Context:
Report authorization currently only takes the first definition into account to grant users access. For Multi definition reports all definitions need to be checked for user access though.

AT:

• report authorization is taking all definitions into account in cases of:
  • create/update/delete/getting a report
  • evaluating a report (by id or by definition)
  • import/export of a report
• a user must have access to all definitions of a report to be authorized for it