Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
Showing results for 
Search instead for 
Did you mean: 

How to find T-code History with role

Former Member
0 Kudos

Hi Experts,

I am facing one critical issue. One user was having access of one T-code but suddenly he is getting message that he is not authorized for that T-code. I have checked any change for his user id but no changes has been done. Even When I am searching the roles of that particular T-code from SUIM, I am not getting role name. I have checked from ST03N last month history, that t-code was accessed by him.

Please advise how to find out that from which role user has accessed this t-code ? Please help as this is critical requirement for me.

Thanks in advance !


Lokesh Bajaj


Former Member
0 Kudos

There's no way to find out which role allowed a user to access a transaction code in the past. That information is not held anywhere. You say no changes have been made to the user, so that must mean changes have been made to one of the user's roles. Look at change documents for those roles.


0 Kudos

Hi Steve,

Thanks for your prompt response. It is very difficult to check all change documents of all roles assigned to that user.

Thanks !

0 Kudos

How many role changes do you make? Is looking at changes to all roles in the last month feasible? You can do that in one step.

Remember to do this in your development system, though - roles changes aren't made in production, so you won't find any there...


0 Kudos

Hi Lokesh

Quick etiquette - there is an unwritten assumption that everyone who posts to SCN asking for assistance has critical issue (to them) or urgent. No need to write it as anyone who responds to you is doing it in their free time. If anything, you might annoy many knowledgeable community members and they will show their annoyance through silence.

Steve has covered a fair bit of it. Some things to break down and assume

  1. Run SUIM Change documents for the users to see what roles they have had. Sounds like you have done this
  2. Check the SE93 definition of the trasaction or table TSTCA to see if there is a secondary authorisation check. I'm assuming when you the user can't execute the transaction they are getting a "you are not authorized to for the transaction" type message instead of getting their initial screen. If this is where they are failing then they are either missing the S_TCODE or the secondary auth check.
  3. Run SUIM Change documents for roles for authorisation data to see if any roles had either the S_TCODE or another object deleted.
  4. Cross reference the roles in Step 1 against Step 3 to see if you can pinpoint the change
  5. You can then also check your transports to see if that's happened recently.

If still getting nowhere then you need to check

  1. Were roles updated directly in production (if there is a change record on authorisations then it's a direct update.
  2. Is the profile for the role corrupted (checking SU56 for user on the objects will show this if it can't load properly). If so, retransport role after generating the profile
  3. Any chance there is an immediate authorisation check in the code on execution and the user no longer has that authorisation. If you can't search the code get a developer to assist you. If you find an object, repeat above steps with that object as well

Biggest bit comes down to understanding what the user has actually lost

Also, I can't remember of the top of my head if a call transaction (SE97 skips S_TCODE check) or similar will show as a user having executed it but in reality the user cannot execute it directly