To help Enterprise search users to understand the pitfalls of not scheduling a delta index for object USER_AUTHORITY.
Enterprise Search Users may find themselves with no Search output from the programme 'esh_test_search' and/or might find that when they enable expert mode in this programme and tick on Authorization Debug mode, that the search fails with authorisation errors.
Embedded Search/Enterprise search has built in authorisation control. This means that a user will get only those hits from TREX for which he or she is authorized. Authorization control is
built into the search call. It is not an additional step that is applied on the search result. In order to accomplish authorization control we also index user data and user authorizations in addition to the ordinary object data. A user that is not indexed for whatever reason will not get any hits for a connector (if the connector uses authorization control) even though this user may be authorized according to roles assigned in SU01.
From this you can conclude the following: After successful initial indexing of connectors all users can find objects in Embedded Search according to their respective authorizations.
From this point on two things have to be considered: objects are created/changed over time and also users/authorizations are created and changed over time. All these changes must be replicated into TREX
in suitable time intervals so that the search results keep in sync with the data in the DB tables.
Whenever user IDs or authorizations are modified the affected user ID are registered in table ESH_AU_USR_UPD. Then the delta indexing job for USER_AUTHORITY picks up these user IDs and replicates them into TREX along with the respective authorizations. NOTE: old entries in here indicates that User_Authority has not been recently indexed. The entries are deleted from table ESH_AU_USR_UPD after indexing of USER_AUTHORITY has finished.
The Object USER_AUTHORITY cannot utilize the realtime indexing functionality, users must schedule a periodic delta indexing for this object in the Administration Cockpit
So, if your search output fails with Authorization errors then quiet possibly you have not indexed USER_AUTHORITY at all, or not recently enought to pick up and index the lastest Authorization/User
1: Ensure that you have the parameter auth/new_buffering is set to 4 (tx: RZ11) (this enables the ESH_AU_USR_UPD update mechanism)
2: Reindex the object USER_AUTHORITY
3: Ensure that you set up delta indexing in Enterprise search to index your USER_AUTHORITY object at least once a day
this will ensure that any and all changes to USER ID's and authorizations are picked up and indexed into Trex providing you with the very latest Authorizations
452904 - Loss of authorization after profile generation