SAP ABAP Message Class /IWBEP/COS_SUTIL Message Number 001 (Log level and authority for error log)
Hierarchy
SAP_GWFND (Software Component) SAP Gateway Foundation
   OPU-BSE (Application Component) Gateway Business Suite Enablement
     /IWBEP/COS_SUPPORTABILITY (Package) Gateway - Common Services - Supportability
Attribute
Message class /IWBEP/COS_SUTIL  
Short Description Gateway Support Utilities    
Message Number 001  
Documentation status       Space: object requires documentation
Authorization check Error Message      
Changed On 20131127   
Message Text
Log level and authority for error log
Help Document

Diagnosis

System Response

Procedure

Available Levels

Due to SAP security standards there are two levels available for the error log.

  • Secure Level

    This is the default level. This level is necessary to do a first problem analysis and has the following properties:

    • Error returned by provider application will not be logged at all.
    • In case of technical problems one or more error log entries might be written but they do not contain any information about service name, HTTP request or response payload.
  • Full Level

    No limitation. This level is necessary to analyze the application error or to do further analysis of technical problems if information about the currently used service request is needed.

Authorization Object

The authorization object S_ADMI_FCD with parameter PADM is needed to configure the log level and display sensitive details of error log entries.

How to Configure the Error Log Level

  1. Run transaction /iwbep/error_log.
  2. Choose Error Log-> Global Configuration.

    A pop-up will appear for changing the log level

This setting is effective for all users of the current SAP client and is valid until the next change.

Even if secure level is configured for the current client, you can change the log level for a specific user to do further error analysis as follows:

  1. Run transaction /iwbep/traces.
  2. Choose Add user.
  3. Enter the user name.
  4. Change the log level from secure to full.

    This user setting is valid for 2 hours.

If the log level for the current client is already set to full, any level change for a specific user does not make sense and will not be supported.

Display Error Log Entries

  • If a log entry was written with secure level, sensitive data will be shown as ***Hide_due_to_secure_log_level***.
  • If a log entry was written with full level but authorization object S_ADMI_FCD with parameter PADM is not assigned to the current user, sensitive data will be shown as ***No_authority_to_see_detail***.

Replay Functionality

Replay a service request requires the whole request payload. A replay is therefore only available for log entries written with log level full. Moreover, authorization object S_ADMI_FCD with parameter PADM must be assigned to the current user to replay a service request from within the error log.

Procedure for System Administration

History
Last changed on/by 20131127  SAP 
SAP Release Created in   200