02-03-2009 5:18 AM
Dear All,
Kindly let me know how to apply Authorization Trace on Communication USer ID?
How will we come to know exactly what authorization object is required for this User ID.
02-03-2009 5:28 AM
Did you try ST01 -> Edit -> Filter -> Shared -> Your communication user id.
Click on the Authorization check and start the Trace On. Run it for the time being when the id is used and then analyse it.
If you need it for RFC connections, there are SAP notes like 460089 which can further help you.
02-03-2009 5:35 AM
Usting ST01 you can Trace Dialog User ID's only for Authorization trace. I tried that but no logs shown for it.
02-03-2009 6:20 AM
Please try running the trace without filters. I disagree that communication users cannot be traced using ST01.
02-04-2009 12:34 AM
Test this in dev or some sandbox system by following narrow down approach.
First give this communication id broader access and then switch the trace on. If you are testing this for RFC connetions, then see if it is working properly or not with the broader access. If it is working properly then switch the trace off and then analyse the authorization object checked. Add them to a role and then test the functionality again.
02-03-2009 3:38 PM
You can use dynamic filter option in SM19 / SM20 - Audit log. This gives fairly detailed information.
Thanks
Vijaya
02-04-2009 3:32 AM
Hello Vijaya,
Can you pls brief how can SM19/SM20 be used for getting Authorization objects for a communication User ID. I tried but didnt found any hint in it.
02-04-2009 10:01 AM
You cannot trace all objects this way.
But what you can collect over time from SM19, is the successfull and unsuccessfull RFC calls. This is relevent for users entered in RFC connections (types SYSTEM and SERVICE).
Cheers,
Julius
02-06-2009 7:02 AM
Hi Julius,
How will i get the required Authorization objects that are used by this communication USer ID using SM19.
As in ST01 for Dialog Users when we put trace we get all those Authorization Objects that are used by this user ID.
In same way can we get the required Authorization objects for this communication user id.
02-06-2009 8:19 AM
You will not find "all the objects" in SM19.
What you will find are the successfully called RFC function groups and modules, and the transaction codes (although that should ideally not happen at all).
This is slightly different from an authorization trace, and gives you the "entry points". While that may sound limiting, it is infact very usefull for building roles where your SU24 data is well maintained.
Cheers,
Julius
02-05-2009 6:48 AM
In ST01 switch on the trace.
Tick Authorization Check, and if needed check the General Filters, Save you setting,
Run the activities for the Communication User Id.
Turn off the trace, and check the result on analysis tab.
Below link might help you.
http://help.sap.com/saphelp_nw04s/helpdata/en/1f/83114c4bc511d189750000e8322d00/content.htm
Edited by: SAP Learner on Feb 5, 2009 12:18 PM