This website is not affiliated with, sponsored by, or approved by SAP AG.

ST01 the other way round !!

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

ST01 the other way round !!

Postby mitrak » Wed May 18, 2011 3:37 am

Hello,


is it possible to get hold of the error log of SU53 in ST01 which shows the details about the user telling where the user came from and where the same wanted to go ?

My Problem: I have users in Korea, but there is a communication problem on the phone and i do not want to waste a min. due to time zone !

Example: The user produced the SU53 at 10:48 AM and i got the message at 11:35 AM, i want to get hold of the ST01 protokol without telling the user to reproduce the error again while i have switched-on the trace switch !

'will be pleased for your feed backs.

Thanks in adv.
Kumar from Germany
B. Sc.(Physics) / Wirt. Informatiker
SAP Consultant
mitrak
 
Posts: 237
Joined: Mon Mar 24, 2003 7:50 am
Location: Germany

Re: ST01 the other way round !!

Postby jurjen » Wed May 18, 2011 10:29 am

mitrak wrote:Example: The user produced the SU53 at 10:48 AM and i got the message at 11:35 AM, i want to get hold of the ST01 protokol without telling the user to reproduce the error again while i have switched-on the trace switch !


I don't think there's any way to add paranormal capabilities to ST01.... And leaving the trace on permanently has it's downsides but I suspect you already know that.

Jurjen
jurjen
 
Posts: 298
Joined: Wed May 17, 2006 8:17 am
Location: The Netherlands

Re: ST01 the other way round !!

Postby Bridget » Thu May 19, 2011 3:25 am

Can't you just do an SU53 when you get the message ? The information stays in the buffer until they do another one so it should still be there.

( it's possible that I'm missing your point ?! If so, apologies )
Bridget
 
Posts: 35
Joined: Thu May 27, 2004 7:27 am
Location: UK

Re: ST01 the other way round !!

Postby jvroom29 » Thu May 26, 2011 11:54 am

You can use SU53 to see another users authorization error by clicking on Authorization Values and selecting Other User. Enter the user id of the user getting the error and you should see their last failed authorization.
jvroom29
 
Posts: 5
Joined: Thu May 26, 2011 11:27 am

Re: ST01 the other way round !!

Postby gauts99 » Mon May 30, 2011 5:56 am

YEah. Just make sure you tell the user to go get a coffee and not do anything else on his system after he gets the error message. ; )
gauts99
 
Posts: 48
Joined: Mon Mar 06, 2006 8:45 pm
Location: Ottawa, Ontario

Re: ST01 the other way round !!

Postby Gary Morris » Tue Jun 07, 2011 12:52 pm

You can view table USR07 to see the last authorization checked and failed for the user even if they have not executed SU53, as the program behind SU53 picks up the data from there. That sounds like what you are looking for.

As jurjen said "...I don't think there's any way to add paranormal capabilities to ST01...." :lol: You can't trace a users past activity unless trace was on at the time of the activity.
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas

Re: ST01 the other way round !!

Postby Bridget » Wed Jun 08, 2011 2:47 am

Gary,

I just tested this and it only wrote to USR07 when I did an SU53. Is this a setting in my system ? Obviously, I'm not prepared to face up to the possibility that you might not be correct. :?

Thanks,
Bridget
Bridget
 
Posts: 35
Joined: Thu May 27, 2004 7:27 am
Location: UK

Re: ST01 the other way round !!

Postby Gary Morris » Wed Jun 08, 2011 9:25 am

I could be wrong, wouldn't be the first time. :?
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas

Re: ST01 the other way round !!

Postby Gary Morris » Wed Jun 08, 2011 9:30 am

I can't remember the details now, I analyzed the program behind SU53 years ago and wrote some documentation, as I recall there was a place that the system stored this information and the program behind SU53 gets it from a table and presents it in the report. A review of the ABAP behind SU53 should reveal where this is stored. I mean logically it would have to right?
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas

Re: ST01 the other way round !!

Postby Gary Morris » Wed Jun 08, 2011 10:00 am

Bridget,

You are correct. Looking at the program behind SU53 (SAPMS01G) does show that it gets the information from buffered memory and then writes it to USR07. So I guess technically you could find the information prior to executing the SU53 but it would probably not be worth the time. I wonder if there is an ABAPr that reads this post that can tell us if there is a simple method to reading the buffered memory before it is written to USR07? Some kind of debugging task where it could be revealed. Not that I would ever waste my time doing this, it is just interesting to talk about on my lunch break. I know "Get a Life" right? :lol:

Code: Select all
* Get authorization buffer method
  CALL 'C_SAPGPARAM'                                      "#EC CI_CCALL
       ID 'NAME' FIELD 'auth/new_buffering'
       ID 'VALUE' FIELD g_buffer_method.

* Get result of last authorization check
  GET PARAMETER ID 'XU1' FIELD usr07key.                    "#EC EXISTS
  GET PARAMETER ID 'XU2' FIELD usr07val1.                   "#EC EXISTS
  GET PARAMETER ID 'XU7' FIELD usr07val2.                   "#EC EXISTS
* Store result of last authorization check
  CLEAR usr07.
  usr07-bname = sy-uname.
  MOVE-CORRESPONDING usr07key  TO usr07.
  MOVE-CORRESPONDING usr07val1 TO usr07.
  MOVE-CORRESPONDING usr07val2 TO usr07.
  MODIFY usr07.
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas

Re: ST01 the other way round !!

Postby jerlin09 » Tue Jul 19, 2011 5:28 am

Enter the user id of the user getting the error and you should see their last failed authorization.
jerlin09
 
Posts: 2
Joined: Tue Jul 19, 2011 5:23 am

Re: ST01 the other way round !!

Postby henrik » Wed Jul 20, 2011 8:59 pm

jerlin, that is only if the user has run su53 already... Assuming that you mean to do that in su53.
www.turnkeyconsulting.com.au
henrik
 
Posts: 493
Joined: Wed Oct 23, 2002 6:38 am
Location: London, UK


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 4 guests





This website is not affiliated with, sponsored by, or approved by SAP AG.