Dear SAPLearners, in this blog post we will learn about access control in CDS view and the steps to create DCL Source.
Access Control in CDS view
DCL stands for Data Control Language. A DCL source allows to restrict the results returned by CDS view according to access conditions.
DCL allows to perform authorization checks for CDS view.
Also Read: How authorization/privileges checks are performed in CDS View
Step-by-Step Procedure
1. Launch ADT in Eclipse.
2. In your ABAP project, select the relevant package node in the Project Explorer. Right click on the package node and then navigate to New >> Other Repository Object.
3. Choose Core Data Services and select DCL Source. Click “Next” button.
4. In New Access Control window, enter the Name and the Description of the DCL source. Click “Next” button.
5. In Templates window, you can choose from the predefined templates. Some of the templates are not yet supported.
6. Choose Finish to create DCL source.
There are three types of access rules that can be specified in DCL source.
- Condition Access Rule
- Full Access Rule
- Inherited Access Rule which inherit the existing CDS role
[1] Condition Access Rules
The condition access rule control the access using access conditions.The access conditions are of two type:
Literal Condition
Compare on field of the CDS view with a literal value.
@EndUserText.label: 'Demo: Authorization Check'
@MappingRole: true
define role Zflight_Role_A
{
grant
select
on Zflight_ACCESS_CONTROL_A
where carrid<> 'AZ';
}PFCG Condition
User one or more fields of the CDS view to look up the user authorizations. PFCG condition is always based on one authorization object.
@EndUserText.label: 'Demo: Authorization Check'
@MappingRole: true
define role Zflight_Role_A
{
grant
select
on Zflight_ACCESS_CONTROL_A
where (carrid) = aspect pfcg_auth ( S_CARRID,
CARRID,
ACTVT = '03' );
}[2] Full Access Rule
The full access rule grants the unrestricted access. All users can access the CDS view data with out access condition
@EndUserText.label: 'Demo: Authorization Check'
@MappingRole: true
define role Zflight_Role_A
{
grant
select
on Zflight_ACCESS_CONTROL_A;
}[3] Inherited Access Rule
The inherited access rule which inherits the existing CDS role access conditions of CDS view that are used as data source in another CDS view.
@EndUserText.label: 'Demo: Authorization Check'
@MappingRole: true
define role Zflight_Role_A
{
grant
select
on Zflight_ACCESS_CONTROL_A
inherit Zflight_Role_B;
}Congrats!! you have successfully learned the steps to create access control in CDS view and DCL source to restrict the data from CDS view.
Please feel free to comment and let us know your feedback. Subscribe for more updates
If you liked it, please share it! Thanks!
