STAUTHTRACE – SAP System trace for Authorization checks

STAUTHTRACE is the new SAP transaction to track the authorization issues based on the authorization logs.

Advantages of STAUTHTRACE compared to ST01 transaction

• STAUTHTRACE – System Wide trace option can be activated to get the trace for all application servers at a same time also we can fetch and deactivate all server trace from the single point.
• ST01 – If a system has 3 different application servers, we have to login to 3 servers separately and activate and deactivate the trace in all servers if we don’t have any idea about the server which user is logged in. Also we have to fetch the trace from different servers separately.

• On the above screen you can select the logs only for errors as well
• STAUTHTRACE – We can remove the duplicate traces in the trace report while analyzing the logs
• ST01 – Doesn’t have the option to remove duplicate entries before we download the trace logs

• STAUTHTRACE – Log report fields are easy to understand and analyze compared to ST01 trace

How to activate trace in SAP STAUTHTRACE

• Logon to SAP >> Transaction STAUTHTRACE >> Enter the USER ID in trace for user only field >> Select System Wide Trace tab >> Select All Servers >> Activate Trace >>Trace Status will change to Authorization trace is switched On.

How to de-activate trace in SAP STAUTHTRACE

• Logon to SAP >> Transaction STAUTHTRACE >> Select System Wide Trace tab >> Select All Servers >> Deactivate Trace >> Status will change to Trace is Switched Off.

How to evaluate the trace logs in SAP STAUTHTRACE

• Logon to SAP >> Transaction STAUTHTRACE >> Enter the USER ID in trace for user only field >> Select System Wide Trace tab >> Select All Servers >> Evaluate >>Error messages will be in red color.
• Check the missing authorization objects and value>> Search the suitable roles from SUIM transaction and assign to users to fix the authorization error.

Thanks

Ansuha Meluveetil