Talking about authority checks, I love using the transaction SUIM to analyse authorization objects and values for users.
But one could also use a program such as RSABAPSC which can be used to trace the authority-check commands used in a program and its sub programs.
Also as a general rule of thumb you could check for the AUTHORITY_CHECK statement to identify the authority objects in programs.
However both of these methods RSABAPSC and the AUTHORITY_CHECK statement will not catch all authority checks.
Remember to use SU53 to see the details of a failed authority check object.