Scribd
Upload
342 views11 pages

10 ST01 Tracing

ST01 is a tool in SAP that traces authorization checks and system activities. It allows security administrators to analyze which authorizations are needed for a transaction by capturing the executing ABAP code. ST01 can trace authorization issues as well as other functions like kernel processes, database access, RFC calls, and more. To use ST01, an administrator selects the user and transaction to trace, turns on the authorization check trace, and then analyzes the results to determine if any authorization failures occurred.

Uploaded by

Sindhuri Kilaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
342 views11 pages

10 ST01 Tracing

ST01 is a tool in SAP that traces authorization checks and system activities. It allows security administrators to analyze which authorizations are needed for a transaction by capturing the executing ABAP code. ST01 can trace authorization issues as well as other functions like kernel processes, database access, RFC calls, and more. To use ST01, an administrator selects the user and transaction to trace, turns on the authorization check trace, and then analyzes the results to determine if any authorization failures occurred.

Uploaded by

Sindhuri Kilaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 11

SAP

SAP Security Administration


By Sravan

SAP Advanced
Troubleshooting

ST01 is one of the primary tools in the SAP security administrators tool
bag. ST01 gives us a peek inside the running ABAP program to reveal the
SAP authorization concept in action by capturing the ABAP code executing
the authority check against specific authorization objects.
Although the security administrator uses ST01 for analyzing the
authorizations needed for a given transaction, ST01 is not just for
authorization traces
If you dont know by now, the SAP authorization concept is implemented in
SAP within the APAP code that executes behind every transaction code.
The ABAP code looks at the authorization values that have been set for an
individual by way of the role(s) that have been assigned to the user
master record
And then it compares those values to the values the program designer
expects to validate, whether the user is authorized to run this program.

SAP Advanced
Troubleshooting

ST01 (System Trace) used to recode the internal SAP system


activities.
Main usage: The system trace is primarily used when, one want to trace the
authorization issues and analyze them.
Apart from the authorization issues ST01 also provides the following features:
Kernel functions
Kernel module
Database accesses (SQL trace)
Table buffers
RFC calls
Lock operations (client side)
Note: The last 4 components can also be monitored using Performance
Analysis (transaction ST05).
Click here to see how ST01 is used to find missing authorizations

SAP Advanced
Troubleshooting

Step 1 : Type ST01 tcode and execute

SAP Advanced
Troubleshooting

Step 2: Click Edit->filter-Shared to include for whom the trace is happening

SAP Advanced
Troubleshooting

Step 3: Type the user name and then click right button
to execute

SAP Advanced
Troubleshooting

Tick the Authorization check as we are only tracing authorization check

SAP Advanced
Troubleshooting

Step 5 : Switch on trace


Note : Once trace is turned on, ask the user to login and perform the activity
for which authorization check need to be traced

SAP Advanced
Troubleshooting
Step : Start analyzing the trace

SAP Advanced
Troubleshooting

IF
Return Code (RC=0) 0 indicates the authorization was successful.
Return Code (RC=4 or other than 0) 4 indicates the authorization was
unsuccessful

SAP Advanced
Troubleshooting

IF Return Code (RC=4 or other than 0) 4 indicates the authorization was


unsuccessful
ST01 code Description
0 Auth check passed
1 No authorization
2 Too many parameters for auth check
3 Object not contained in user buffer
4 No profile contained in user buffer
6 Authorization check incorrect
7,8,9 Invalid user buffer

You might also like