ABAP log

September 17, 2007

Can’t run SAP database utility? Nevemind.

Filed under: ABAP, SAP, security — abaplog @ 8:03 pm

When I change a database table, adding or deleting fields for example, I always have to use the database utility to have DDL commands like ALTER TABLE executed on the underlying SAP database. This works well in a development environment, but normally it is (and has to be) prohibited for a normal developer in other systems. Things can get even more complex if I am doing tests of, say, a new index in some “other” system and want to drop and recreate an index during my tests. Looks for a help from guys guarding the system? Forget the tests then. But I always remember that many “forbidden” tasks can be done by running some standard report. There is always a great chance that all you need is an authorization for SE38 and the report you use doesn’t do any further checks.

This was exactly the case with the database utility. The screen that comes in SE14 is actually nothing else than a wrapper program that asks you for parameters (what has to be done) and then runs a report to do the job. If you request this to be done in background then of course you can see which program was run and what were the parameters passed. The possible parameter values of this program can be simply learnt by looking at its ABAP code. That was what I’ve done and this saved me some hassles during testing.

The fun is that the program doesn’t do any checks at all – it’s supposed to be run exclusively by SE14. No popup questions to confirm anything. (Hey, are you sure you want to DROP this TADIR?) No matter which system. Can be quite useful if your just-transported database index brings the production system down – you can drop it quickly. If you are lucky to don’t mistype the parameter values.

Create a free website or blog at WordPress.com.