Security Trace
The Security Trace Tool (transaction ST01) provides a way to trace the complete sequence of security checks for transaction. Since all checks are displayed, this is a much more foolproof way to investigating potential issues.
The trace needs to be set in the same application server as the user before transaction start. We can check this through SM51 . From the initial screen of ST01, we enter appropriate filter conditions for our trace, mostly this is the user for whom we are checking access, and click the “trace on” button.
The user now executes the sequence of actions to replicate the error. At this point, we click the analysis button, select appropriate filter criteria for the trace file and finally display the trace file itself.
Hi Aninda,
Can you just list down the return codes of ST01 with their description.
Regards,
Sai
Hi Sai,
I have come across three return codes. There might be others as well. Not absolutely sure
RC= 0 Check for authorization successful.
RC= 4 Check for authorization unsuccessful. User has authorization object in his user buffer but with different values than what are checked.
RC= 12 Check for authorization unsuccessful. User doesn’t have authorization object in user buffer.
Regards,
Aninda
Hi
First of all i would like to thanks of the excellent stuff.
Return codes of System Trace is as follows:-
0 = Authorization check passed
1 = No authorization
2 = Too many paramaters for authorization check
3 = Object not contained in user buffer
4 = No profile contained in user buffer
6 = Authorization check incorrect
7, 8, 9 = Invalid user buffer
Regards
Sachin
Thanks to Sachin for coming up with the return codes. Other than 0, 4 and 12, I don’t remember seeing anything else:-)
Hi Sachin,
Yeah. Even I have not seen those return codes other than 0, 4, 12. May be in future. 🙂
Hi Aninda,
It would have been much better if you have added the information (next steps) to find the missing object using return codes especially for freshers.
Regards,
R.K
HI ANINDA
CAN EXPLAIN ABT THE GENERAL FILITERS…
BY
BATHI
I use general filters in ST01 to capture the trace for a single user. I am sure there will be other uses as well.
Could you any explain what are these return codes means with some example like 12 we say authorization unsuccessful and 0 no authorization .so when these other return codes appear i have never come accross them . Please explain in what conditions these return codes appear.
Hi,
Please explain same application server means, where we have to select this in tracing, could you provide a screenshot, if possible.
You don’t choose app server in the ST01 transaction but via SM51. SM51 will allow you to check to which app server, a user is logged in. You then do a remote login to the same server via SM51 and run the trace.
Aninda,
One of my friend referred me to this amazing site.A vey usefull posts.
I have one question.can you please explain me how to use the trace analysis screen to arrive at missing authorizations using RC.
The options on the trace analysis screen are meant to filter the total data returned by the trace tool. A security failure would be indicated by a return code other than 0.
Using AL08 Tcode also we can check the user in which server/instance logged in
hi Aninda.. i would like to know one thing about troubleshooting a missing authorization ticket ,every time we need to take system trace or SU53 analysis is enough.. even though we can understand the analyisys of the ticket by using su53 screenshot, is there any need to take system trace or not?.. im just beginner not working in any org.. can u plz help me in this.. or give me a detail information about solving a ticket in ur future post asap.. i’ve tried in so many sites finally i found u.. expecting a valid reply..
thanks in advance,
regards,
paONE