Web Help
|
|
Home
Back
Forward
Contents
Index
Product Help
Support
Print
Feedback|
Back to |
The Winshuttle Function Module for QUERY
The Winshuttle Function Module (WFM) for QUERY is an ABAP component that is installed on your SAP server and is designed to allow QUERY users to securely extract information while minimizing the performance impact on the SAP system. The WFM governs QUERY interaction with the SAP system, controlling security and performance issues related with data extraction.
Security in WFM
Data security in QUERY is built around the existing SAP security authorization policies/objects. In addition to standard SAP authorization that requires Table Display authorization (S_TABU_DIS), the WFM provides a custom security table for organization-level authorization, e.g., company code, plant, sales organization, etc. In this table, the SAP administrator can specify additional authorization checks on the data. The Winshuttle custom security table consists of the following fields:
- Table name = SAP Table name to be secured
- Authorization Fieldname = Field in the SAP table to be used for authorization check
- Authorization object = Assigned authorization object to be checked
So, for example, if the table name MARC is to be secured by the user’s Plant (WERKS)-level authorization (contained in the standard SAP authorization object M_MATE_WRK) , the entry in this custom table would be: Table Name = MARC, Fieldname = WERKS, Authorization Object = M_MATE_WRK.
Commonly used security and authorization objects are delivered as a standard part of this custom table. However, this security table can be modified by an SAP Administrator to add, remove, or change entries through the SAP transaction code SM30. The security in WFM works as follows: during query creation and query execution, the WFM first uses the standard SAP security authorization to determine access level. Next, the WFM checks the Winshuttle security table which provides another security layer. Using the results of these authorizations, the WFM checks each SAP record and filters unauthorized data elements from the final output. The WFM ensures that QUERY users only query and extract authorized data.
Security considerations when WFM is not installed
Without the WFM, the custom security table is not installed. Therefore, security operations must be maintained either locally or through Winshuttle CENTRAL.
Performance control in WFM
The Winshuttle patented Adaptive Query Throttling technology dynamically optimizes the execution of these queries based on the existing load on the SAP system. This ensures that the QUERY application queries do not clog the SAP server performance. This dynamic throttling is enabled as follows: To begin, a loop join approach is used for multitable queries. JOINS are not directly passed for execution but are broken into single table SELECT statements. The results of these single table joins are eventually combined together to create the query results.
Before every single-table SELECT execution, the percentage of free server capacity is calculated. When servers are heavily loaded, proportionate delays are introduced in SELECT statement execution so as to avoid clogging the server. For servers with free dialog processes, no delay is given. However, as the traffic increases and the server capacity decreases (as measured by the number of free dialog processes available) the Dynamic Process Optimization (DPO) algorithm dynamically throttles the request.
Adaptive Query Throttling can run only with systems that include the WFM. However, queries run faster when Adaptive Query Throttling is turned off.
Mismatched joins: The WFM enables joins between indexed and non-indexed fields, and between fields of different sizes.
Character limits: The length of query input values can vary depending on whether the WFM is deployed on a system or not. The following table describes how these limits differ.
Variable |
With QUERY |
Without QUERY |
Query text length limit |
65536 characters |
N/A |
Field length limit |
4010 characters |
512 characters |
Where clause length limit |
Applicable only when the IN operator is used.
|
N/A |
Installing the WFM
The procedures for installing a function module differ depending on your SAP system. For the appropriate installation guide, contact Winshuttle Support.
|
Also in this section |
Trademarks
Winshuttle.com
Back to top
