Show TOC

Maintaining Authorization Fields Using Trace Evaluation in Transaction PFCGLocate this document in the navigation structure

Prerequisites

You are editing authorizations for a role with transaction PFCG.

Procedure

  1. Choose the Trace button.

    A dialog box appears, showing the first authorization. You can use the arrow keys or the input help to display the other authorizations for the application.

  2. Select the authorization that you want to edit.

    You cannot change the start authorization objects with standard authorizations (S_START, S_TCODE, S_SERVICE, S_RFC).

  3. To transfer relevant data from a trace for this authorization object, choose the Evaluate Trace button. You have the following options:

    • You can evaluate the authorization trace, either by choosing Start of the navigation path Authorization Trace Next navigation step Local End of the navigation path to analyze the trace for the current system, or by choosing Start of the navigation path Authorization Trace Next navigation step Target System End of the navigation path to analyze the trace of a remote system.

    • You can evaluate the system trace (transaction ST01 or STAUTHTRACE), either by choosing Start of the navigation path System Trace Next navigation step Local End of the navigation path to analyze the trace for the current system, or by choosing Start of the navigation path System Trace Next navigation step Target System End of the navigation path to analyze the trace of a remote system. You then start the trace and perform the actions that are relevant for the authorization check for the object.

    For the local system trace, a dialog box appears, containing buttons with which you can control the trace.

    1. To display trace data that exists, choose return, or the Evaluate button.
    2. To start the trace, choose Activate Trace.
    3. Execute the application as fully as possible in a separate session on the same application server.
    4. Deactivate the trace by choosing Deactivate Trace.

    5. Display the collected trace data by choosing return or the Evaluate button.

      In the case of the system trace in a target system, only the Evaluate button is available in the dialog box. Before you can evaluate data for the target system, start the trace in the target system specified in the RFC destination, execute the application as fully as possible on the same application server as the one the trace is running on, and then end the trace. The system, the client, and the server are displayed as a heading above the trace result.

  4. To transfer the field values of an authorization object from the trace, select the field or the entire row or column containing the values to be transferred. Then choose the Apply button.
    You can use the Callpoints button to find the points in the program at which the authorization check is performed with this object, field, and value. The authorization trace records this combination only once, even if it is included multiple times in different programs.