SAP Security Online! 		 
 
Web SAPSecurityOnline.com
 
   
 
 
 

 
  Authorization Analysis

Analyze Authorization check    SU53

  1. Choose the menu path System -> Utilities -> Display Authorization Check or transaction code SU53. You now can analyze an error in your system that just occurred because of a missing authorization.
  2. You can call Transaction SU53 in all sessions, not just in the session in which the error occurred. Authorization errors in other users' sessions, however, cannot be analyzed from your own session.
  3. In the below example, user Bob calls Transaction VA03  (display sales order). The message "You do not have authorization for Transaction  VA03" appears. User Bob now chooses transaction code /nSU53 and the system displays the authorization object that was just checked and, for comparison purposes, the values of the object that user Bob has in its user master record. In this case the user Bob don’t have VA03 assigned to any of his role.
  4. Transaction SU56 allows the user to see what current authorizations are in his buffer

 

authorization_analysis_01

 

Authorization Trace     ST01

You can analyze authorizations as follows: Choose Tools -> Administration ->  Monitor -> Traces ->  SAP System Trace or Transaction ST01.

Choose trace component Authorization check and pushbutton Trace on. The trace is automatically written to the hard disk.

To limit the trace function to your own sessions, choose Edit -> Filter -> Shared. Enter your user ID in field Trace for user only in the displayed dialog box.

Once the analysis is completed, choose Trace off.

To display the results of the analysis, choose Goto -> Files/Analysis or the pushbutton File listSelect the required file and choose Analyze.

  • The results of the authorization check are displayed in the following format: <Authorization object>:<Field>=<Tested value>
  • The return code shows whether or not the authorization code was successful.
  • ST01 Return Code

    0

    Authorization check passed

    1

    No Authorization

    2

    Too many parameters for authorization check

    3

    Object not contained in  user buffer

    4

    No profile contained in user buffer

    6

    Authorization check incorrect

    7,8,9

    Invalid user buffer

 

authorization_analysis_02

 



 
Copyright © 2005 - 2007 SAP Security Online.com All Rights Reserved.