Showing results for 
Search instead for 
Did you mean: 

Custom Queries and authorisations

0 Kudos


I want to create a new specific report. I will create a custom CDS, then a custom query and finally a custom app. It works all right.

For instance, I've created an app to analyse the customer open items with some criteria available in the sales document.

Now, I would like to restrict the access to this data depending on some criteria. Let say that I would like to create athorisation profiles depending on the company code.

In the description of the root CDS i'm using, the documentation says:

To create the new app, I must specify a catalog. I look for a catalog that makes sense for this CDS: SAP_FIN_BC_GL_ANALYTICS_PC.

This catalog handles some restrictions types:

And I see no restriction type that would match the CDS prerequisites.

My question is: how will the system determine what data a user will be allowed to display? How the link between the CDS prerequisite and the catalog restriction types is made?

Thanks in advance for any enlightment you may give me.


Accepted Solutions (0)

Answers (1)

Answers (1)

Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Former Member : Thanks for posting your query here. As far as I know the authorizations check in a custom analytical query is derived from the user access in the CDS views the user has. And Access to CDS views is determined by the Business Catalogs for access to specific business apps. Hence I would say that whatever restriction types are created and applied for a Business Role would be applicable to the Custom query as well. Though I have never tried it with a use case, but this is what I can stipulate on the existing mechanism for Identity and Access Management.

We have a clear coverage for custom catalog extensions but that covers the extensibility framework and not the custom analytical framework. Though to confirm this I would suggest you to check the coverage with SAP support on the components - CA-GTF-VDM-QB (Query Browser) or BC-SRV-APS-EXT-AQD (Fiori based Query Designer) and you might also be required to input an influence request.

Nevertheless as a workaround, you can always filter the selection criteria before you publish the Custom Analytical query if you want user to restrict accessing the particular dataset. This will set the filter range or data sets as per your requirement and I would suggest you to experiment a little on this front. Also you can save the report as template for your own internal use or to public and/or default based on the relevance of the report.

Hope this helps.