Access Control(DCL) in CDS view

0
705

Dear SAPLearners, in this blog post we will learn about access control(DCL) in CDS view and the steps to create DCL Source.

DCL stands for Data Control Language. A DCL source allows to restrict the results returned by CDS view according to access conditions.

DCL allows to perform authorization checks for CDS view.

Also Read: How authorization/privileges checks are performed in CDS View

Step-by-Step Procedure

1. Launch ADT in Eclipse.

2. In your ABAP project, select the relevant package node in the Project Explorer. Right click on the package node and then navigate to New >> Other Repository Object.

3. Choose Core Data Services and select DCL Source. Click “Next” button.

4. In New Access Control window, enter the Name and the Description of the DCL source. Click “Next” button.

5. In Templates window, you can choose from the predefined templates. Some of the templates are not yet supported.

6. Choose Finish to create DCL source.

There are three types of access rules that can be specified in DCL source.

  • Condition Access Rule
  • Full Access Rule
  • Inherited Access Rule which inherit the existing CDS role

[1] Condition Access Rules

The condition access rule control the access using access conditions.The access conditions are of two type:

Literal Condition

Compare on field of the CDS view with a literal value.


@EndUserText.label: 'Demo: Authorization Check' 
@MappingRole: true 
define role Zflight_Role_A 
   { 
    grant 
        select 
            on Zflight_ACCESS_CONTROL_A
            where carrid<> 'AZ';            
}

PFCG Condition

User one or more fields of the CDS view to look up the user authorizations. PFCG condition is always based on one authorization object.


@EndUserText.label: 'Demo: Authorization Check' 
@MappingRole: true 
define role Zflight_Role_A 
   { 
    grant 
    select 
    on Zflight_ACCESS_CONTROL_A
    where (carrid)      = aspect pfcg_auth ( S_CARRID,
                                             CARRID,
                                             ACTVT = '03' );          
}

[2] Full Access Rule

The full access rule grants the unrestricted access. All users can access the CDS view data with out access condition


@EndUserText.label: 'Demo: Authorization Check' 
@MappingRole: true 
define role Zflight_Role_A 
   { 
    grant 
        select 
            on Zflight_ACCESS_CONTROL_A;      
}

[3] Inherited Access Rule

The inherited access rule which inherits the existing CDS role access conditions of CDS view that are used as data source in another CDS view.


@EndUserText.label: 'Demo: Authorization Check' 
@MappingRole: true 
define role Zflight_Role_A 
   { 
    grant 
        select 
            on Zflight_ACCESS_CONTROL_A
            inherit Zflight_Role_B;      
}

Congrats!! you have successfully learned the steps to create DCL source to restrict the data from CDS view.

Please feel free to comment and let us know your feedback. Subscribe for more updates

If you liked it, please share it! Thanks!

WordPress database error: [Table 'saplearn_wp1.wp_nsex_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_nsex_comments.comment_ID FROM wp_nsex_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 4384 AND comment_parent = 0 ORDER BY wp_nsex_comments.comment_date_gmt ASC, wp_nsex_comments.comment_ID ASC