Connecting via RSDRI_DF to BW data, different authorization concepts apply. Details are described here: OLAP Authorizations
For RSDRI_DF access the user needs SAP Standard Authorization. For issues go to ST01 and switch on the 'Authorization check' for the user. In the authorization trace log you will then find, what authorization objects are checked and what authorizations your user is missing.
Access to BW InfoProvider data can additionally be secured by the Analysis Authorizations. If the InfoProvider has one characteristic that is switched on as 'authorization-relevant', then the user maintained in the DF connection needs analysis authorizations or 0BI_ALL in S_RS_AUTH.
If the user has analysis authorizations assigned and still sees an 'No authorization' message, record an authorization protocol (see note 1234567) for the access by data federator.
Most common issue: colon authorization for aggregated data is missing (see note 1140831).
Data Federator authorization settings
In the DFAT two properties have direct impact on the authorizations:
1) authorityCheck (see DFAT user guide)
For access to the BW via RSDRI_DF it can be decided in the connection if the authorization shall be checked.
"... Sets the parameter in SAP NetWeaver BW that indicates whether or not to check authorizations.The parameter in SAP NetWeaver BW specifies whether SAP NetWeaver BW should do the following.Should it check whether the user account is authorized to see therequested data (read) or should authorizations not be checked atall (none)?
• true (default): SAP NetWeaver BW checks read authorizations.
• false: SAP NetWeaver BW checks no authorizations.
If you set it to 'true' you need to think about the next setting.
2) enableAuthorizationFiltering (see DFAT user guide)
Analysis authorizations do not work as a filter, but the set of authorizations assigned to a user are checked against the selection made. To simplify query design and user design Bex queries know variables filled by authorization. As of note 1500945 this can be triggered for the functions RSDRI_DF_TEXT_READ and RSDRI_READ_INFOPROV_DF as well with with parameter authority_filter.
"...When set to true, authorizations filtering is enabled: the connector will ensure that filters are automatically added to satisfy the SAP BI authorizations defined for the current user. When the authorization filtering is disabled, the user will get an error if he tries to get unauthorized data. By default the value is false.
If you expect the system to automatically add the analysis authorizations as filters and behave similar as if a variable filled by authorization is used, make sure to set this parameter to 'true'.