(DV-2411) Appendix A - DVD Authorization Concept

Authorization checks are not part of the standard release transport of the product and are delivered in separate transport on request. 

InfoProvider authorization check implementation

InfoProvider authorization check controls access to image data of the following test cases:

  • ListCube Test Case
  • SLO ListCube Test Case
  • Drill Down Test Case
  • DTP Test Case

FMs of the standard Listcube transaction are used for the InfoProvider authorization check. If the user does not have permission to see all data of InfoProvider (taking into account all analysis authorizations) (regardless of what does image contains) he will not be able to display the results of such InfoProvider image in SNP Validate. 

Currently used authorization checks consist of calling these modules:

RSDRC_AUTHORITY_CHECK: For analysis authorizations.

RSSB_AUTHORITY_CHECK: For S_RS* like standard authorizations on BW reporting.


This implementation is more restrictive but is function-wise the same as the SAP authorization concept. 

Additional information

  • For RFC-based variants authorizations for InfoProvider are checked against the used RFC user. 
  • If by any chance authorization check will be not done completely (RFC not working, InfoProvider no longer exists) data will not be displayed.
  • If there is a different after image variant used in the variant, an authorization check is done also for the values of that variant. If any of those two authorization checks fails no data are displayed.

Query authorization check implementation

Query authorization check controls access to image data of the following test case:

  • Query Test Case

To follow the same principle as in standard reporting (two-step authorizations), the query authorization implementation is following:

  1. Check authorization of  S_RS_COMP1, S_RS_COMP for the user, and the query (which image is being displayed).
  2. If the first authorization is passed, do the InfoProvider authorizations check.

This authorization concept is more restrictive than SAP but does follow the same concept. 

Additional information

  • For RFC-based variants, authorizations for Query/InfoProvider are checked against the used RFC user. 
  • If by any chance authorization check will be not done completely (RFC not working, InfoProvider no longer exists) data will not be displayed.
  • If there is a different after image variant used in the variant, an authorization check is done also for the values of that variant. If any of those two authorization checks fails no data are displayed.