Hi, everyone!


If you thinking that is impossible, SAP allow this functionality according to OSS note 1919888

In that case it may be useful

  • You want to investigate an error in an SAP production system using debugging.
  • The application user who can use the application in the production system is not authorized to carry out debugging and does not have the necessary knowledge for this, either.
  • The support user is authorized to use the debugger but does not have the authorizations and knowledge necessary to use the application.
  • It is not practical for the two users to meet in order to investigate the error together. This might be the case if, for example, an SAP Support employee wants to investigate a critical application in a customer’s production system.
  • If would be desirable for the support user to be able to investigate the application – used by the application user in the application user’s user context – in the debugger running in the user context of the support user.

Just like the activation of the debugger for the current user with OK code /h, the debugger can now be activated for another user, too.

The OK code for this is as follows:

/hext user = <user_name> (there must be a blank character between /hext and user; user and =; and = and the user name).

/wp-content/uploads/2016/07/a_example_1003105.jpg

The application user can now activate the debugging of the corresponding application by the support user without requiring debugging authorization.

The following conditions must be met to activate the debugger (otherwise, the system issues error message 00 127: “This function is not possible“).

Error_no_posible.jpg

  • The user specified in <user_name> has authorizations for general debugging and – specifically – the debugging of the programs of the current user (the user who activates debugging). For more information, see SAP Note 1788514.
  • The user specified in <user_name> has already set user breakpoints for the current user (the user who activates debugging).
  • The SAP GUI logon of the user specified in <user_name> that was used to set the user breakpoints is still active (the debugger data is displayed in a new external session of this GUI logon).
  • For SAP_BASIS Release 740 and above, at least the downward-compatible disp+work package 742 with Patch Level 315 is required. See also SAP Note 2099670 in this regard.

The debugger is linked with the session to be debugged for as long as in the case of normal debugging with the OK code /h.


The link can be explicitly broken by the application user with the OK code /hx.

The procedure for debugging external programs might be as follows:

  1. Application user A and support user B make contact by telephone, for example. They decide to carry out a debugging session.
  2. Support user B sets user breakpoints for application user A at the relevant ABAP statements of the application program. Support user B then asks application user A to start debugging.
  3. Application user A starts the application and enters the OK code “/hext user = B” (without the quotation marks used for clarity here). The system activates the debugger. The application is then used accordingly.
  4. When a user breakpoint is reached, the system stops. The debugger data is presented to support user B in a separate session in the support user’s GUI logon. Support user B can now debug the program.
  5. Debugging can be ended by application user A exiting the application or explicitly entering the OK code /hx. The debugger window in the logon of user B closes.

This procedure achieves the following:

  • Only the application user can trigger the debugging of an application by another user. This means that no application can be investigated without the knowledge of the application user.
  • The application user does not need debugging authorization. The support user can still debug the application.
  • The support user does not need application authorizations since the application continues to run in the context of the application user and is controlled by the application user.
  • The support user needs general debugging authorization and specific authorization to debug applications of the application user (see SAP Note 1788514).
  • The system logs all relevant actions of the support user in the debugger (such as the changing of field content) in the system log and audit log in the application context.
  • The application and support users can work in different places; telephone contact is sufficient.
To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply