Today I had some logic in a user exit that worked fine when executed interactively, but failed when it ran in the background. Upon debugging, I found that the failure was due to an auth check. The user ID was the same, so why would a user have authorization in foreground but not in background?
To gather a little more info I turned on authorization trace in ST01 and ran both the foreground and background updates. Here’s what I saw:
This was the first I’ve heard of the transaction SU24. I talked to my SAP Security friends and learned that this provides a way to deactivate auth checks based on what tcode they are executed from. I looked up the auth object and sure enough it was disabled for VA02, among other transactions. However, since the background update wasn’t associated with any tcode, SU24 executed the authority check, which then failed.
Unfortunately I don’t have a happy ending for this one. We ended up adding the authorization to all the end user roles. If anyone has ideas for extending SU24 configuration to background processing let me know!