The new SAP Security tools to simplify authorization tracing
Most of you might know and also have already worked with STAUTHTRACE transaction code. For those who are still not aware of this transaction code or never used it before, STAUTHTRACE is an enhanced and user friendly transaction code when compare to ST01 AUTH TRACE and is meant only for the authorization trace.
Further, SAP has introduced 2 new transaction codes STUSERTRACE and STSIMAUTHCHECK in the recent past.
Refer the below notes for more detailed information on these transaction codes:
2220030 - STUSERTRACE: User trace for authorization checks
2442227 - STSIMAUTHCHECK: Simulation of authorization checks
The authorization trace can be activated by enabling the profile parameter 'auth/auth_user_trace'. The profile parameter can be switched dynamically. Once the trace is activated, filters can be defined either for a single/group of users or for a set of authorization objects. Additionally, you can also ignore the generic transaction codes such as SE37, SU53, SE38 and so on. See the below screen:
Evaluation can be done directly by clicking the Evaluate button. Great! So, what is the STSIMAUTHCHECK transaction code for?
Using STSIMAUTHCHECK you can enable a simulation with a mapping, means The user for simulation and the User for trace can be different. Mapping can be maintained using the "User Mapping" table provided in the table.
Further, it allows you to drill down the trace either to all the authorization or only specific roles. See the screen below:
Both these transaction codes are available from SAP NetWeaver 7.40 SP16 and SP18 respectively.