Blogs
Show ST01 authorization trace
 |
|
Did you ever have struggled with the complicated list output of the authorization trace, transaction ST01?
Well, in this case you might love this small Report ZSHOWAUTHTRACE which reads the current trace file and shows the authorization trace data in a simple to use grid format.
You find the ABAP code in the SDN Code Gallery.
Features:
- Switch on/off the authorization trace.
- Read ST01 trace file and filter events by user, authorization object or result.
You can suppress duplicate authorization trace records. - Show trace file in grid format.
- Navigate to the ABAP source code of the corresponding authorization check.
Selection Screen:
Result:
Schönen Gruß / Kind regards
Frank Buchholz
SAP Active Global Support - Security Services
Frank Buchholz is security evangelist for securing SAP systems.
Add to: del.icio.us | Digg | Reddit
Please tell me if you have any suggestions for improvement.
Comment on this weblog
| Showing messages 1 through 3 of 3. | ||
|
|
||
| Titles Only | Main Topics | Oldest First |
- Cool, How about merging this with what SU53 can (and currently cannot) do?
2009-11-16 13:35:24 Julius von dem Bussche Business Card [Reply]
Hi Frank,
It would be usefull if the ALV grid output showed the app server, and in selecting the UID it would be ideal if they already were logged on and only selectable if on the same app server => SM04. This causes some confusion "in the wild".. ;-)
Really, really cool would more integration between SU53 (*last* failed auth check) as an admin function and ST01 trace function with a context shown for the sy-subrc (like SU24 works in the wild).
To be honest, I think that SU53 causes more problems than what it does good, without the features which ST01 offers app server specifically.
I opened a "development wish" for this a long time ago and have been fiddling around with prototypes myself and been in contact with some of the finance developers from SAP as well about tools they have developed. However, without C-calls and other (for me unstable) tricks it does not work so I shy away from making any customer dependent on it ;-(
Any chance of SAP supporting this as a development topic?
Cheers,
Julius- Cool, How about merging this with what SU53 can (and currently cannot) do?
2009-11-16 13:54:43 Julius von dem Bussche Business Card [Reply]
Also, as this is a report which can be scheduled for events (or "dropped" from shortcuts as you have evidently done) it might be advisable to check AUTH_CHECK_TCODE at initialization and to exit the program if another user is already active in ST01 itself and it's forms, instead of closing the file (just to be sure... because endusers are rascals... :-)
Just a thought,
Julius
- Handy improvement on ST01
2009-11-16 05:06:55 Edward Hammerbeck Business Card [Reply]
This is quite an improvement on ST01. I've added this to my tool bag. Thanks!
| Showing messages 1 through 3 of 3. |