With RRA the central routines handling the database access are enhanced to supply an additional layer of access control added on top of the multi entity logic already implemented in the software.
The implementation of the access control is done in a single core routine where the specific semantic of the access control generates a filtering SQL condition with the intention to restrict the accessible entries to those entries readable be the current user.
The basic idea consists on the following ideas
The field RRALEV is intended to hold something like an access or security level for each individual entry.
If this field holds the default value (which usually is space) the default access rights are valid. The default access rights might be readable for everybody or readable only for a special group of users. Thus the default access right is not always, everybody may read everything.
If certain transactions are intended to operate globally and thus do not utilize the multi entity routines the routine “SdbEtyGenRraCon” might be called separately to retrieve a potential necessary RRA-restriction condition.
The concept is utilized at CS and UBS in customization.
Results in classified contracts are invisible to users not listed in the user-ids of the contract.
Results in contracts are only visible to all user of the own security level or above.