Authorization Error Analysis Functions
If you have imported the Support Packages from SAP Notes
968915 
,
1008990 , and
1033149 , the following special functions are available to you in transactions
SU53 and
SU56.
Functions in SU53
You can use the print function to print the fully-expanded tree of authorization data.
If the user in question has already started transaction SU53 himself or herself, you can use the Other User button to display the failed authorization check of another user.
Functions in SU56
You can use the print function to print the fully-expanded tree of authorization data, or you can print all authorization objects with the associated class and the name of the authorization that contains the object.
For Other User/Authorization Object, the input help offers all users of the system or all objects from the user buffer of the selected user.
The tree display contains an empty class with an authorization object, if there are authorization objects in the user master record that are not assigned to a class.
The tree display only contains role or profiles of a reference user for an authorization object if the authorizations are not contained in a role or a profile that is assigned directly to the user.
Functions in SU53 and SU56
The search only shows the next hit in the tree display. To display all hits in a separate window, use the search in the print preview ( Text View button). You can also select sections of the tree in the print preview.
The tree display contains all profiles (composite and single profiles) that are assigned directly to the user and which contain the authorization. If the authorization is contained in a single role that is, in turn, contained in a composite role, only the single role that is indirectly assigned to the user is displayed.