When we define a CDS view with our ADT tools, we provide a useful tool to query data from database tables and more. Since may your data has to been protected, we can use the access control to set the visibility of our data, who can access it and exactly what data can be queried.
So first we have defined a simple CDS view, showing the airports from the ZAIRPORTS table. This view gets used for a value help dialog in other data definition views. But for now, we just want to set the access control for this value help view.
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'Value help for Airports'
define view entity ZVALUEHELP_AIRPORTS as select from zairports
{
@EndUserText.label: 'Airport Code'
key airport_id as AirportId,
name as Name,
city as City,
@EndUserText.label: 'Country Code'
country_code as CountryCode
}This CDS view now returns us all the airports from various countries and cities:
In our header annotation, we have defined, that we want an active #CHECK that an access control has to be defined in order to use this CDS view. You can define here also other annotation depending on your case
| Value | Description |
|---|---|
| #NOT_REQUIRED | Evaluation of a CDS role protecting the view occurs at runtime. Syntax check does not verify the existence of the role; the default setting. |
| #CHECK | Similar to #NOT_REQUIRED, but includes a syntax check warning if no CDS role protects the view. |
| #MANDATORY | Like #CHECK, with the addition of a runtime error if no CDS role protects the view. |
| #NOT_ALLOWED | No access control is performed. If a role is assigned to this view, a syntax warning is issued, and access control is ignored at runtime. |
| #PRIVILEGED_ONLY | Access to the CDS entity requires the use of the ABAP SQL addition WITH PRIVILEGED ACCESS. Refer to SAP note: 2725274 for detailed information. |
Now we are ready to create an access control on top of this view. For that, we first choose to create it via the menu:
Then we define a name for our access control and the entity, which should be protected:
Normally you would choose the name the same as the CDS view in order to keep it simple to associate the access controls with the views.
Now once we have created the access control, we can now define a simple condition, what should be filtered by default for all users. Here we just want that German airports should be get displayed. Therefore, we set here a simple WHERE clause setting the country code to ‘DE’.
@EndUserText.label: 'Access control for Airports'
@MappingRole: true
define role ZVALUEHELP_AIRPORTS {
grant
select
on
ZVALUEHELP_AIRPORTS
where
CountryCode = 'DE';
}When we then start the data preview of our CDS view again, we see the result immediately:
This was just a quick example of the setup of a simple access control. In another blog post, we will check out how to do this PFCG and authorization objects.
Leave a Reply