8/10/2020 Authorization Trace in transaction ST01 - Product Lifecycle Management - Community Wiki

Pages / … / Analyzing options

Authorization Trace in transaction ST01

Created by Christoph Hopf on Sep 10, 2014

Use
Sometimes you may face a strange behavior in DMS functions which are caused by wrong authorization customizing or
you do not know how and where authorization objects are checked by the system. So this page explains how an
authorization trace is started in transaction ST01. This trace shows all checked authorization objects, the values which
are handed over to the check and which object leads to the missing authorization behavior.

Solution
To use the ST01 Trace for checking the authorization objects please go to transaction ST01 and set the flag for
'Authorization check' first. Then press the 'Trace on' button and leave the transaction.

For executing a more detailed authorization check you can also maintain some filter criteria by using button 'General
Filter'. Here you can define a special user name or some other data which restricts the amount of data which is logged in
the trace result.

https://wiki.scn.sap.com/wiki/display/PLM/Authorization Trace in transaction ST01 1/5

8/10/2020 Authorization Trace in transaction ST01 - Product Lifecycle Management - Community Wiki

Now execute exactly the same steps which lead to the mentioned authorization warning message. Afterwards please
return to transaction ST01 and press the 'Trace off' button. Then press the 'Analysis' button and on the next screen
choose Execute.

https://wiki.scn.sap.com/wiki/display/PLM/Authorization Trace in transaction ST01 2/5

8/10/2020 Authorization Trace in transaction ST01 - Product Lifecycle Management - Community Wiki

Now a list with all checked authorization objects should appear and the one which is responsible for the warning message
should be marked in red.

https://wiki.scn.sap.com/wiki/display/PLM/Authorization Trace in transaction ST01 3/5

8/10/2020 Authorization Trace in transaction ST01 - Product Lifecycle Management - Community Wiki

If you face problems with the complexity of this output list please see the following link which explains how another report
can help to analyse the result of the ST01 trace better:
http://wiki.scn.sap.com/wiki/x/CAF6C

Back

st01 authorization trace faq_tool

2 Comments
Former Member
It makes sense to first restrict the filter and then activate the trace.
A trick is to intentionally call nonsense tcodes via ok-code /OSE16 etc to "mark" locations in the trace, which
can get quite long.
A well hidden gemstone is to double-click the line item in the trace display and in the top left corner there is a
button called "go to source"...
Cheers,
Julius

Frank Buchholz
Did you ever have struggled with the complicated list output of the authorization trace, transaction ST01?
Well, in this case you might love this small Report ZSHOWAUTHTRACE which reads the current trace file and
shows the authorization trace data in a simple to use grid
format: https://wiki.sdn.sap.com/wiki/display/Snippets/Show+ST01+authorization+trace
This report made it to become part of the standard, too. Have a look to transaction STAUTHTRACE in systems
running SAP_BASIS 7.03 or higher.

https://wiki.scn.sap.com/wiki/display/PLM/Authorization Trace in transaction ST01 4/5

8/10/2020 Authorization Trace in transaction ST01 - Product Lifecycle Management - Community Wiki

Privacy Terms of Use Legal Disclosure Copyright

Trademark Cookie Preferences

https://wiki.scn.sap.com/wiki/display/PLM/Authorization Trace in transaction ST01 5/5