Skip to end of metadata
Go to start of metadata

Use

Sometimes you may face a strange behavior in DMS functions which are caused by wrong authorization customizing or you do not know how and where authorization objects are checked by the system. So this page explains how an authorization trace is started in transaction ST01. This trace shows all checked authorization objects, the values which are handed over to the check and which object leads to the missing authorization behavior.

 Solution

To use the ST01 Trace for checking the authorization objects please go to transaction ST01 and set the flag for 'Authorization check' first. Then press the 'Trace on' button and leave the transaction.
For executing a more detailed  authorization check you can also maintain some filter criteria by using button 'General Filter'. Here you can define a special user name or some other data which restricts the amount of data which is logged in the trace result.

Now execute exactly the same steps which lead to the mentioned authorization warning message. Afterwards please return to transaction ST01 and press the 'Trace off' button. Then press the 'Analysis' button and on the next screen choose Execute. 

Now a list with all checked authorization objects should appear and the one which is responsible for the warning message should be marked in red.

If you face problems with the complexity of this output list please see the following link which explains how another report can help to analyse the result of the ST01 trace better:
http://wiki.scn.sap.com/wiki/x/CAF6C

Back

2 Comments

  1. Former Member

    It makes sense to first restrict the filter and then activate the trace.

    A trick is to intentionally call nonsense tcodes via ok-code /OSE16 etc to "mark" locations in the trace, which can get quite long.

    A well hidden gemstone is to double-click the line item in the trace display and in the top left corner there is a button called "go to source"...

    Cheers,

    Julius

  2. Did you ever have struggled with the complicated list output of the authorization trace, transaction ST01?

    Well, in this case you might love this small Report ZSHOWAUTHTRACE which reads the current trace file and shows the authorization trace data in a simple to use grid format: https://wiki.sdn.sap.com/wiki/display/Snippets/Show+ST01+authorization+trace

    This report made it to become part of the standard, too. Have a look to transaction STAUTHTRACE in systems running  SAP_BASIS 7.03 or higher.