SAP Security & GRC
Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, helping you on your journey to effective access risk management in SAP.
Soterion is an international leading provider of GRC and FUE Licensing solutions for organisations running SAP. Our user-friendly, plug-and-play software integrates immediately into the SAP environment — S/4HANA ready, award-winning, and designed to translate complex GRC processes into business-friendly language.
Soterion believes that effective GRC is measured by how well business users can manage access risk. Our solutions empower organisations to enhance risk awareness, drive better decision making, and build accountability across every level of the business — because access risk is business risk.
SAP Security & GRC
How to Set up and Analyse STUSOBTRACE
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.
In this episode, Ross Robertson covers the SAP Authorisation Trace at the application level – STUSOBTRACE – which reveals exactly what authority checks a given SAP application (a transaction, Fiori OData service, RFC function module, or background job) performs at runtime. It’s the final piece in our authorisation tracing mini-series, following STAUTHTRACE (E09) and STUSERTRACE (E10).
🔑 Key Takeaways:
What STUSOBTRACE is and how the application-level view differs from STAUTHTRACE and STUSERTRACE
How to activate it via the auth/authorization_trace parameter in both the dynamic (RZ11) and static (RZ10) profiles
Parameter values N / Y / F – and why Y usually works at the application level while the per-user trace leans on F
How unique-once recording keeps it viable as a long-term trace
Why the “changed by” user is only the first to trigger a check – and the analysis trap to avoid
Analysing by application or by authorisation object (e.g. every transaction that calls an object for Activity 01)
Real use cases: building SU24 authorisation defaults or identifying S/4HANA high-tier license usage.
👥 Featuring:
Ross Robertson – Senior SAP Authorisations Consultant, Soterion
🎧 Take me to the Podcast:
https://soterion.com/podcast/