Usage of SAP Trace
When the User has issues with a particular transaction you can ask him for SU53. But some times the SU53 will not show the right information. It will show PFCG transaction or S_DEVELOP object with Debug access. Which basically means that you have to go beyoun SU53.
Get the Data from the User for STAUTHTRACE
When you Use the SAP Trace get the data from the user. So you can execute the transaction and test the results before you update the role. This way you will avooid lot of back and forth with the user.
Typical Process for Trouble Shooting SAP Security Issues
When you face an authorization issue in the SAP System you ask the end customer to give the SU53 Screen Shot. Then you raise a ticket with screen shot of the output from SU53 which is evaluate of authorization check to SAP security team.
The tracing Option with ST01
The other option in trouble shooting the SAP Security issues is running through a trace with ST01. This is useful to identify the hidden object which are picked up by the transactions. This become more valuable when you are identifying object required by a web application accessing the SAP System. One example would be applications from SAP Portal which is executing the transaction in the backend.
The Problems with ST01
The out put data is like a text file and you have to download and you have cleanup the file to identify the required objects for the transaction. This is very tedious process and prone to errors
The New Transaction STAUTHTRACE
Use the transaction code STAUTHTRACE as a great new authorization trace for users, specific applications or authorization objects.
The outstanding features of this transaction code are how the results are displayed. The results are displayed in a table with among other things, the authorization objects and fields and field values with result.
System Wide Evaluation with STAUTHTRACE
The t-code allows system-wide trace evaluation. This solves very common issue in case of system with multiple application servers. In such a case you need to perform analysis of authorization checks on particular server where user is logged to.
The trace in the t-code is very detailed. It basically shows all trace (similarly to t-code SU22) needed for analyze any kind of Authorization issues. The trace so detailed but is limited authorization checks only.
Key Advantages with STAUTHTRACE
Improved handling of system trace for authorizations:
All advantages of ALV with optional filtering of duplicate entries
Type and name of application doing the authorization check
Option of system-wide trace (all servers of the system, same client)
Integrates into role maintenance
Integration in maintenance of authorization proposals
Very useful short term traces of authorization checks
SAP Trace RFC Communications:
When you setting up RFC Connections between SAP appliacation or non SAP Applications. It will be good to trun on the trace and identify the objects which are being used for the communication. Typcally you will provide full access to the ID and turn the SAP Trace to get the list of authorization objects.
Conclusion:
Use STAAUTHTRACE to trace the user Errors and RFC Communication related authorization objects. This will save time and give you information for trouble shooting. Always try to test yourself with the data provided by the user so you avoid back and forth communication.
[vc_row css=”.vc_custom_1512575306373{margin-top: 50px !important;}”][vc_column width=”1/3″][vc_cta h2=”Free Step by Step SAP License Optimization Guide” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”left-to-right” btn_add_icon=”true” css=”.vc_custom_1512579904776{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #3a80f1 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-license-optimization-guide%2F||” el_class=”c_action”]SAP Customer is liable to pay 70 Million additional SAP licensing fees as a result of what is broadly known as Indirect Access.[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Free SAP GRC 10.0 Step by Step Guide” shape=”square” add_button=”bottom” btn_title=”download here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”bottom-to-top” btn_add_icon=”true” css=”.vc_custom_1512579856805{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #f1b500 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Fsap-grc-10-1-step-step-guide%2F||” el_class=”c_action”]Are you fed up with being not able to get job? Tired of being disappointed in yourself, because you just can’t seem to get started in the career as SAP GRC Consultant?[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Financial Loss due to Fraud Risk” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”right-to-left” btn_add_icon=”true” css=”.vc_custom_1512579731433{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #1d9e3f !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-process-control-step-step-guide%2F||” el_class=”c_action”]Using the right kind of SAP Controls in the right way can be trans formative for any SAP System[/vc_cta][/vc_column][/vc_row]