Assigning debug roles to few users of SAP ABAP program

To assign debug roles to specific users in SAP ABAP programs, you need to ensure the role contains the proper authorization object S_DEVELOP with debug permissions.

Debug Role Configuration

The role that you have added should contain only one permission ?

Object S_DEVELOP
    ACTVT = 03
    DEVCLASS = *
    OBJNAME = *
    OBJTYPE = DEBUG
    P_GROUP = *

This authorization object S_DEVELOP controls access to development functions, where ACTVT = 03 represents the debug activity and OBJTYPE = DEBUG specifies debug objects.

Permission Trace Using ST01

Try to perform a permission trace using Transaction ST01 to verify the authorization checks ?

Transaction ST01 allows you to trace system authorization checks and identify any missing permissions during debug operations.

Troubleshooting Authorization Issues

If you still don't find a check for the permission, there might be a problem in generating roles in the system. Sometimes when you add a role, it might add a different set of roles to such users.

There might be a different program written for debugging. This can be checked using Transaction SU53 in the system. This transaction is used to display authorization data for users ?

Transaction SU53 shows the last authorization failure for the current user, helping you identify exactly which authorization object or field is missing for debug access.

Conclusion

Assigning debug roles in SAP ABAP requires proper configuration of the S_DEVELOP authorization object and can be verified using transactions ST01 and SU53 for troubleshooting authorization issues.