Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
AbhishekSharma
Active Contributor
34,139
Hello,

In this blog post we will be seeing how we can use Access Controls in CDS Views or Authorization Objects in CDS Views.

Authorization Objects or Access Controls are used to limit users and provide users only required and needed Information based on there work profile/role.

 

SAP Access control in ABAP CDS restricts the data returned from a CDS entity view in ABAP CDS.

SAP Access Control provides an additional method for checking authorizations in the SAP authorization concept.

Ref : https://help.sap.com/doc/abapdocu_750_index_htm/7.50/en-US/abencds_authorizations.htm

 

Scenario : We want to show specific Airline data to user, we will be restricting User with help of Access Control to see only data about specific Airline and not all Airlines.

 



 

Step by Step Guide to Create and Use SAP ABAP CDS Access Control


 

Step 1 Create Access Control


 


Provide name to Access Control and click on Next


 

There are various templates available to create Access Control. In this demo we are going to use most common used template "Define Role with PFCG". This template needs one PFCG Role to be created and that role will be assigned to user.

 

Select template and click on Finish.


 

Once click on Finish button, we get the template created.

We have already created Role and Authorization Object in system with name ZSPFLI_AUT with Activity 03 (Display)

 

Step 2 Create Role and Maintain Authorization Object


 

Role Created



 

Authorization Object Created



 

Step 3 Update AccessControl annotation to #CHECK


 

To allow CDS View to access Authorization Object or Access Control we need to add below line in our CDS View

 

@AccessControl.authorizationCheck: #CHECK

 

Set value of authorizationCheck annotation to #CHECK. If we do not make change to this annotation to #CHECK Access Control will not be trigger

We want to apply Access Control on CDS View Z_C_MDE_SFLIGHT which returns Flight details.

 


 

Step 4 Make changes to generated Access Control Template


 

Now after making changes to generated template we got below Access Control completed, where we are reading data from CDS View Z_C_MDE_SFLIGHT

 



Step 5 Execute CDS View


We are only getting Singapore Airlines records which are based on our Access Control


 

If we change @AccessControl.authorizationCheck: #NOT _ALLOWED

Even if Access Control is applied on CDS View, Authorization check will not be triggered.

 


 

Again preview data, we are getting all records for all Airlines.

 


 

Advantage of using Access control:



  1. There is no need to modify any CDS View if we have different cases for access.

  2. We can easily use existing Role and Authorization Objects and no need to create new one.

  3. Data level restrictions can be applied along with Role based check easily.


 

Thanks-

https://www.youtube.com/channel/UCjXZ-tts_5gde1QvptsNbrQ?sub_confirmation=1

Abhishek

 
1 Comment
Labels in this area