Display multiple authority-checks, source code location and return & reason-codes when analyzing users
Contrary to popular belief, SU53 displays the last failed authority-check statement and not necessarily the authority which needs to be added to the role to solve the problem (or make the faulty configuration go away).
What would be very useful for analysis is to be able to collect information similar to the ST01 trace from a user specific transaction similar to SU53, such that the authorization support can see the transaction context of the user at the time, the report ID, the dynpro number (basically, the source code location) as well as the kernel return code and a reason code for it should the kernel have changed the return code. This would help to solve a lot of misunderstandings about ABAP authorizations and point to better configuration solutions.
Update: This request was implemented in SAP Note 1373111 - Improvements to authorization trace. Thank you SAP!