Evalution of Authorizations (SU53) in SAP Security

Trouble shooting using SU53



Troubleshooting security issues is one of the daily tasks of any security administrator. The first method of investigating authorization failures is the ubiquitous SU53 transaction. It involves us asking the affected user to run the step(s) to replicate the issue and immediately on getting the error, execute /nsu53 through the command window.  The screen-shots below show the sequence of actions.
The user tries to create another user through SU01 and gets an authorization error

























The user gets a pop  up window with the message that he doesn’t have authorization to create user.




























Many times clicking the help button can provide important information about the background of the error.



To get the SU53 screen, we execute /nsu53 from the command window immediately after getting the error. The SU53 window shows the last check for an authorization which has returned a non zero value (authorization failure) for the user.





























The biggest limitation of SU53 is the fact that it only shows the last authorization failure of an user. In a typical transaction, there can be an entire sequence of authorization checks, any of which might fail. To view the entire sequence of authorization checks, we use the authorization trace tool (transaction ST01).

3 comments:

  1. It was Nice post and very useful information on sap learning videos.

    ReplyDelete
  2. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for CSE

    JavaScript Training in Chennai

    Project Centers in Chennai for CSE

    JavaScript Training in Chennai


    ReplyDelete
  3. Thank you. It is such a wonderful post. it has great information it is very useful for sap hana server access for practice in india.

    ReplyDelete