Scribd
Upload
185 views8 pages

ST01 vs STAUTHTRACE in SAP

Sap system trace on the way good practice

Uploaded by

viteco1094
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
185 views8 pages

ST01 vs STAUTHTRACE in SAP

Sap system trace on the way good practice

Uploaded by

viteco1094
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ST01 = System Trace

1) Access the ST01 Transaction: -


 Go to the SAP Easy access screen.
 Enter the transaction code ST01 in the command field and press Enter.

2) Select Trace Components: -


 In the initial screen, you will see options to select the type of trace you
want to activate. Common options include:
 Authorization Check = > To monitor authorization checks.
 SQL Trace = > To log database queries.
 Buffer Trace = > To monitor buffer activities.
 Check the boxes for the components you want to trace.
3) Set Trace Options (Optional): -
 You can set filters in the down what all are the trace records, such as:
 User IDs = > Specify particular users to trace.
 Transaction Codes = > Focus on specific transactions.
 Programs = > Monitor specific programs.

4) Activate the Trace: -


 Click on the "Trace on" button. The system will start recording activities
based on your selected components and filters.

5) Perform the Activities to be Traced: -


 While the trace is active, login to that User id and perform the actions or
processes you want to analyze.
6) Deactivate the Trace: -
 Once you have captured the necessary information, return to the ST01
screen, and click "Trace off" to stop recording.
7) Display and Analyze Trace Results: -
 Click on "Analysis" in ST01 screen and specify the user, date, and time to
view the recorded data. Then execute to see the Trace.

8) Troubleshoot and Analyze:

 Use the trace data to identify issues, such as unauthorized access attempts,
slow-performing SQL queries, or other system problems.
 Based on that the security consultants give the authorization, if fails by
identify by using the return codes in red color.
Note = > It is important to deactivate the trace when not in use.

Return Codes
 RC = > 0 --- Authorization is successful.
 RC = > 4 --- User has required authorization object, but different
authorization Values.
 RC = > 8 --- User does not have required authorization values in the user
buffer.
 RC = > 12 --- User does not have access to authorization object.

If any 0 Records found


means if no trace display.

 Incorrect input values.


 User present in different application server.

Note = > ST01 trace should be applied in the local server only. Hence before
applying ST01 trace, ensure that user and you are in the same system.
AL08 = > Users in each server.
SM51 = > List of application servers.
STAUTHTRACE
 Exclusive authorization Trace.
 Trace is applied across all application servers.
Note = > This T code is available in the updated version of SAP.
How to Use STAUTHTRACE:
 Access the Transaction:
o Enter STAUTHTRACE in the SAP command field and press Enter.

 Start the Trace:


o Specify the Username and Click on "Start Trace" to begin recording
authorization checks.

 Perform Activities:
o Inform the user to perform the actions that are causing access issues, such
as trying to execute a transaction they cannot access.
 Stop the Trace:
o Once the activities are completed, go back to the STAUTHTRACE screen,
and click "Deactivate Trace".

 View and analyze results:


o Click on "Display Trace" to see the results. and review the authorization.

It displays the details about the authorization objects, field values, program
name and the return codes.
Note = > Click on System Wide Trace to view the trace for each application
server. Apply the necessary filters, then click on Execute.
PFUD
Mass User Comparison

 For a single role we can do user comparison in PFCG -> User comparison
Tab.

 If there is a requirement to perform User comparison for 100 Roles


(Multiple roles), then we go to a T code called PFUD, to perform that.

 Click from multiple role selection and copy from clipboard.


 Then, click on execute.

What all important actions are performed in PFUD?


1) Profile matchup
 It ensures profile get assigned to user and the role status is green under
SU01.

2) Composite role reconciliation


 Whenever composite role is modified, the role is added or removed from
composite role, should reflect to user as well.

3) HR organizational management: reconciliation


 It ensures that role assigned to position or org unit of the user.

4) Cleanups
 It ensures that expired roles are removed from SU01, record of users.
Program related to PFUD = > PFCG_TIME_DEPENDENCY
SM01 = > Lock T code
EWZ5 = > Mass User Lock
SU10 = > SU12

You might also like