STAUTHTRACE: improved authorization trace

If you are still using the old classic ST01 authorization trace, do keep on reading and you will want to switch to the new STAUTHTRACE improved authorization trace.

Questions that will be answered in this blog are:

  • How to run the new STAUTHTRACE tool?
  • What are the major improvements in STAUTHTRACE tool?

For long term user tracing there is a different tool: STUSERTRACE. Read more in this blog.

Running new STAUTHTRACE tool

To run the new tool start transaction STAUTHTRACE. If the transaction code is too complex, add it as favorite to your start screen.

From the start screen you see the immediate benefits. You can start the authorization trace for:

  • All application servers in one go (this is highly useful in an authorization issue with RFC users or background users where you have no control on which application server it will run): just record on all servers
  • Specific user only, but errors only: this will reduce your logging footprint to errors only
  • Filter the results to not show duplicate entries

Results

The result screen from STAUTHTRACE is similar to ST01 trace

But the result is more comprehensive, since it can take errors only, with duplicates filtered and take data from all application servers. This make the result complete and more easy to catch authorization issues.

Background

The background and all feature of STAUTHTRACE are kept in SAP OSS note 2577291 – How to get trace of authorization checks using transaction STAUTHTRACE. Main note with references: 1603756 – Using STAUTHTRACE to record authorization checks.

Bug fix notes: