Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Report showing what User accessed at the object level.

Former Member

‎05-02-2007 7:50 PM

0 Kudos

HI All,

Is there any tcode/table/report that shows what a partilucar User accessed at the object level.

Whenever we execute any tcode/report internally SAP checks/activates auth.objects (for e.g S_TCODE is always checked at the start of a transaction) for the User to be able to execute that tcode/report.

I would like to know is there any way by which we can get a report for a User (e.g.OSS connection) that shows me that XYZ object was checked/activated/failed when user executed ABC transaction.

Security Audit logs did not help on this.tried STAD also. not sure if ST03N provides such report

Any help would be greatly appreciated.

2 REPLIES 2

Former Member

‎05-03-2007 6:57 AM

0 Kudos

Hi,

You will have to switch on the trace using ST01 for a perticular User/Transaction. Once the activities are completed, switch off the trace and open the file. This file would show you all the objects that were checked.

The following is the procedure for ST01:

<u>Authorization Trace ST01</u>

You can analyze authorizations as follows: Choose Tools -> Administration -> Monitor -> Traces -> SAP System Trace or Transaction ST01.

- Choose trace component Authorization check and pushbutton Trace on. The trace is automatically written to the hard disk.

- To limit the trace function to your own sessions, choose Edit -> Filter -> Shared. Enter your user ID in field Trace for user only in the displayed dialog box.

- Once the analysis is completed, choose Trace off.

- To display the results of the analysis, choose Goto -> Files/Analysis or the pushbutton File listSelect the required file and choose Analyze.

- The results of the authorization check are displayed in the following format: <Authorization object>:<Field>=<Tested value>

The return code shows whether or not the authorization code was successful.

ST01 Return Code 0 - Authorization check passed

1 - No Authorization

2 - Too many parameters for authorization check

3 - Object not contained in user buffer

4 - No profile contained in user buffer

6 - Authorization check incorrect

7,8,9 - Invalid user buffer

Hope it helps.

Please award points if it is useful.

Thanks & Regards,

santosh

Former Member
In response to Former Member

‎05-03-2007 2:31 PM

0 Kudos

I already know about ST01 but most of the time it is used only when some authorization error analysis is to be done.I agree it shows what objects are being c Is it feasible to keep the trace active for a particular user for 3-4 days?.I believe ST01 consumes considerable memory.

Hence, I wondered if there is any such report.