Parameter
auth/auth_user_trace
Short text
User-specific long-term authorization trace
Parameter Description
This long-term trace collects data across clients and users, and stores it in the database.
During the execution of a program, every authorization check is recorded exactly once with the first time stamp, together with the name and type of the running application, the point in the program, the authorization object, the checked authorization values, and the result.
The trace database table is used to support the maintenance of authorization default values and authorizations, in particular for users with special tasks or special authorization objects – for example, for communications users in RFC scenarios.
The parameter auth/auth_user_trace can have the following values:
- N: Trace deactivated
- Y: Trace activated
- F: Trace activated with filters (SAP Note 2220030). You can set the filters for the recording in transaction STUSERTRACE. You can use application type, users, and authorization objects as filters. In this way, you can investigate specific scenarios. At least one filter must be set, otherwise the trace does not record anything. With filters, the volume of data and therefore the effect on the performance of the system are significantly smaller than with Y.
- Space: Trace deactivated (like N). This is the default setting, if the parameter has not been set in the instance profile or default profile (DEFAULT.PFL) and has not been dynamically changed.
Caution
Activation of the authorization trace without filters has a significant effect on performance.
Application Area
Auth (authorizations, role maintenance)
Default Value
[space], not set
Who is permitted to make changes?
SAP, customer
Operating System Restrictions
None
Database System Restrictions
None
Values allowed
Y, N, F, [space]
