Skip to Content

1. OVERVIEW

As it happened to me probably many of you surprised when okcode “&SAP_EDIT” was deactivated by SAP to edit content of a table via SE16N transaction, (see NOTE 1420281).

It’s true that with DEBUG authorizations you can debug SE16N, set variable GD-EDIT = ‘X’ and access in edit mode to the content of table.

But in this document I want to show you how can enter in edit mode with SE16N using ABAP Debugger Scripting.

We must know that use this functionality has risks as we can create data inconsistencies so it’s our responsibility use this capability in a proper manner.

As SAP NOTE 1420281 explains “….security breaches have been detected in the customer authorization concepts.”. SAP decided to eliminate the “&SAP_EDIT” but of course they know that still possible to “skip” in debug… What has been done is save any change done in any table using SE16N so any change you do in edit mode in SE16N is stored and can be traced. I’ll explain at the end how to find this information. See section 4.

2. TECHNICAL SPECIFICATIONS

The SAP System I’ve used to generate this document:
SAP GUI: SAP Logon 720 (7200.3.11.1074)
SAP System: SAP ECC 6.0


3. STEPS


    • Create Script

      Execute SAS transaction and click on label Script_label.JPG

By default you should see a Script Template called: RSTPDA_SCRIPT_TEMPLATE

SAS_Default.JPG

Place the cursor inside METHOD script. Click on Script_Wizard.JPGthen choose the option shown in following picture:

Script_Debug_Step.JPG

This action will introduce this code in Script Method:

*************************************************

* debugger commands (p_command):

* Step into(F5)   -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_INTO

* Execute(F6)     -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_OVER

* Return(F7)      -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_OUT

* Continue(F8)    -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_CONTINUE

*************************************************

****************************************************************

*Interface (CLASS = CL_TPDA_SCRIPT_DEBUGGER_CTRL / METHOD = DEBUG_STEP )

*Importing

*        REFERENCE( P_COMMAND ) TYPE I

****************************************************************

*TRY.

CALL METHOD DEBUGGER_CONTROLLER->DEBUG_STEP

EXPORTING

     P_COMMAND =

.

* CATCH cx_tpda_scr_rtctrl_status .

* CATCH cx_tpda_scr_rtctrl .

*ENDTRY.

I write now how to complete this code:

*************************************************

* debugger commands (p_command):

* Step into(F5)   -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_INTO

* Execute(F6)     -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_OVER

* Return(F7)      -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_OUT

* Continue(F8)    -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_CONTINUE

*************************************************

****************************************************************

*Interface (CLASS = CL_TPDA_SCRIPT_DEBUGGER_CTRL / METHOD = DEBUG_STEP )

*Importing

*        REFERENCE( P_COMMAND ) TYPE I

****************************************************************

TRY.

CALL METHOD debugger_controller->debug_step

EXPORTING

             p_command = cl_tpda_script_debugger_ctrl=>debug_step_over.

CATCH cx_tpda_scr_rtctrl_status .

CATCH cx_tpda_scr_rtctrl .

ENDTRY.

Now place the cursor in a new line after our new code and press again Script_Wizard.JPG this time choose:

Script_variable.JPG

The code introduced after the action will be:

****************************************************************

*Interface (CLASS = CL_TPDA_SCRIPT_DATA_DESCR / METHOD = CHANGE_VALUE )

*Importing

*        REFERENCE( P_NEW_VALUE ) TYPE STRING

*        REFERENCE( P_OFFSET ) TYPE I

*        REFERENCE( P_LENGTH ) TYPE I

*        REFERENCE( P_VARNAME ) TYPE STRING

****************************************************************

*TRY.

CALL METHOD CL_TPDA_SCRIPT_DATA_DESCR=>CHANGE_VALUE

EXPORTING

     P_NEW_VALUE =

*    p_offset    = -1

*    p_length    = -1

     P_VARNAME   =

.

* CATCH cx_tpda_varname .

* CATCH cx_tpda_scr_auth .

*ENDTRY.

Again, I write down how the code must be completed:

****************************************************************

*Interface (CLASS = CL_TPDA_SCRIPT_DATA_DESCR / METHOD = CHANGE_VALUE )

*Importing

*        REFERENCE( P_NEW_VALUE ) TYPE STRING

*        REFERENCE( P_OFFSET ) TYPE I

*        REFERENCE( P_LENGTH ) TYPE I

*        REFERENCE( P_VARNAME ) TYPE STRING

****************************************************************

TRY.

CALL METHOD cl_tpda_script_data_descr=>change_value

EXPORTING

             p_new_value = ‘X’

*           p_offset    = -1

*           p_length    = -1

             p_varname   = ‘gd-edit’.

CATCH cx_tpda_varname .

CATCH cx_tpda_scr_auth .

ENDTRY.

You’ll have this line in METHOD script:

me->break( ).

It’s better to comment it, this way we go straight forward and code flow doesn’t stop when Break-point is reached.

After this you can Script_pretty.JPG and check the code Script_Verify.JPG. It shouldn’t be any problem.

We’ve almost finished with the Script, now we need to set the condition for the Break-point.

Change the Trigger options as shown:

Script_trigger.JPG

Then press Script_change.JPGand create a new Break-point (Script_New.JPG) using label “Srce Code”, see the condition in next picture:

Program: SAPLSE16N

Include: LSE16NO01

Row: 57

(*Click on picture for more detail)

Script_break.JPG

Set the Break-point and save your Script with button Script_Save_As.JPG

Name your Script with “Z” as first letter…

Script_Save_As_Name.JPG

Ok, our Script ZALF_SE16N is ready to be used.

    • Use Script in Transaction SE16N

In a new SAP session switch debugging on by /h command.

Then execute SE16N transaction… the debugger will come up… now click on Script label

Script_debug.JPG

Load our Script with button Script_load_script.JPG and the execute it with Script_Start.JPG,

just after this action SE16N screen will appear but you can notice that checkbox “Maintain entries” is flagged. So you can enter any table and edit the content.

Script_SE16N.JPG

4. SE16N Change Documents


As I mentioned at the beginning of this document all changes done with SE16N in any table are recorded. To see this information you can run program: RKSE16N_CD_DISPLAY.

5. References

http://scn.sap.com/community/abap/blog/2013/03/22/skip-the-authority-check-with-the-abap-debugger-script





To report this post you need to login first.

8 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply