How to identify interfaces on SAP ERP and BW systems

Introduction :

Installations of SAP ERP and BW systems can over time accumulate hundreds of interfaces, i.e., they exchange data with a huge number of connected systems. After several years, the available documentation on these interfaces is often inadequate and incomplete, since new interfaces are frequently added, while others are being retired or changed.

A complete and up-to-date register of interfaces is very crucial for the success of following project activities.

• The migration of the system to another data center or a cloud environment, while the connected systems remain in their location.
• The refresh of a QA system including the re-establishing of the interfaces.
• The decommissioning of a system, requiring all infaces to be migrated to successive systems.
• Major business changes such as carve-outs or reorganizations.

An incomplete knowledge of the existing and productively used interfaces can result in interrupt of business-critical processes.

The aim of this document is to briefly touch on the most important techniques and mention the relevant key aspects which can serve as starting points for searches in other sources of information.

General Considerations :

There are various ways to categorize interfaces. According to the direction of data being transferred we can label them as inbound or outbound interfaces. (Note that an interface can also exchange data in both directions which can be called bidirectional and represents a combination of inbound and outbound interfaces.) A second important characteristic of an interface is whether the connection for the data transfer is opened by the “local” system (i.e. the system for which we want to identify the interfaces) or the “remote” (or partner) system which receives or provides the data.

Based on these two parameters (inbound/outbound and initiating system) we can thus consider four principal types of interfaces which are schematically illustrated in the following graph. (Note that the terms “Pull” and “Push” assume the perspective of the system which receives the transferred data).

Interface Types and Technologies :

A variety of types and technologies can be used to create interfaces between an SAP system (ERP or BW) and a remote system (SAP or non-SAP). Most commonly used are:

• ?? Remote Function Calls (RFC)
• ?? Database connections
• ?? Web Service calls
• ?? 3rd party connectors
• ?? Middleware's and ETL tools
• ?? (s)FTP (File Transfer)

This document will not go into details of the various technologies but will focus on how to identify existing interfaces in a given SAP system.

Sources of Information :

When investigating (or even searching for) interfaces we are typically restricted to our own local system. Two important sources of information in the local system are indicated in the above graphical representations:

• Technical users: They are basically used in outbound interfaces using a pull transfer (type 1) and in inbound interfaces using push (type 4).
• Connection configurations: They are usually indications for outbound interfaces using a push transfer (type 2) and in inbound interfaces using pull (type 3).

Technical Users :

In an SAP ERP or BW system we find technical users of different types or on different layers of the architecture:

a)????? ABAP/BW users

b)????? Database users, in particular HANA users

c)?????? Operating systems users / FTP users

In the following these three user types will be detailed and information will be given on:

• What is their purpose.
• How they can be identified.
• What additional information can be found and how can it be used.

ABAP/BW Users :

Users in the SAP application layer (i.e. ABAP/BW users) are created in transaction SU01. They are used in RFC connections and web service calls, but can also be used by 3rd party connectors, middleware and ETL tools. Important tools to identify technical ABAP/BW users are:

• Transactions SUIM and SU01D
• Table USR02

Technical ABAP/BW users can be identified by User Type = B in transaction SUIM as shown below screenshot.

Note : However that not every technical ABAP/BW user corresponds to a respective interface! Technical users are also used to run background jobs in ERP and BW systems. Additional information or indications such as naming conventions, descriptions, owner/sponsorship, or the authorizations of the technical users are required to identify a technical user as related to an interface.

Depending on the result different conclusions can be drawn:

• ?? Last logon date recent (less than e.g. 6 months): This indicates an actively used interface.
• ?? Last logon date not recent (more than e.g. 6 months): This indicates an interface which has become obsolete.

Logon date indicated as “Not in Use”.

This indicates a technical user not used for an interface (but rather for background jobs) or an interface user which had been set up but was never actively used.

Another useful source of information on technical ABAP/BW users used in interfaces is the security audit log, which can be read using transaction SM20. It provides information about the times when the interface is active as well as from which server the connect is initiated.

A last source of information about a technical user (and thus the related interface) is provided by the authorizations of the technical user. Analyzing the authorizations requires some knowledge about SAP (BW) authorizations and will therefore not be detailed here. But it should be noted that the authorizations of a technical user can provide information about the nature of the data which is transferred by the interface as well as about the technology used.

HANA Users (Database Users) :

The analysis of HANA users requires respective (HANA) authorizations and access to the HANA database server via HANA studio. “Technical” users cannot as easily be identified as in the case of ABAP/BW users, there is no unique criterion. Ideally naming conventions allow the identification of technical users while the names of assigned roles could also help. Individual users can be found and viewed in the HANA studio using standard functionality in the menu “Security”:

As detailed above in the context of ABAP/BW users the time passed since the last logon gives indication on whether an interface (i) is in active usage, (ii) has become obsolete or (iii) was never (or not yet) actively used. Similar as in the case of ABAP/BW users also for HANA users the assigned authorizations can provide information about the nature of the data which is transferred by the interface.

(s)FTP Users (Operating System Users) :

On many SAP ERP or BW systems file transfer via (s)FTP is used to exchange data with non-SAP systems. For this purpose (s)FTP users (i.e. OS users) and directories are created on the application servers of the SAP ERP or BW systems. The exact setup of the directory structure for the file exchange can vary between different SAP installation. Comprehensive information about these (s)FTP users thus requires access on OS level. However also on the SAP application level certain about of information on (s)FTP users and directories can be obtained. Transaction AL11 provides some insight in the directory structure and the contents of the directories. The following screenshots give some idea what can be found in transaction AL11.

Note that (s)FTP directories can serve both for inbound and outbound interfaces. More and detailed information on the (s)FTP users like last successful logon however requires access on OS level to the SAP application server.

Summary on the investigation of users

The background and the details given in the sections above should help to find technical users on the local system and thus provide the basis for identifying interfaces of types 1 and 4.

Connection information:

As already indicated in the overview of interface types and technologies above, a variety of types can be used to connect an SAP ERP or BW system to a remote system (SAP or non-SAP). The most commonly used are:

• ? RFC connections (used with SAP and non-SAP remote systems).
• ? Database connections (used with non-SAP or SAP HANA Native remote systems).
• (s)FTP connections (typically used with non-SAP systems).
• Web service calls.

There are various sources in an SAP ERP or BW system where information on connections of these types to remote systems (and thus interfaces) can be found:

• ???Transaction SM59 (Configuration of RFC Connections)
• ? Transaction DB02 (Database Connections)
• SAP HANA Remote Sources
• ? Transaction WE20 (Partner Profiles)
• BW only: Transaction RSA1 Source Systems

RFC Connections:

The RFC connections can be found in transaction SM59.

ABAP Connections:

These provide the basis for the widely used data exchange between SAP Netweaver ABAP systems via IDOCs and transactional RFCs and thus also for the BW source system connections. In the configuration of an ABAP RFC connection the following information can be found:

• ??? Logical name of the remote system.
• ?? Target host of the remote system.
• Name of the technical user which is used in the login at the remote system.

In the case of a BW system these ABAP RFC connections (together with a counterpart on the remote system) provide the basis for the BW source system connections of types “BW” and “SAP”, see the respective section below.

Note that over the (often long) lifetime of an SAP system many connections can be accumulated, several of which may already have become obsolete over time. I.e. not every RFC connection is thus an indication for an active interface.

HTTP Connections to External Server:

Here connections can be found to external systems which provide the same information as in the case of ABAP connections (see above).

Logical Connections:

As the term indicates logical connection names can be defined which point to another “physical” connection as defined in one of the other categories. (It can be useful to have a common name for one connection throughout a system strand while the names of the connected systems can vary between DEV, QA, PROD.)

TCP/IP Connections:

Here (in contrast to the other RFC connection types) we find connections which are basically defined (and also opened) on the remote system. In the TCP/IP RFC connection configuration we only find the name of the connection and (most important) the program ID of the registered server program through which the remote system connects to our local system.

Database Connections:

On the ABAP application layer of an SAP ERP or BW system database connections can be found in transaction DB02.

Each of the connections we find here potentially represents an interface of type 3 or (less frequently) of type 2. Details in the configuration of these connections (such as connection name, user name, database host etc.) can help to identify the purpose of the respective interface.

In the case of a BW system, the database connections found here can serve as basis for BW source system connections of type “DB Connect”, see below. As in the case of RFC connections also here several of the database connections may have become inactive or obsolete over time.

SAP HANA Remote Sources :

Investigating the SAP HANA Remote Sources of an SAP (on HANA) system requires access to the HANA database and to SAP HANA Studio.

These SAP HANA Remote Sources can be used directly or as basis for BW source system connections of type “SAP HANA”.

Partner Profiles

In transaction WE20 the partner profiles can be viewed:

In large ERP systems this can be an important source for the identification of interfaces. In particular, interfaces which are connected through a middleware become visible in the partner profiles. This constellation is illustrated schematically in the below diagram:

In other words: Through a single connection to a middleware system (e.g. SAP PO/PI) a large number of remote systems (e.g. warehouse systems or manufacturing systems) could be connected. Information in the partner profiles can help to identify these remote systems and the data which is exchanged (e.g. through the message types).

BW Source System Connections :

In transaction RSA1 the source systems of a BW system can be viewed.

(s)FTP Connections:

Regarding (s)FTP connections see the respective section on (s)FTP users above.

Web Service Connections:

Connections through web service calls (either outgoing calls from the local system to the remote system or incoming calls from remote systems to the local system) can be difficult to identify. Web services can be found in transactions SOAMANAGER and SICF on the local system, however it cannot be easily determined which of them might be called from a remote system to establish an interface. However outgoing web service calls could even be more difficult to find since they might be “hidden” e.g. in ABAP coding.

Conclusion:

This document gives some information how interfaces could be detected on a given SAP ERP or BW systems. The hints given do by no means cover all aspects of interfaces on SAP systems nor will they enable to identify 100 % of interfaces on any systems. However, in combination with an available documentation (an incomplete or outdated list of interfaces, development guidelines, naming conventions etc.) the information in this document should allow to detect a fair amount of the remaining interfaces, which were not known at the start of the exercise.