Automate System Analysis with SAP GUI Scripts
- Security
SAP GUI scripts
SAP allows you to automate repetitive processes with appropriately written scripts.
In order to be able to run them on the system, the environment must be properly prepared:
- SAP GUI - enable scripting support in settings
- SAP system - set the sapgui/user_scripting parameter on the system to TRUE
SAP GUI script development
By default, SAP GUI scripts are written in VBA (Visual Basic for Applications) language. VBA allows you to establish a session with the SAP GUI and then perform appropriate operations on it. Such a script consists of lines finding the appropriate element in the SAP GUI according to its predetermined path, and then performing an action on such an element, such as typing text or clicking a button.
For example, the path may look as follows:
wnd[0]/tbar[0]/okcd
The first element is wnd (window). The zero index indicates the main window of the application, subsequent indexes can be, for example, pop-ups that appear after some action is performed. After the '/' sign there is tbar[0], which is the first toolbar in SAP GUI. After another '/' sign there is already a specific element, in this case okcd, which is the field into which TCODE is entered.
Automagica
In that case, do you need to learn VBA language to write scripts for SAP GUI? The answer is no. With help comes the open source Automagica library. Automagica allows you to perform the same actions on SAP GUI using the Python language.
In addition to SAP GUI support, Automagica also allows you to make mouse movements, use Microsoft Excel, send emails and much more.
Application
With the Automagica library, it is possible to automate many repetitive processes.
For example, in conjunction with the SAST tool, you can automate the analysis of transactions used by the user. You can automatically run the dedicated SAST functionality and then download the data to Excel. Below is sample code that accomplishes this:
#init SAPGUI
sap = SAPGUI()
#login
sap.login(sap_system_name, sap_mandant, sap_username, sap_pass)
#enter tcode
sap.set_text('/app/con[0]/ses[0]/wnd[0]/tbar[0]/okcd', '/n/sast/us_user_activ')
#run transaction
sap.click('/app/con[0]/ses[0]/wnd[0]/tbar[0]/btn[0]')
#input user name
sap.set_text('/app/con[0]/ses[0]/wnd[0]/usr/ctxtSO_USER-LOW', 'suspect')
#execute
sap.click("/app/con[0]/ses[0]/wnd[0]/tbar[1]/btn[8]")
#result to spreadsheet
sap.click(“/app/con[0]/ses[0]/wnd[0]/tbar[1]/btn[46]”)
sap.click(“/app/con[0]/ses[0]/wnd[0]/tbar[1]/btn[43]”)
press_key('enter')
sap.click(“/app/con[0]/ses[0]/wnd[1]/tbar[0]/btn[11]”)
Then such a script could run another SAST functionality, showing the SoD conflicts used by the same user, and downloaded them into another Excel file.
Finally, operating on Excel alone, the script could, by performing operations on the cells, generate a final report of conflicted transactions in a form that allows the authorization team to conveniently and transparently review the conflicts and decide whether to revoke privileges or mitigate the conflict.