Technical Articles
Restricted ABAP for SAP BTP ABAP Environment
In the blog post S/4HANA Extensibility Concept Details: Restricted ABAP I introduced the concept of restricted ABAP, or naming it correctly: ABAP language versions. Initially it was introduced for the usage in the key user editor in SAP S/4HANA Cloud. With SAP BTP ABAP Environment (aka Steampunk https://blogs.sap.com/2019/08/20/its-steampunk-now/ ) a second use case was introduced. In this blog post, I want to spend some words about this use case.
First, let me recap the basics of the concept of ABAP language versions (for more details read my previous post):
The concept is built of two pillars:
- Restricted syntax: only a well-defined part of the ABAP syntax tree is allowed in a specific ABAP language version.
- Released object check: only released SAP APIs (for example released classes and CDS views) can be used. The syntax check analyses the used SAP objects and checks if they are whitelisted.
The concept of ABAP language versions supports two targets:
- De-couple custom code from the SAP core by enforcing the exclusive use of released SAP APIs
- Minimize the risk of damages to the system or the data integrity/security
The ABAP language version is a property of the ABAP object, and so is independent of the used editor. This means, if you set a ABAP language version to, lets say “ABAP for Key Users” the syntax restrictions and release checks are executed an any case – whether you use the Web editor in the Fiori app Custom Fields and Logic, the Eclipse-based editor or the ABAP editor in SAPGUI.
Figure: Relation between ABAP sources, language version and ABAP editors
In an on-premise system, you can set the language version using the Eclipse-based ABAP editor (ADT) as shown in the following figure:
Figure: Set the ABAP language version in the Eclipse-based ABAP editor (ADT).
In Cloud systems, the ABAP language version is automatically set and cannot be changed. For example:
- SAP S/4HANA Cloud: the ABAP language version ABAP for key users is automatically set by the key user tools (e.g. Fiori app Custom Fields and Logic).
- SAP SAP BTP ABAP Environment: the ABAP language version ABAP for SAP BTP is automatically when creating new ABAP objects.
- When using the key user tools (e.g. Fiori app Custom Fields and Logic) in on-premise, the key user tools will also set the ABAP language version ABAP for key users.
Let us now shortly discuss the common parts and the differences between the ABAP language version ABAP for key users and ABAP for SAP BTP.
1) Both language versions are designed for use in Cloud. Therefore, they must not support all kind of statements that would endanger the operations in the Cloud: Examples are:
- Access to file system OPEN/CLOSE/READ/GET DATASET
- Low-level access to the database and to other clients: EXIT FROM SQL, EXEC SQL, OPEN/CLOSE CURSOR, SELECT CLIENT SPECIFIED, SELECT USING CLIENT
- Low-level access to the ABAP system: CALL CFUNCTION, SYSTEM CALL, SYSTEM EXIT
2) Some frameworks and technologies are no longer supported in Cloud development. This includes reports, list processing, dynpros. Thus, the related ABAP statement are forbidden.
3) Both language versions are designed to support “modern” ABAP, Therefore, obsolete statements are not supported. Here, ABAP for key users is stricter than ABAP for SAP BTP, because in the second, we want to support the migration of coding from on-premise to the Cloud ( How to bring your ABAP custom code to SAP Cloud Platform ABAP Environment ). For ABAP for key user use cases, we assume that coding starts on a green field and can be modernized to a larger extend.
Here are some examples for obsolete statements, which are forbidden in both language versions:
- COMPUTE, MAXIMUM/ MINIMUM, MOVE, TABLES, DATA WITH HEADER LINE
- DESCRIBE, WRITE TO, SEARCH
- EXPORT MEMORY, EXPORT SHARED MEMORY
For these statements, “modern” alternatives are available.
In ABAP for SAP BTP, some statements are available, but a warning is issued that they should be replaced by a newer syntax.
4) Working (creating and calling) with classes is supported for ABAP for Key Users and for ABAP for SAP BTP. In the Key user tools, you can create custom libraries (ABAP classes) only using the Fiori app Custom Reusable Elements.
Function modules (creating and calling) are supported in ABAP for SAP BTP only.
5) Dynamic programming is supported in ABAP for SAP BTP, but not in ABAP for Key Users.
6) Code (object) generation is supported in ABAP for SAP BTP, but not in ABAP for Key Users. For code generation in ABAP for SAP BTP, APIs can be used, see for example the following blog: https://blogs.sap.com/2020/05/17/the-rap-generator/
7) Asynchronous programming is supported in ABAP for SAP BTP, but not in ABAP for Key Users. But statement like CALL FUNCTION … STARTING NEW TASK, RECEIVE, WAIT are no longer supported. They are replaced by an API (CL_ABAP_PARALLEL).
8) Providing and implementing extensions is supported in ABAP for SAP BTP, but not in ABAP for Key Users. Thus, CALL BADI, GET BADI is supported in ABAP for SAP BTP (planned). Obsolete extension technology is not supported, e.g. ENHANCEMENT-POINT
9) For ABAP for Key Users is design for implementation of “code snippets” in exits, for example BAdI implementations and determinations, validations, actions in business objects. Therefore, direct manipulation (insert, update, delete) of tables (even for custom tables) is not supported here.
10) System variables (SY-) are also subject to allowlisting. Some of them are no longer available due to the Cloud environment or non-supported frameworks (e.g. dynpro). All others are only available for read-only access and a warning is raised. For use cases like language, time, etc. APIs are provided that must be used, e.g. class CL_ABAP_CONTEXT_INFO.
11) Finally, what is “in” for both language versions?
- Statements for the program flow: IF, CASE, WHILE, DO, TRY, …
- Statements for working with data type, including field symbols: DATA, TYPES, CONCATENATE, ASSIGN
- Statements for working with internal tables and selecting data from the database: APPEND, LOOP, SELECT, READ, …
Let me conclude with a list of useful documentation:
- List of statements for ABAP for key users: Statements in ABAP for Key Users – SAP Help Portal
- Documentation for ABAP for SAP BTP: https://help.sap.com/viewer/product/ABAP/CLOUD/en-US
- Note: You can switch between the documentation for ABAP for SAP BTP and the on-premise versions by using the dropdown list box on the top of the page.
- ABAP Language Versions in the documentation: https://help.sap.com/doc/abapdocu_754_index_htm/7.54/en-US/index.htm → ABAP – Overview → ABAP Language Versions
- Defining the language version of an ABAP program: https://help.sap.com/viewer/c238d694b825421f940829321ffa326a/201909.000/en-US/d1a64e928ef848c6acafdcd93269b7fd.html
Nice and crisp overview !
Is CONCATENATE an obsolete statement or not?
It's inclusion in ABAP in the Cloud would tend to indicate it is not. However the ATC checks in the "Code Pal" used to saysay that CONCATENATE is obsolete.
CONCATENATE is obsolete. SAP has released it in the language version for key users and Cloud dev because it is oftern used.
The current recommended syntax is: x = a && b && c.
Or using string templates myname = |Thomas{ nickname }Schneider|
> WAIT are no longer supported. They are replaced by an API.
Could you please let me know which API you ment?
The API for parallel processing is CL_ABAP_PARALLEL.
here you mean system calls, but what about usual FM calls? I haven't found them mentioned in text, except parallel ones. Do we allow to call functions in ABAP SCP version?
Yes creating and useing function modules is supported.
Is there a list of objects supported for ABAP on SCP(Version 5) has also been published somewhere like SAP did for List of statements for ABAP for key users?
This is basically the index of the ABAP documentation (see link in my blog, then go to index).
Thanks for sharing this Thomas. This is really helpful.
Best Regards,
Srini B
Hi Thomas,
I have several questions regarding the restricted ABAP settings:
Best regards
Gregor
Hi Gregor,
very good questions. Just to make sure that I understand the context of the questions correctly. They are related to on-premise. Because:
As your questions call for a detailed answer, I will create a new blog post with focus on on-premise.
Best, Thomas
.
Hi Thomas,
my questions are related to an on-premise S/4HANA installation. But we would like to enforce to use only released APIs (CDS views).
Best regards
Gregor
Hi Gregor,
see my new blog post Restricted ABAP and SAP S/4HANA On-Premise. It provides the information on what is possible on premise. It particularly answers the question 1 & 3.
Question 2: there is no reporting on the "lines of code". What I would recommend: run the "Cloud readiness" ATC check and count the number of violations in your code. This would be a good KPI from my point of view.
Question 4: BAPIs are technically (in terms of the whitelisting framework) not released because they cannot be used in language version ABAP for Key Users. And the whitelist for language version ABAP for SAP Cloud Platform contains Basis objects only (because it is originally built for SAP Cloud Platform ABAP Environment, which a "Basis-only" offering). This is a limiting factor for the use of the whitelisting framework in on-premise.
Best regards, Thomas
.
Hi Guys,
In the S4/HANA cloud world - extended edition, is setting defaulted to "ABAP for Key Users" in ADT? Documents state that development can be performed via SAP GUI as well but not sure how the restrictions play in.
Thanks
-A
The technical setup in S/4HANA extended edition is on-premise-like. See: https://blogs.sap.com/2020/07/23/restricted-abap-and-sap-s-4hana-on-premise/
The language version in ADT and in SE80 is not defaulted. It can be optionally set.
Hi Thomas,
Thanks for the answer. Another question:
We are considering EX, but have a lot of questions regarding the custom code which we have been writing on our onPrem system. What’s the best way to find if can move custom code to EX which we wrote for ages? Is ATC the only way to check compatibility?
If yes, do we use ABAPGit or Transport system ?
On S4HANA cloud, which ABAP language is enforced at SE80 level ?
Thanks
A
Please refer to the blog post How to bring your ABAP custom code to SAP Cloud Platform ABAP Environment as a starting point for your code migration. It describes e.g. how to use abapGit and the checks that you can perform.
On S/4HANA Cloud, SE80 is not available.
Best regards, Thomas
Hey Thomas Schneider,
I have a question with regards to this point:
White-listing check: only whitelisted SAP APIs (for example white-listed classes and CDS views) can be used. The syntax check analyses the used SAP objects and checks if they are whitelisted.
Where can we find a list of all the whitelisted SAP APIs? I think providing something like this is a must. According to my Google search, there is an app called "Released ABAP Artifacts" that should provide this. But it is only a desktop application, and requires some special rights to access. Would it be possible to provide a web, free-to-access app of whitelisted APIs? Otherwise, if we get a Cloud Trial account to experiment with some features, we are just shooting in the dark with regards to what we can do. For example, the use of "if_http_client" interface is not permitted. So how am I supposed to know which API is whitelisted for sending HTTP requests?
Best,
Stoyko
The list of whitelisted APIs depends on the product you are using, and therefore the tool is different and embedded in the product.
For SAP Cloud Platform ABAP Environment the tool is in the Eclipse-based ABAP development tools (ADT) -> Project Explorer -> Released Objects.
This tool is of course also available in the free SAP Cloud Platform ABAP Environment trial account (but unfortunately not in a free web tool).
Your concrete question: the cloud-ready replacement for “if_http_client” is "IF_WEB_HTTP_CLIENT".
Best regards,
Thomas
.
Hey, Thomas,
This is of course a perfectly valid solution too! I was not aware that we could also find the Released objects within Eclipse itself. (In fact, I think that's a problem that's all too common in ABAP - it's not that you can't do stuff with it, it's just that information about how to achieve it is lacking... but that's off topic!)
Thank you for the very fast and concise reply!
Best,
Stoyko
Hey Thomas,
in this course many classes are no longer supported I guess, e.g. the class cl_rsda_csv_converter. Are there alternative possibilities or is there a list of obsolete classes with alternatives?
Beste Regrads
Mehmet
There is unfortunately no comprehensive list of obsolete classed and function module with their successor. However, for important functions, SAP provides a successor information. You can see this for example for the function module SI_UNIT_GET. When you open the API state window in ADT, you can see that the status is "Not to be released" and a successor CL_UOM_CONVERSION is maintained.
But, as mentioned, you cannot expect this for all thousands of classed and function module, data types, etc. in the ABAP platform.
Thank you for your quick answer Thomas!
Hi Thomas Schneider,
thanks for sharing this article.
Am I right that point 8) is outdated? Im also confused that it says "Providing and implementing extensions are not supported for ABAP for Key Users", because this article 2019 is about exactly that - no?
https://blogs.sap.com/2019/11/01/business-logic-extensions-cloud-badis-in-sourcing-and-procurement-self-service-procurement/
Thanks for making things clear for me!
Kind regards
Jan
Hi Thomas,
Thank you for summarizing. Few Questions.
Hi Santhosh, sorry I cannot answer questions on specific frameworks of objects here.
For parallel processing, IF_ABAP_PARALLEL / CL_ABAP_PARALLEL is released
For streaming, classed such as CL_ABAP_*_READER are available. Please check if they support your needs.
Is there a way to prompt for values when executing an ABAP class inside ADT? In the old days we’d use PARAMETERS. Thanks
Although this feels a little bit like stepping on a grave (given how old this blog is), but I did not find any relevant mentions of CL_ABAP_PARALLEL anyhwere.
My topic is the following:
According to the blog, the class CL_ABAP_PARALLEL can also be used to achieve async programming (fire & forget, just like FM with STARTING NEW TASK):
However I was not able to achieve that, i haven't found any documentation, examples (all examples are targeted towards parallel processing, not async processing, also the ones in report RS_ABAP_PARALLEL_EXAMPLE or the class itself) which showed how this can be achieved.
Would be happy if someone could give me a hint (or just state that this is indeed not possible).
Thanks & best regards
Matthias
CL_ABAP_PARALLEL has in in place documentation with examples, for example:
"! In the first example the method RUN_INST of class CL_ABAP_PARALLEL is used. The method can be used<br>
"! to perform the parallel processing for instances of ABAP Objects. <br>
"! <br>
"! First you have to define a processing class, which implements the interface <br>
"! IF_ABAP_PARALLEL. The parallel processing starts with method IF_ABAP_PARALLEL~DO. <br>
I am sorry, if this does not fit to your use case.
best regards, Thomas
Hello Thomas,
thanks a lot for your quick reply. So, in a nutshell, CL_ABAP_PARALLEL does not support async processing the way I described (fire & forget) but is (as the name suggests) focused on parallel processing.
Is there any whitelisted API/class for async processing (e.g. a real replacement for FM ... STARTING NEW TASK) or would this go by some kind of job (similar to SUBMIT...VIA JOB)?
Regards
Matthias
Hi Matthias,
Did you ever find a solution for implementing async processing?
Kr,
Arne
Hello Arne,
nothing besides the old ways already mentioned. However the implementation of the migration cockpit might be worth to have a look at as data validation for example is done in an async way. Also, if I find anything "newer" I'll mention it here.
Regarding the SUBMIT ... via JOB: There is an API available for that, see https://help.sap.com/docs/btp/sap-business-technology-platform/maintaining-application-jobs-using-api?locale=en-US
Best regards
Matthias
Hi Matthias,
Thanks for getting back to me.
In the mean time I've contacted SAP directly and they confirmed that at the moment the only possibility for async processing is using the Job API you mentioned as a workaround.
On BTP, only business users can schedule a job. So for our case we had to look outside of ABAP (and to CPI) to achieve async processing.
See also answer here: https://answers.sap.com/questions/13741555/scheduling-a-btp-application-job-from-postmanexter.html
An alternative is in the works, but no release date yet confirmed.
Kr,
Arne
Hi Thomas,
your insights, including the answers, have been very helpful. Many thanks for that!
My question is:
Our team's goal is to make a not small ABAP application cloud-ready. This application has many oData services created using SEGW and are all based on DDIC structures. The question is, will these services continue to work? If not, what is the best approach to make them abap cloud ready?
Thanks
Fouad
SEGW is no longer supported in SAP BTP ABAP environment. This means, you can keep your DDIC tables, but then you have to create CDS views and OData services using RAP.
Best regards,
Thomas
.