Suite
of t-codes like RSECADMIN (central
t-code Analysis Authorization management) and RSUDO (Execution as Other User) are very important while analyzing
issues of production queries. Very important is feature of the RSUDO (btw it is
very smart name of the t-code, similarly like on OS level – execute something
on behalf of other user) which simply executes the BW report on behalf of other
user.
Normally
we can expect that while user A executes particular query on behalf of other
user (let’s say user B) the query result should be the same as the same query
is executed by user B directly.
However,
such an assumption might be wrong. Especially it can be wrong on cases in where
customer exit variable is used in the query definition or in user's
authorization definition. Other case can be while a system variable sy-uname is used in customer exit
variable coding.
Reason
is that value of variable sy-uname can’t be converted in case one user executes
the query on behalf of other. The system cannot change the sy-uname variable.
Thus the A value of the sy-uname is in place for user A and B value for the
same is in place for user B.
One
of the solution how to avoid such a situation is to avoid usage of sy-uname in
the customer exit coding. This can be done at least for cases when variable is
used in the query definition or in user's authorization definition. By leveraging
function module RSEC_GET_USERNAME in coding a proper user name (the one of which
analysis authorization should be evaluated ) can be retrieved.
See
also help pop-up in t-code RSUDO available under button “How does this work”.
More
information:
1914703 -
Transaction RSECADMIN "Execute as User" has different BW query result
compared to direct BW query execution result by this user
