SAP ABAP Message Class /IWFND/COS_SUTIL Message Number 002 (Function not available due to secure Error Log Level)
Hierarchy
SAP_GWFND (Software Component) SAP Gateway Foundation
   OPU-FND-CS (Application Component) IWF Common Services
     /IWFND/COS_SHARED_OBJECTS (Package) GW Framework - Shared Objects among Package /IWFND/COS
Attribute
Message class /IWFND/COS_SUTIL  
Short Description SAP NetWeaver Gateway Support Utilities    
Message Number 002  
Documentation status       Space: object requires documentation
Authorization check Error Message      
Changed On 20141120   
Message Text
Function not available due to secure Error Log Level
Help Document

Diagnosis

System Response

Procedure

Available Levels

Due to SAP security standards there are two levels available for the error log.

  • Secure Level

    This is the default level. This level is necessary to do a first problem analysis and has the following properties:

    • Error returned by provider application will not be logged at all.
    • In case of technical problems one or more error log entries might be written but they do not contain any information about service name, HTTP request or response payload.
  • Full Level

    No limitation. This level is necessary to analyze the application error or to do further analysis of technical problems if information about the currently used service request is needed.

Authorization Object

Using transaction SICF with the assigned authorization object S_ADMI_FCD with parameter PADM , you can activate, deactivate and display HTTP traces containing the whole request and response payload.

This authorization is therefore needed to configure the log level and display sensitive details of error log entries.

How to Configure the Error Log Level

  1. Run transaction /IWFND/ERROR_LOG.
  2. Choose Error Log-> Global Configuration.

    A pop-up will appear for changing the log level.

    This setting is effective for all users of the current SAP client and is valid until the next change.

Even if secure level is configured for the current client, you can change the log level for a specific user to do further error analysis as follows:

  1. Run transaction /IWFND/TRACES.
  2. Choose Add user.
  3. Enter the user name.
  4. Change the log level from secure to full.

    This user setting is valid for 2 hours.

If the log level for the current client is already set to full, any level change for a specific user does not make sense and will not be supported.

Display Error Log Entries

  • If a log entry was written with secure level, sensitive data will be shown as ***Hide_due_to_secure_log_level***.
  • If a log entry was written with full level but authorization object S_ADMI_FCD with parameter PADM is not assigned to the current user, sensitive data will be shown as ***No_authority_to_see_detail***.

Not available Functionalities due to Secure Log Level

Some functionalities such as replay a request, navigate to transaction/IWFND/MAINT_SERVICE or display the current service implementation in backend system require either the whole request payload or information about service namespace and service name but these data were not saved in the error log entries due to secure error log level. Therefore, if you want to use these functionalities you have to reproduce the errors to get new error log entries with all necessary information.

Procedure for System Administration

History
Last changed on/by 20141120  SAP 
SAP Release Created in   250