How to analyze authorization issues in debug

The idea behind this document is to be a quick debug guide for functional consultants and explain how to find in debug which authorization objects are called.

There are many different transactions which are helpful when we are trying to analyze authorizations issue (SU53, SU24…).

However, in some cases it is useful to check the authorization objects in debug.

This is useful, for example, if we want to know exactly on which point of the transaction execution a given authorization object is called or which authorization objects are called for a given action.

In such cases, we can check the authorization objects in debug, using a break-point for the statement AUTHORITY-CHECK, which is used to check the authorization on ABAP.

Let’s analyze an example of how to check the authorization when releasing an order in debug.

Here, we want to know which authorization object is being called to control the release of a production order.

• The first step is to open a production order on transaction CO02.

• Before releasing the order we type ‘/H’ on the command to open debug and press enter.
• Now click the release button and the debug should be triggered.
• Here, select the menu ‘Breakpoints’ – ‘Breakpoint at’ – ‘Breakpoint at statement’

• Now, create the breakpoint on command “AUTHORITY-CHECK” as shown on the following picture

• Press F8 and system will stop exactly on the piece of code where the authority check is called.

Here, we can see that the authorization object B_USERST_T is being checked and we can also see exactly which values are being checked.

Check also the following document for a quick step-by-step to check an error message in debug:

How to analyze an error message in debug