Authorization Analysis

  1. Choose the menu path System -> Utilities -> Display Authorization Check or transaction code SU53. You now can analyze an error in your system that just occurred because of a missing authorization.
  2. You can call Transaction SU53 in all sessions, not just in the session in which the error occurred. Authorization errors in other users' sessions, however, cannot be analyzed from your own session.
  3. In the below example, user Bob calls Transaction VA03 (display sales order). The message "You do not have authorization for Transaction VA03" appears. User Bob now chooses transaction code /nSU53 and the system displays the authorization object that was just checked and, for comparison purposes, the values of the object that user Bob has in its user master record. In this case the user Bob don’t have VA03 assigned to any of his role.
  4. Transaction SU56 allows the user to see what current authorizations are in his buffer

authorization_analysis_01

Authorization Trace ST01

You can analyze authorizations as follows: Choose Tools -> Administration -> Monitor -> Traces -> SAP System Trace or Transaction ST01.

Choose trace component Authorization check and pushbutton Trace on. The trace is automatically written to the hard disk.

To limit the trace function to your own sessions, choose Edit -> Filter -> Shared. Enter your user ID in field Trace for user only in the displayed dialog box.

Once the analysis is completed, choose Trace off.

To display the results of the analysis, choose Goto -> Files/Analysis or the pushbutton File listSelect the required file and choose Analyze.

  • The results of the authorization check are displayed in the following format: :=
  • The return code shows whether or not the authorization code was successful.
  • ST01 Return Code

0

Authorization check passed

1

No Authorization

2

Too many parameters for authorization check

3

Object not contained in user buffer

4

No profile contained in user buffer

6

Authorization check incorrect

7,8,9

Invalid user buffer

authorization_analysis_02

1 comment:

SAP Security said...

We would like you to remove all material copied from sapsecurityonline. Failing to do this will lead to legal action.

We will go after Google. I'm sure Google won't like mail from Lawyers.

You can reach us at admin@sapsecurityonline.com

topics