Show TOC

Using the System Trace to Record Authorization Checks (Transaction STAUTHTRACE)Locate this document in the navigation structure

Context

The trace in transaction STAUTHTRACE is the detailed version of the traces available using the trace button in transaction SU22. It works in the same way as the System Trace (transaction ST01). However, it only evaluates authorization checks.

Procedure

  1. If necessary, set Trace Only for User and start the trace by choosing Activate Trace.

    The system writes the trace data in the current trace file.

  2. Execute the application as fully as possible in a separate session on the same applicaiton server.
  3. Deactivate the trace by choosing Deactivate Trace.
  4. You can optionally restrict the results display with the options under Restrictions.

    If you choose Filter Duplicate Entries, identical authorization checks (consisting of the same combination of authorization object, fields, and values) that the trace recorded at two different times are only displayed once.

  5. Choose Evaluate.

Results

You can use the standard ALV functions to filter the read trace records in the result list. The following functions are also available:

  • Display callpoints in ABAP programs

    You can use the Callpoints button to find the points in the program at which the authorization check is performed with this object, field, and value.

  • Display authorization object

  • Documentation for authorization object

  • Display user