...as Martin suggested already earlier: use the debugger...
I had a similar case today, where a dedicated user had to be locked out from the possibility to modify coding in SE38, and that was done like this:
* §§§ Begin of Safety Measure in <system SID>
if sy-uname = '<user-ID>'.
if MODUS ne 'SHOW' and ( P_TRDIR_INF-APPL = 'S' or "System P_OBJECT(4) = 'Z_ZX' ).
* l_ber_obj = 'S_DEVELOP'.
* MESSAGE s519(eu) RAISING no_modify_permission WITH l_ber_obj.
* EXIT.
l_subrc = 4.
-->and later on l_subrc was evaluated to present a 'no authorizaiton' message, although SAP_ALL, etc.had been assigned to the user...
That explained, why no result was found in st01,su53, as in fact no auth-check failed, but the faiilure was programmatically simulated...
b.rgds, Bernhard