Show TOC

 Symmetrical Double Verification Principle


This process controls access to infotypes by stipulating that two users are always required to create or change infotype data. The users have the same authorizations, which is why the process is called symmetrical.


The process functions as follows:

  • Both users are granted authorizations with the authorization level S (symmetric), R (read) and M (matchcode) for the P_ORGIN (or P_ORGXX) authorization object instead of complete write authorizations ( authorization level W or * ). These authorizations allow each user to create locked data records, change locked data records, and relock unlocked data records.

  • In addition, each user can unlock data as long as he or she is not the last person to have changed the locked data.

  • Neither user can delete data.


  • User A (or user B) creates new data and user B (or user A) unlocks the new data.

  • To change existing data, user A (or user B) locks and changes the data and user B (or user A) unlocks the data.

  • Another user must be consulted to delete existing data.