idoc_sample.html
ALE/ IDOC/ XML
http://www.sapgenie.com/sapgenie/docs/ale_scenario_development_procedure.doc
http://www.thespot4sap.com/Articles/SAP_XML_Business_Integration.asp
http://help.sap.com/saphelp_srm30/helpdata/en/72/0fe1385bed2815e10000000a114084/content.htm
IDOC Convertion
/people/kevin.wilson2/blog/2005/12/07/changing-fields-in-an-idoc-segment
http://www.sappoint.com/abap/ale.pdf
http://www.sappoint.com/abap/ale2.pdf
http://www.sapgenie.com/ale/configuration.htm
http://www.sappoint.com/abap/ale.pdf
http://www.sappoint.com/abap/ale2.pdf
http://www.sapdevelopment.co.uk/training
http://www.sapgenie.com/ale/why_ale.htm
http://www.sapdevelopment.co.uk/training
http://www.sapgenie.com/sapgenie/docs/ale_scenario_development_procedure.doc
Regards,
Ranjita

ABAP Programming Error with SAP HR IMG

Hi,
I am new to this site and I have a question. Recently, I had the "Vanilla SAP System" installed on a harddrive for my laptop. I am studying for the SAP HR Consultant Certification.
However, the system doesn't have the training DB and I have to start with implementing a project through the IMG. Yesterday, I received an error message (below) when I go to the application component sectin to add on Pers. Administration, Countries, etc).
Can anyone direct me to someone in Atlanta that may be able to take a look at this for me?
I was working on my computer and I get to a certain point in my customizing activity and I get this error msg:
Runtime errors RFCGUI_unexpected_data
The termination occurred in the ABAP program SAPMSSYO in %_CTL_OUTPUT
The main program was SAPLS_IMG_TOOL_5
The termination occurred in line 30 of the source code of the (Include) program <SYSINI> of the source code of program <SYSINI> (when calling the editor 300)
There is more to the error message and I would have to perform the activity to let the person see the message. Not unless they can tell what's wrong by the error above.

Hi Pradeep,
If it was resolved, please let me know the resolution.
Thanks,
Srivijay

Access SFTP server out of ABAP program

Hi all,
how can I access an external SFTP server out of an ABAP program? I know how to do that for normal FTP, but don't know a way for doing this with SFTP. Is there any function module available for this?
Thanks in advance.

Hi,
I found this:
Read file from Secure FTP: [Read file from Secure FTP|Read file from Secure FTP]
FTP using ABAP   :              [FTP using ABAP|FTP using ABAP]
File transfer using SFTP   : [File transfer using SFTP|File transfer using SFTP]
FTPs connection failed - error ".. certificate rejected by ChainVerifier"
                                            [Re: FTPs connection failed - error ".. certificate rejected by ChainVerifier"|Re: FTPs connection failed - error ".. certificate rejected by ChainVerifier"]
FTPs issue-                         [FTPs issue-|FTPs issue-]
I hope it is usefull.
Best Regards,
Daniel Zapardiel

Transport of ABAP Programs via File

Hello,
I want to transport an ABAP-Program into my training-system at home (SneakPreview 2004s).
Because there is no connection between the systems, I search for a solution via filesystem.
Thanks
Armin

Hello Armin,
The approach for downloading to a notepad maynot be very be useful The report will have includes,function modules etc... Also it will have screens which you cannot download on notepad!!
So do one thing. Include the report with all its components : includes,screens etc..in a transport request. Do it though SE80 transaction. Once done release the transport request. This will result in creation of data file and co file.
Now at OS level you can get these files and then you can copy them on CD/DVD. Put these files i the respective folders of your target system and import the transport.
If this is Z report and has a Z development class/message class I would suggest including it also in the transports. Development class/message class availability before the report import happens is a must. So include every thing in the transport and use data files and co-files.
Please award points for useful answers.
Regards.
Ruchit.

How to check frequency of ABAP program usage

Dear Experts,
How to find out the frequency of ABAP programs executed by users? the reason is because we want to do a housekeeping on all the ABAP reports that we have developed over the years, we want to deactivate those reports that are no longer executed by the user within 1 year. Anyone can give suggestion?
I already tried using SM36, but this is only for those programs scheduled in background or immediate, how about those programs running on foreground?

Hello,
You can use the trxn SM20N. But bear in mind some prior config needs to be in place for the logging to be active (trxn SM19).
For further details on SM20 read this: [Security Audit Log|http://help.sap.com/SAPhelp_nw70/helpdata/en/2c/c59d37d373243de10000009b38f8cf/frameset.htm]
@Sap Fan: STAD can be used in case the audit log is not available (e.g., due to missing config) but afaik there is a limitation on the date range you can provide.
BR,
Suhas
Edited by: Suhas Saha on Sep 7, 2010 9:39 AM

JavaScript in ABAP Program

hi folk,
I have some Javascript codes in my abap program as you can see below.
It does simple not work for me.
But in the debugger mode as I can see the message it says something about:
" ReferenceError: ActiveX Object is not defined "
It has something with Acticve XObject. What am I missing here? Do I need install any additional component?
    data JS_CODE type STRING.
    data RETURN_JS_VAR type STRING.
    data JS_PROC type ref to CL_JAVA_SCRIPT.
    JS_PROC = CL_JAVA_SCRIPT=>CREATE( ).
    concatenate
      'var filePath = "C:
Windows
notepad.exe";            '
      'set fso = CreateObject("Scripting.FileSystemObject");'
      'var string = fso.GetFileVersion(filePath);                  '
    'function Set_String()                  '
      ' { string += ", this is a Blog!"; '
      'Set_String();                          '
      'string;                                '
    into JS_CODE separated by CL_ABAP_CHAR_UTILITIES=>CR_LF.
    JS_PROC->COMPILE( SCRIPT_NAME = 'GETVERSION.JS'
                         SCRIPT      = JS_CODE ).
    RETURN_JS_VAR = JS_PROC->EXECUTE( 'GETVERSION.JS' ).
    write RETURN_JS_VAR.

hi Tomek,
You have absolutely right regarding the security and the problem by using of Active X Object.
My goal was to get the file version from the user's PC and at the beginning I used the method
CL_GUI_FRONTEND_SERVICES->FILE_GET_VERSION but it doesn't work out. So I tried to get the version via Active X Object and it doesn't work either.
Now I've found this function GUI_GET_FILE_INFO and it works perfectly even though it tells me that the function is absolete and suggest to use the method FILE_GET_VERSION instead.
Best regards
LNN

Secure ABAP programming - training

Similar Messages

Maybe you are looking for