Most people keep track of all their (SAP) systems, users, passwords in a personal database or Excel sheet. I do so myself in a Microsoft Access database. When a SAP user / password changes one wants to write back these changes into the SAP logon configuration. Find below the Microsoft Visual Basic for Applications (VBA) code to do so.

SAP Logon file format

Individual records to a SAP system client can be maintained in SAP Logon as a shortcut.

The shortcut contains the connection data (User, Password, Client, Language, …) to a specific SAP system.

The SAP logon shortcut’s are saved into a file named sapshortcut.ini. This file is located in the directory [Windows user directory]\AppData\Roaming\SAP\Common. The [Windows user directory] is the Windows user’s local file. In most cases it is the directory C:\Users\Login name.

The command section of the sapshortcut.ini file has next file format:

[Command]
Key36=-desc="System 1" -sid="SID" -clt="100" -u="MyUser" -l="EN" -tit="System 1 client 100" -wd="C:\Users\Windows user\Documents\SAP\SAP GUI"        
Key37=-desc="System 1" -sid="SID" -clt="200" -u="MyUser" -l="EN" -tit="System 1 Client 200" -wd="C:\Users\Windows user\Documents\SAP\SAP GUI" -pwenc="PW_49B02219D1F6310E" 

The command parameter section is identified by [Command].
SAP system ID and client are identified by parameter -sid and -clt.
User and password are identified by parameter -u and -pw or -pwenc. -pw holds the password in unencrypted format. -pwenc holds the password in encrypted format. SAP Logon will save passwords in encrypted format with -pwenc. In the VBA code here the unencrypted version with -pw is being used.

User / password database

I myself use a Microsoft Access database to store users and passwords. But any database or Excel sheet can be used as long as it is accessible by VBA.
Here DAO is used to access a recordset named QuUserSapShortcut. Any other recordset or table can be used as long as the correct name is used in the VBA coding (Database.OpenRecordset(“QuUserSapShortcut”)).
Here the fields SystemInstance, Client, User, Password are used. Any other field names can be used as long as the correct names are being used in the VBA coding,

Update SAP shortcut file

The sapshortcut.ini file file is updated by the VBA subroutine ChangeSAPShortcutIni() below. The program expects an existing SAP shortcut sapshortcut.ini file with existing system instance and client parameters.

The file is opened for reading with OpenTextFile in mode ForReading. Each command line is processed and when a corresponding database record is found on SID (database field SystemInstance, parameter sid) and client (database field Client, parameter clt) then user (database field User, parameter u) and password (database field Password, parameter pw or pwenc) are being substituted.
Finally the file is saved and overwritten with OpenTextFile in mode ForWriting.

To extract a command line into its parameter component regular expression is used (Object RegExp an pattern “-([^=]+)=””([^””]*)”””). It extracts all -parameter=”XXX” components from each command line. Where parameter=clt for instance and XXX=100.

Function GetMatch(Matches As MatchCollection, Parameter As String) As String
  Dim Match As Match
    
  For Each Match In Matches
    If Match.SubMatches(0) = Parameter Then GetMatch = Match.SubMatches(1)
  Next
End Function

Sub RegExpReplace (RegExp As RegExp, Line As String, Pattern As String, Replace As String)
  RegExp.Pattern = Pattern
  Line = IIf(RegExp.Test(Line), RegExp.Replace(Line, Replace), Line + Replace)
End Sub

Sub ChangeSAPShortcutIni()
  Dim Database As DAO.Database
  Dim Recordset As DAO.Recordset
  Dim FileDialog As FileDialog
  Dim FileSystem As FileSystemObject
  Dim SelectItem As Variant
  Dim RegExp As RegExp
  Dim Matches As MatchCollection
  Dim TextFile As TextStream
  Dim ShortcutFile As String
  Dim Line As String
  Dim Command As Boolean

  Set Database = CurrentDb()
  Set Recordset = Database.OpenRecordset("QuUserSapShortcut")
  Set FileDialog = Application.FileDialog(msoFileDialogFilePicker)
  Set FileSystem = New FileSystemObject
  Set RegExp = New RegExp
  RegExp.Global = True

' Select SAP Shortcut file
  FileDialog.InitialFileName = Environ("USERPROFILE") + "\AppData\Roaming\SAP\Common\sapshortcut.ini"
  FileDialog.Title = "SAP logon shortcut file (sapshortcut.ini)"
  FileDialog.Show
    
  For Each SelectItem In FileDialog.SelectedItems
'   Open shortcut file
    Set TextFile = FileSystem.OpenTextFile(SelectItem, ForReading)
    Do Until TextFile.AtEndOfStream
      Line = TextFile.Readline
      If Command Then
'       Extract command parameters
        RegExp.Pattern = "-([^=]+)=""([^""]*)"""
        Set Matches = RegExp.Execute(Line)

'       Find SID / client in authorisation table
        Recordset.FindFirst _
          "Client='" + GetMatch(Matches, "clt") + "' AND " + _
          "SystemInstance='" + GetMatch(Matches, "sid") + "'"

'       Set user / password
        If Not Recordset.NoMatch Then
          Call RegExpReplace(RegExp, Line, "-u=""[^""]*""", "-u=""" + Recordset!User + """")
          Call RegExpReplace(RegExp, Line, "-pw(enc)?=""[^""]+""", "-pw=""" + Recordset!Password + """")
        End If
      Else
        Command = Line = "[Command]"
      End If
      ShortcutFile = ShortcutFile + Line + vbCrLf
    Loop
    TextFile.Close

'   Write shortcut file
    Set TextFile = FileSystem.OpenTextFile(SelectItem, ForWriting)
    TextFile.Write ShortcutFile
    TextFile.Close
  Next
    
  If FileDialog.SelectedItems.Count > 0 Then _
    MsgBox (IIf(Command, "SAP logon shortcut file saved", "Error during SAP logon shortcut file creation"))
End Sub

VBA object library references

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Jelena Perfiljeva

    Most people keep track of all their (SAP) systems, users, passwords in a personal database or Excel sheet.

    Uhm, I believe most people use either a password keeper app or a sticky note on a monitor. 🙂

    Our number of systems is not large enough to call for such measures but I can appreciate the effort. Thank you for sharing!

    (3) 
  2. Frank Krause

    Hi all,

    I would like to stress again the SAP view on the “saving passwords in SAP Shortcuts” feature.

    1) Using this feature is a security risk. In the interest of all users we strongly have to mention again that it should not be used. This holds true especially if users are not aware of the fact that an SAP Shortcut with full credentials in it can be used by anybody to log on with a foreign user account. Yes, you may say that you protect the files on your hard disk, but will all users do this (or will they even mail the shortcuts)? From SAP perspective this risk should not be ignored and therefore the administrators should NOT enable the feature.

    2) There are better and more secure alternatives to the feature available (SSO solutions); if it is just about remembering passwords there are many programs available which store passwords in a safe way.

    3) The password saving feature does not have a future anymore. With the introduction of SAP UI Landscape it has been removed and even though it is still working for saplogon.ini it is just a question of time until SAP GUI for Windows will no longer support saplogon.ini at all (before you ask: SAP GUI for Windows 7.50 will still support saplogon.ini). This feature will thus disappear.

    4) SAP UI Landscape is already in release 7.40 mandatory for the combined usage of SAP GUI for Windows and the SAP Business Client. If you turn off SAP UI Landscape you cannot run this combination which adds a lot of value for end users.

    My summary is therefore: Don’t use this feature!

    Best regards,
    Frank

    (0) 

Leave a Reply