https://community.sap.com/t5/application-development-and-automation-discussions/authority-trace-and-application-server/m-p/9378540#M1733822 <HTML><HEAD></HEAD><BODY><P>Hi Bjoern</P><P></P><P>I'm pretty sure you can allow the SM50/51/SM04 for the Security person to switch app servers without granting S_ADMI_FCD = PADM</P><P></P><P>S_ADMI_FCD enables stopping of processes.</P><P></P><P>Shivraj is right in the work around. However, depending on how you have implemented SAPGUI with saplogon.ini file you may not want to add it to the SAPLogon. For example, if you have load balancing in place but list all the app servers users are most likely to choose the first.</P></BODY></HTML> Wed, 10 Apr 2013 03:16:03 GMT Colleen 2013-04-10T03:16:03Z https://community.sap.com/t5/application-development-and-automation-discussions/authority-trace-and-application-server/m-p/9378538#M1733820 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I know that I have to execute the authority trace on the same application server to see any results.</P><P>Maybe an user and the authority admin are on different application server. So the authority admin could execute transaction SM51 to change the application server.</P><P>But when the authority admin has authority for transaction SM51 he can stop processes. That is not secure!</P><P></P><P>Is there a solution for Release &lt; 7.30?</P><P>I heard with 7.30 it is possible to choose the system or server for which the trace should be shown.</P><P></P><P>Thank you and</P><P>Best Regards </P><P>Bjoern</P></BODY></HTML> Tue, 09 Apr 2013 14:52:53 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authority-trace-and-application-server/m-p/9378538#M1733820 former_member620387 2013-04-09T14:52:53Z https://community.sap.com/t5/application-development-and-automation-discussions/authority-trace-and-application-server/m-p/9378539#M1733821 <HTML><HEAD></HEAD><BODY><P>Bjoern,</P><P></P><P>One work around for this scenario <EM>i.e.</EM> switching between servers without using SM51, that I have worked with is to create manual logons directly to the application server in GUI Pad. Then you can check the user's server from AL08 etc. and directly logon to that server. Hope it helps.</P><P></P><P>Regards,</P><P>Shivraj</P></BODY></HTML> Tue, 09 Apr 2013 17:09:54 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authority-trace-and-application-server/m-p/9378539#M1733821 shivraj_singh2 2013-04-09T17:09:54Z https://community.sap.com/t5/application-development-and-automation-discussions/authority-trace-and-application-server/m-p/9378540#M1733822 <HTML><HEAD></HEAD><BODY><P>Hi Bjoern</P><P></P><P>I'm pretty sure you can allow the SM50/51/SM04 for the Security person to switch app servers without granting S_ADMI_FCD = PADM</P><P></P><P>S_ADMI_FCD enables stopping of processes.</P><P></P><P>Shivraj is right in the work around. However, depending on how you have implemented SAPGUI with saplogon.ini file you may not want to add it to the SAPLogon. For example, if you have load balancing in place but list all the app servers users are most likely to choose the first.</P></BODY></HTML> Wed, 10 Apr 2013 03:16:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authority-trace-and-application-server/m-p/9378540#M1733822 Colleen 2013-04-10T03:16:03Z