Analyzing Authorization Checks
Should you not find any documentation for an authorization, the system offers two ways to find out which authorizations are required:
You can use the system trace to record authorization checks in your own sessions and in other users' sessions. The trace records each authorization object that is tested, along with the object’s fields and the values tested.
For more information, see
By entering Transaction
You can use Transaction SU53 from any of your sessions, not just the one in which the error occurred. You cannot analyze an authorization error in another user’s logon session from your own session.
Example: Upon selecting a function, the system responds with the message "You are not authorized for this function." If you enter
SU53 or /nSU53 in the command field, the system displays the authorization object that was just tested and the authorizations, if any, that you possess for that object.To deactivate this function, set the system profile parameter auth/check_value_write_on to 0.