(DV-2002) Appendix A - DVD Authorization concept

Owned by SNP
Last updated: Apr 08, 2020 by Marian Vidra

Authorization checks are not part of a standard release transport of the product and are delivered in separate transport upon request. 

InfoProvider authorization check implementation

InfoProvider authorization check controls the access to the image data of following test cases:

  • ListCube Test Case
  • SLO ListCube Test Case
  • Drill Down Test Case
  • DTP Test Case

FMs of the standard Listcube transaction are used for InfoProvider authorization check. If the user does not have permissions to see all data of InfoProvider (taking into account all analysis authorizations regardless of what does image contains) he will not be able to display the results of such InfoProvider image in Validate. 

Currently used authorization checks consist of calling these modules:

RSDRC_AUTHORITY_CHECK - for analysis authorizations;

RSSB_AUTHORITY_CHECK - for S_RS* like standard authorizations on BW reporting;

This implementation is more restrictive but works wise same as the SAP authorization concept. 

Additional information

  • For RFC based variants, authorizations for InfoProvider are checked against used RFC user. 
  • If by any chance authorization check will be not done completely (RFC not working, InfoProvider no longer exist), data will not be displayed.
  • If there is a different after image variant used in variant, authorization check is done also for values of that variant. If any of those two authorization checks fails, no data are displayed.

Query authorization check implementation

Query authorization check controls the access to image data of following test case:

  • Query Test Case

To follow the same principle as in standard reporting (2 step authorizations), query authorization implementation is following:

  1. Check authorization of  S_RS_COMP1, S_RS_COMP for user and the query (which image is being displayed).
  2. If the first authorization passed, do InfoProvider authorizations check.

This authorization concept is more restrictive then SAP but does follow same concept. 

Additional information

  • For RFC based variants, authorizations for query/Infoprovider are checked against used RFC user. 
  • If by any chance authorization check will be not done completely (RFC not working, InfoProvider no longer exist), data will not be displayed.
  • If there is a different after image variant used in variant, authorization check is done also for values of that variant. If any of those two authorization checks fails no data are displayed.