
Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.
In this episode, Ross Robertson covers the SAP Authorisation Trace at the application level – STUSOBTRACE – which reveals exactly what authority checks a given SAP application (a transaction, Fiori OData service, RFC function module, or background job) performs at runtime. It’s the final piece in our authorisation tracing mini-series, following STAUTHTRACE (E09) and STUSERTRACE (E10).
🔑 Key Takeaways:
What STUSOBTRACE is and how the application-level view differs from STAUTHTRACE and STUSERTRACE
How to activate it via the auth/authorization_trace parameter in both the dynamic (RZ11) and static (RZ10) profiles
Parameter values N / Y / F – and why Y usually works at the application level while the per-user trace leans on F
How unique-once recording keeps it viable as a long-term trace
Why the “changed by” user is only the first to trigger a check – and the analysis trap to avoid
Analysing by application or by authorisation object (e.g. every transaction that calls an object for Activity 01)
Real use cases: building SU24 authorisation defaults or identifying S/4HANA high-tier license usage.
👥 Featuring:
Ross Robertson – Senior SAP Authorisations Consultant, Soterion
🎧 Take me to the Podcast:
https://soterion.com/podcast/