Many AO in SU24
I wanted to find out which authorization object is responsible for which transaction code.This i can find using trace(ST01).
However in SU24 for a particular transaction code many authorization objects proposal is Yes which means they will be loaded in PFCG.
My doubt is when trace(ST01) says 1 transaction code require 1 authorization object to perform our activity, then why many A.O's proposal is set to yes in SU24.
SU24 should only be maintained if it is required. For custom also you need to maintain it. Now take SU01 as example. The admin is aloowed for reset password only. You can deactivate other objects rather that S_USER_GRP inside the role itself instead of maintaining SU24. As in some other role other objects are required.
Other hand do not rely on trace blindly. Try to relate objects with transactions. You may find many business txn calling BC class objects. Also explore object documentation in SU21. Alternatively inside role double click on object description to read the documention. Really interesting.