Setting up a central ATC-system: Part 5 – Keeping an eye on things
Since going live with our central ATC-system in October 2018 some additional things have come to light which warrant more than just an update to one of the existing articles in this series. As we learn more, I’ll keep adding to this post, so even if it starts out fairly small, it’s bound to increase in size over time.
Keeping an eye on OSS-Notes
We wanted to start running S/4HANA Readiness checks based on the latest version of the simplification database (1809) and thought that we had gone through all the necessary steps. But, as I learned via a question on Q&A and helpful hints from Florian Henninger we had actually overlooked that an updated version of OSS-Note “2241080 – SAP S/4HANA: Content for checking customer specific code” had been published at the end of October 2018. Once we had downloaded the most recent “Simplification Database Content” mentioned in the note we were all set to setup the readiness checks.
This is most definitely an OSS-note worth putting on your “watch list”!
Keeping an eye on user-accounts
As we make use of trusted RFC-connections between the satellite systems and the central ATC-system, all users potentially running ATC-checks need to be known across systems. We had a few occasions where users were able to work in the satellite-sytem(s) but then couldn’t run ATC-checks because they either didn’t have a user in the central system yet or their user was no longer valid.This then gets reported as a tool failure in the satellite system and drilling down on the message will give a hint of the user not being valid in the central system. Incidentally, each thus issue causes an actual dump listed in ST22 in the central system (not sure a dump is actually warranted for a mere “not authorised” error?).
Due to the fact that we are currently in the process to move user-distribution from a customer solution to the IDM and that this is not yet working across systems, we currently unfortunately need to remember to synch-up users manually.
Keeping an eye on ATC-results
I’ve made it a habit to briefly check ATC-results on an almost daily basis for modifiable transport requests or potential issues with getting transports released in the satellite-systems. This doesn’t take long as I’m mainly checking for any issues like tool failures or repeated occurrences of priority 1 & 2 findings for the listed transport requests. If need be I touch base with the impacted developers to find out what the issue might be. More often than not, they beat me to the finish line by requesting an exemption, though!
Keeping an eye on exemption requests
Speaking of exemption requests: we found out that the notification emails sometimes (or for some colleagues) end up in the spam folder of Outlook where they then tend to be overlooked. We haven’t yet found out why this is happening as it seems to be a bit of a moving target.
It’s also not quite as easy as initially thought to have everybody requesting an exemption consistently pick our specific ATC-Approver user from the list of available users instead of a specific person even though this has been communicated and documented.
Due to this, it makes sense to at least every once in a while check out the exemption browser in the central system (or just wait until affected developers send an email to ask about their request!).
Keep an eye out for more!
As mentioned at the beginning, I’ll keep adding to this post as things come up and would also like to read about your experiences with ATC-central checks in the comments!
Here are the links to the other parts of the series for easy reference:
Part 3: Tweaking the settings to our liking
Part 6 – accumulated FAQs (March 2021)
For the overall journey, please see the long, long winding road edition.
Awesome blog series. It's really helpful to see a "real" world example on this. I recommend the scenario to a lot customers.
Currently I'm working on a solution to send the ATC-results via mail to the responsible developers and more over want to add some "gamification" -- for example how much findings did you have.. what's the average timeline between finding and fixing it and so on. So it's good to see, that others also on the road to make automatic quality checks work for them.
Thanks for your feedback, Florian!
"Gamification" sounds interesting but might not be applicable in our setting where we don't have a large enough (inhouse) development team (this Q&A discussion has more background in the comments).
You probably already have a better solution... this was my approach to automate the "Send mail" button in the ATC result list as I could not find an intended way to do so.
thank you for the link. This is a solid ground to build on.
I was on the way to use the /SDF/ functions, but this looks like I find also the necessary references inside the class.
hope you talk to your "Betriebsrat" beforehand 😉
Great blog series, very informative. Florian Henninger you can also add something like how frequently changes are being made from Dev to Quality is it because of requirement change or bug fix Just an idea. I believe sky is the limit around.
I have some questions which you maybe can help me to find an answer.
We also have an central ATC System 7.52. As you have already mentioned, we adjusted the Check Variant for the Satellite systems.
to answer your questions:
Hope this helps!
Thx for the quick response.
So if I understand you correctly, the Screenshot is from the Satellite System and the DEFAULT_CENTRAL check variant is the Default Check Variant in the Satellite System ?
And this will lead to the Check of the PERFORMANCE_DB in the Master System when a Developer tries to release a Task or Transport ?
Another remark regarding the trusted named User of the Developers in the Master System. Is this necessary when we want to achieve the goal of checking in Master System from Satellite System on Task Release ? Or do you Setup the Named Users because of the Exemption handling ?
Best regards Mario
PS : If it is more convenient to you, we can communicate directyl in German too via Email. As far as I see you have an large knowledge aabout ATC/SCI
I think having this back-and-forth as comments on the blog post is fine as it might also clarify things for others happening upon them.
Yes, the screenshot is from the satellite system and it doesn't really matter how you name the check-variant. We eventually named it "CENTRAL_TRANSPORT_RELEASE" which points to its central counterpart "CHECKS_TRANSPORT_RELEASE". But just creating them doesn't have a bearing on their usage during transport-release. You have to do that separately in a couple of places, most of the details are explained in this blog post by Olga Dolinskaja. You'll also need to make sure that entries in table SCICHKV_ALTER reflect the variant to be used as the default one and during transport release. The table can easily be edited via SE16:
And yes, in our scenario the trusted RFC-connection is needed whenever a developer releases a transport in the satellite system (or triggers an ATC-check via the Default-variant). If the user than doesn't yet exist in the central system, it leads to a "tool failure" in the satellite and dump in the central system. You'll get a message like this:
Hope this clarifies it!
Thx again for quick response.
I think I got it now. I will try this with our Sandbox System first.
And now it is clear that we will need the trusted RFC Connection because of the Release-Check Functionality.
one additiional question. After setting up the Sandbox System and the Master System with the Trusted User RFC and creating an Check-Variant on the Master System for testing (only 2 checks), we've got an strange behaviour from the check. When you do a Batch Run onn the Master System, you have the Optionn to decide whether yyou want the generated Code to be analyzed or not.
But where ist is option when I start the check from the Satellite System, as a ddirect check or when releasing a task ?
I then get a lot of errors from ex. Function group of Table Maintanence Dialogs,which the Developer surely can't correct.
In our Local ATC Check Systems before (or even actual) we've implemented therfefore an inpl. Enhancement to avoid this behaviour.
What is you experience ?
this may depend on the NW versions of your central and satellite systems. IIRC then the exclusion of generated code is not yet possible with 7.50 and below, so all the objects in a transport get passed into the check on the central system. But, this looks more like a question for Olga Dolinskaja.
Thank you for your blog,
I am currently setting up a Central Abap Cockpit. SAP_BASIS 752. Right now, I am running into an issue where I can not publish the central's schedule run results to the satellite system. Has anyone else run into this issue?
We have setup ATC notifications for exemption approval, but we recently faced a scenario, where the approver was on leave and exemption could not be approved on time.
Is there a way we can send the request to a distribution list rather than a specific user, or the notification gets forwarded to secondary approver if not approved within a stipulated time like a normal workflow operation in SAP.
I know there is an option in ATC, where we can specify a secondary approver along with the dates. But this will need an additional setting to be done by the approver himself, before going on leave, we want to configure something automated.
this is how we resolved this issue:
That way, it doesn't matter who is available as one of the three should be around within a reasonable amount of time to do the checking / approving. If a developer picks one of the actual approver names (without checking if s/he is available) and the request doesn't get tackled quickly .... tough luck!
Hope this helps
Right now I was trying to set up a distribution list in SO15 and associate that with SAP user ATC_APPROVER, which didn't work.
I will try with outlook distribution list now. Thanks for the prompt response.
It worked with actual outlook DL. But it sent email to all the users who are part of the DL, although they are not set up as approvers in ATC system.
Good part is ATC approval process needs the user to login to ATC system, and only the ones set up as approvers have access to ATC system :).
To do it effectively, we will need to get specific outlook DL created with only the designated approvers.
Thanks for the suggestion,
Regarding " Keeping an eye on user-accounts"
In my central ATC scenario, a developer can trigger remote atc checks even though his user id is not available in the central atc system. Please cross-check/update your blog once.
you may have a different setup compared to us as far as RFC-connections and/or authorizations go. A user only needs to be known in the central system if you are working with a trusted-RFC connection. What I describe above is how it's working (or not!) with our settings.