SAP Security & GRC

How to Set up and Analyse STAUTHTRACE

Soterion Season 1 Episode 9

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 14:25

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.

In this episode, Ross Robertson walks through the SAP short-term user authority check trace (STAUTHTRACE) – a real-time authorisation trace that captures both successful and failed authority checks as users execute transactions, Fiori apps, and RFC calls. Think of it as a far more powerful evolution of the classic SU53 report.

🔑 Key Takeaways:

What STAUTHTRACE is and how it differs from the classic SU53 report

How to activate the trace system-wide or on a specific application server

Why STAUTHTRACE runs on a rolling memory buffer with minimal system impact – so you can leave it active long-term

How to filter results by user, date/time, application type, application name, authorisation object, and check result

A live troubleshooting walkthrough: diagnosing a failed SU01 user-change authorisation (S_USER_GRP)

Reading both passed and failed checks – including table access checks in SE16 (e.g. EKKO) and CDS view entity checks in S/4HANA

Inspecting the user buffer via SU56

👥 Featuring:

Ross Robertson – Senior SAP Authorisations Consultant, Soterion