#SAPSECURITY #SAPSECURITYANDAUTHORIZATIONS #ST01 #STAUTHTRACE
ST01 : Sometimes you may face a strange behavior in DMS functions which are caused by wrong authorization customizing or you do not know how and where authorization objects are checked by the system. So this video explains how an authorization trace is started in transaction ST01. This trace shows all checked authorization objects, the values which are handed over to the check and which object leads to the missing authorization behavior.
The New Transaction STAUTHTRACE
Use the transaction code STAUTHTRACE as a great new authorization trace for users, specific applications or authorization objects.
The outstanding features of this transaction code are how the results are displayed. The results are displayed in a table with among other things, the authorization objects and fields and field values with the result.
System-Wide Evaluation
The t-code allows system-wide trace evaluation. This solves a very common issue in the case of a system with multiple application servers. In such a case you need to perform analysis of authorization checks on the particular server where the user is logged to.
The trace in the t-code is very detailed. It basically shows all trace (similarly to t-code SU22) needed to analyze any kind of authorization issue. The trace so detailed but is limited authorization checks only.
Key Advantages with STAUTHTRACE
Improved handling of system trace for authorizations:
All advantages of ALV with optional filtering of duplicate entries
Type and name of application doing the authorization check
Option of system-wide trace (all servers of the system, same client)
Integrates into role maintenance
Integration in maintenance of authorization proposals
Very useful short-term traces of authorization checks
SUIM T-Codes : [ Ссылка ]
