Wednesday, January 29, 2020

Few remarks on usage of RSUDO / RSECADMIN t-codes

Suite of t-codes like RSECADMIN (central t-code Analysis Authorization management) and RSUDO (Execution as Other User) are very important while analyzing issues of production queries. Very important is feature of the RSUDO (btw it is very smart name of the t-code, similarly like on OS level – execute something on behalf of other user) which simply executes the BW report on behalf of other user.

Normally we can expect that while user A executes particular query on behalf of other user (let’s say user B) the query result should be the same as the same query is executed by user B directly.

However, such an assumption might be wrong. Especially it can be wrong on cases in where customer exit variable is used in the query definition or in user's authorization definition. Other case can be while a system variable sy-uname is used in customer exit variable coding.

Reason is that value of variable sy-uname can’t be converted in case one user executes the query on behalf of other. The system cannot change the sy-uname variable. Thus the A value of the sy-uname is in place for user A and B value for the same is in place for user B.

One of the solution how to avoid such a situation is to avoid usage of sy-uname in the customer exit coding. This can be done at least for cases when variable is used in the query definition or in user's authorization definition. By leveraging function module  RSEC_GET_USERNAME in coding a proper user name (the one of which analysis authorization should be evaluated ) can be retrieved.

See also help pop-up in t-code RSUDO available under button “How does this work”.

More information:

1914703 - Transaction RSECADMIN "Execute as User" has different BW query result compared to direct BW query execution result by this user

No comments: