I recently faced
authorization issue. As usually I sent an output of t-code SU53 which is evaluate
of authorization check to SAP security team. As colleague from the security had
some issues with finding the objects which authorization was missing to be
granted for my user we sat together to see the issue. While we were working on
it he showed my new interesting t-code of which existence I wasn’t aware
before. It is the t-code STAUTHTRACE.
The t-code allows system-wide
trace evaluation. This solves very common issue in case of system with multiple
application servers. In such a case you need to perform analysis of authorization
checks on particular server where user is logged to.
The trace in the t-code is
very detailed. It basically shows all trace (similarly to t-code SU22) needed
for analyze any kind of AUT issues. The trace so detailed but is limited authorization
checks only.
The new t-code is
available as of following NW releases: NW Basis 700 SP27, 701 SP12, 702 SP12,
730 SP8, 731 SP5 and NW 74+.
More information:
1707841 -
STAUTHTRACE: System-wide trace evaluation
1603756 - Using
StAuthTrace to record authorization checks