cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dynamic SQL in SAP HANA stored procedures - Using mapping table

Go to solution
former_member204732
Participant

on ‎2021 May 29 8:09 AM

0 Kudos
2,521

In SAP ECC we have created a mapping table containing user and organisation authorization access.

U1 : OrgA
U2 : OrgB
U3 : *

We have created a SAP HANA Calculation View in SQL Analytics Privileges. And we have an authorization dynamic authorization process in place, which will filter the access to the organisation dynamically based on the reading of the mapping table.

The solution works.

Expect for the management of the * value corresponding to the access to all organisation.

Would you know how to adjust the source code below to manage the access to all organisation ?

PROCEDURE "_SYS_BIC"."REPORTS::CONTROLE_AUTH_ORGANISATION" ( out OUT_FILTER VARCHAR(500) ) 
    LANGUAGE SQLSCRIPT
    SQL SECURITY definer
    DEFAULT SCHEMA ABAP
    READS SQL DATA AS
BEGIN

 VALUES_LIST = SELECT USER_NAME,'organisation in (' ||'''' || STRING_AGG(RESTRICTION, ''',''' )  ||  '''' || ')' 
 as RESTRICTION from auth_table
 where USER_NAME = SESSION_USER
 group by USER_NAME;
 
 SELECT distinct RESTRICTION into OUT_FILTER from :VALUES_LIST;

END;

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

pfefferf
Active Contributor
‎2021 May 29 8:28 AM

The IN operator will not work for that case, because it will just do a string comparison for the '*' from your auth_table.

You need to implement a special handling. If for the user a star is found in the auth_table, instead of returning an expression with the IN operator, you have to return an expression with the LIKE operator (-> 'organisation like ''%''').

Show replies
Show replies
former_member204732
Participant
‎2021 May 29 3:24 PM
0 Kudos

May Thanks Florian.

Is there a way to debug SQLScript ? Or to display step by step variables values ?

pfefferf
Active Contributor
‎2021 May 31 5:50 AM
0 Kudos

Yes, it is possible. Just search for "SQLScript Debugger", then you find all the relevant stuff.

Answers (1)

Answers (1)

Cocquerel
Active Contributor
‎2021 May 29 3:44 PM
0 Kudos

I would suggest the following code:

PROCEDURE "_SYS_BIC"."REPORTS::CONTROLE_AUTH_ORGANISATION" ( out OUT_FILTER VARCHAR(500) ) 
    LANGUAGE SQLSCRIPT
    SQL SECURITY definer
    DEFAULT SCHEMA ABAP
    READS SQL DATA AS
BEGIN

 VALUES_LIST = SELECT USER_NAME,'organisation in (' ||'''' || STRING_AGG(RESTRICTION, ''',''' )  ||  '''' || ')
 OR 0 < ' || SUM (CASE WHEN RESTRICTION = '*' THEN 1 ELSE 0 END)
 as RESTRICTION  from auth_table
 where USER_NAME = SESSION_USER
 group by USER_NAME;

 
 SELECT distinct RESTRICTION into OUT_FILTER from :VALUES_LIST;

END;
Show replies
Show replies
former_member204732
Participant
‎2021 May 30 8:16 AM
0 Kudos

Thanks a lot all.

The syntax proposed : SELECT USER_NAME,'organisation in ('||''''|| STRING_AGG(RESTRICTION,''',''')||''''|| ')OR0<' || SUM (CASE WHEN RESTRICTION = '*' THEN1ELSE0END)

doesn't works.

I agree with the proposal of using : LIKE operator (-> 'organisation like ''%''').

I am not familiar with SQL Script coding do not know how to implement it ?

May you provide me some details ?

Thanks

Cocquerel
Active Contributor
‎2021 May 30 10:55 AM
0 Kudos

What error do you have with the code I suggested ?

former_member204732
Participant
‎2021 May 30 7:06 PM
0 Kudos

The error message is : Syntax error. "0" is incorrect or misplaced.

Cocquerel
Active Contributor
‎2021 May 31 7:42 AM
0 Kudos

On my side, I have no syntax error and the result is as expected.
I guess you made a copy/paste error

Ask a Question