Scribd
Upload
705 views4 pages

CDS View Authorization Checks in ABAP

Uploaded by

Priyaranjan Nayak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
705 views4 pages

CDS View Authorization Checks in ABAP

Uploaded by

Priyaranjan Nayak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Authorization Check in ABAP CDS View

05/05/2019

Dear SAPLearners, in this blog post we will learn about Access control or Authorization checks in
CDS view. Before going into the technical details. Lets look at the concepts involved and their
meaning.

We all know how authorization works in ABAP, most of the authorization checks are implemented in
ABAP using ABAP statement AUTHORITY-CHECK which depends upon the PFCG role assigned to the
user.

So, to provide authorization checks in ABAP CDS view a new repository object called Data Control
Language (“DCL”) introduced.

Data Control Language (“DCL”)


Data Control Language(DCL) is a language used to de ne the authorization for the ABAP CDS view
which controls access to the data retrieved based on user.

DCL de nition is created in DCL editor in eclipse ABAP Development Tool(ADT) using the keyword
DEFINE ROLE …

Also Read: How to create DCL source for CDS view

How it works?
DCL source de nition de nes a CDS role using key work DEFINE ROLE. It contains the syntax to
grant data selection from one or more CDS using key word GRANT SELECT ON and have access
condition for the CDS view using keyword WHERE.

Image Courtesy from SAP

Lets see a sample DCL syntax

@[Link]: 'Demo: Authorization Check'


@MappingRole: true
define role Zflight_Role_A
{
grant
select
on Zflight_ACCESS_CONTROL_A
where carrid<> 'AZ';
}

In the above DCL syntax

ZFLIGHT_ROLE_A is the role name


ZFLIGHT_ACCESS_CONTROL_A is CDS view

Lets look at the ZFLIGHT_ACCESS_CONTROL_A CDS view de nition below, it retrieves all data records
from SPFLI table.

@[Link]: 'ZAC_A'
@[Link]: true
@[Link]: #CHECK
@[Link]: 'Access Control B'
define view Zflight_ACCESS_CONTROL_A
as select from spfli
{
*
}

Now that we applied authorization check using DCL: the data preview of CDS view retrieves all data
records except CARRID <> ‘AZ’. The database interface will automatically lter the selection results
according to the access condition.

Data Preview before:

Data Preview after:


Now, we know that a DCL repository object is used to control data access in CDS view.

Authorization-related Annotations
Lets look what are authorizations related annotations which have to be declared in both CDS DDL
source de nition and DCL source de nition.

Annotations in DCL
@[Link]:
The translatable short text for role
@MappingRole:
Value true: Role is implicitly to all users

Annotations in DDL
@[Link]:
#CHECK: Perform authorization check, Syntax warming if no role is assigned
#NOT_REQUIRED: Similar to #CHECK but suppress syntax warning
#NOT_ALLOWED: No authorization check. Syntax warning if role is assigned.

Congrats!! you have successfully learned how to perform authorization check in ABAP CDS view
using Data Control Language (“DCL”).

Please feel free to comment and let us know your feedback. Subscribe for more updates

If you liked it, please share it! Thanks!

Prakash
SAP Fiori Consultant

You might also like