In this blog post you will learn about system trace for authorization checks (Transaction Code STAUTHTRACE).
Sometimes you still can do transaction which you don’t have authorization for some detail.
Example case : in your authorization object you can do settlement project (Transaction Code CJ88) for company code 1100 only. But you can do settlement for project in company code 1200 actually.
The best solution from that case is you can trace authorization object by transaction code STAUTHTRACE.
For detail process will be explained in Main section.
If we want to trace our authorization check =
1.Go to transaction code “STAUTHTRACE
2.Select “Activate Trace” in initial screen STAUTHTRACE
Trace status will be change to “Authorization trace is switched on”
3.Go transaction which we want to check it and do execution. Example = Transaction settlement (Tcode CJ88)
4.Back to STAUTHTRACE.Select Username, Date and Transaction code
5.There will be report list based on input parameter.
Be aware for transaction which have Deactivated value in additional information for check
There are 4 type of Deactivated value =
For every deactivated value have different solution
|Add. Info. For Check Value||Short Desc.||Solution|
|A||Deactivated Globally||Use transaction AUTH_SWITCH_OBJECTS to maintain it.|
|B||Deactivated in this Transaction||Use transaction SU24 to maintain it.|
|C||Deactivated During “Call Transaction”||Use transaction SE97 to maintain it.|
|D||Deactivated by Profile Parameter||Use transaction SE97 to maintain it.|
We can solve several authorization problems with system trace for authorization check (Transaction Code STAUTHTRACE).
Thanks and regards