Parameter
auth/authorization_trace
Short text
Authorization trace for authorization default values
Parameter Description
The authorization trace collects data across clients and user independently, and stores it in the database.
During the execution of a program, every authorization check is recorded exactly once, together with the name and type of the running application, the point in the program, the authorization object, and the checked authorization values.
The trace database table supports the maintenance of authorization default values.
The parameter auth/authorization_trace can have the following values:
• N:
Trace deactivated
• Y:
Trace activated
• F:
Trace activated with filters (SAP Note 1854561). You can set the filters for the recording in transaction STUSOBTRACE. You can use application type, users, and authorization objects as filters. In this way, you can investigate specific scenarios. At least one filter must be set, otherwise the trace does not record anything. With filters, the volume of data and thefore the effect on the performance of the system are significantly smaller than with Y.
• Space:
With this setting, the trace is activated is SAP systems (profile parameter transport/systemtype = SAP), and deactivated in customer systems (transport/systemtype = CUSTOMER). This is the default setting, if the parameter has not been set in the instance profile or default profile (DEFAULT.PFL) and has not been dynamically changed.
Caution
The activation of the authorization trace without filters has a significant effect on performance.
Application Area
Auth
Default Value
, not set
Who is permitted to make changes?
SAP, customer
Operating System Restrictions
None
Database System Restrictions
None
Are other parameters affected or dependent?
transport/systemtype
Values allowed
Y, N, F,
