Access Control(DCL) in CDS View

Uncategorized Leave a comment

cdsUsing Access Control(DCL) in CDS View

 

 

The post describes how to create and use a Access Control(DCL) in the CDS views(DDL).

Below we have a simple CDS view on the SCARR table. Execute to see the data preview.

1

So here it displays all the data. So the CDS view works fine.

2

Now the next step is to create the Access Control or the DCL view but before that let’s check what authorization object we can use for this.

Go to Tx- SU21 to check the authorization objects. For FLIGHT demo SAP already provides few authorization object that we can make use of in our demo. Lets search for the Auth object- S_CARRID

3

Here it is under the Auth Class– BC_C  . Double click on the auth object- S_CARRID

4

Here is the details. Select the button Permitted Values to check what all authorization are available.

5

Here we have all the auth available, but we will use the Display auth value ’03’

6

For the demo purpose i have created one more Auth Class- ZTST and auth object- ZCARRID

7

 

8

Here only display auth is checked.

9

So in the demo we have two auth objects- S_CARRID belongs to BC_C class and ZCARRID belongs to ZTST class out of which only S_CARRID auth object is assigned to the user but not ZCARRID. 

We can check the assigned auth object to the user simply by executing Tx- SU56.

Tx- SU21

10

11

Tx- Su56   . Here current user have S_CARRID auth is assigned but not the ZCARRID auth object.

1213

Go back to the HANA studio ABAP perspective and create a new DCL source.

14

Provide name and description and select NEXT.

15

Select NEXT.

16

Select FINISH.

17

Here we have the DCL template, now we can do some changes here.

18

Provide a meaningful label.

Provide role name as- ZSCARR_ROLE

select on – the CDS view name as – ZDEMO_SCARR_CDS 

We can mention the auth object as – S_CARRID  filed names as CARRID & actvt with value as ’03’- Display. Save and activate it.

19

A more clear snapshot.

20

 

So in DCL, the CDS view name  is assigned against the auth object name. Now execute the cds view.

21

Here no problem, the auth object S_CARRID is assigned to the user and hence we have the output.

22

Lets change the DCL, instead of auth object S_CARRID, assign auth object ZCARRID which is not assigned to the user. Save and activate the DCL .

23

Execute the cds view.

24

We don’t have any data on the preview. 🙂 

25

Though we have a dcl with auth object is associated with the CDS view, we can suppress that by the semantic rule.

26

Change the  authorizationcheck – Not Allowed . Activate the cds view and execute.

27

So here we have all the data.

28

Let’s try it out how the auth check fails by the trace.

Execute Tx- ST01 and choose Auth Check and select the radio button- Error. Finally select Trance On.

29

Trace switch is on now.

30

The DCL having auth objetc as –  ZCARRID which is not assigned to the user.

31

Make the authorizationCheck as – #check . Activate and execute.

32

No data  on the preview – perfectly fine.

33

Make trace off.

34

Select Analysis button.

35

Select Auth check and error from the right side – Trace record section and F8.

36

Now the trace clearly says – The auth check for the auth object- ZCARRID  against the entity- ZDEMO_SCARR_CDS  with actvt- 03 have a return code- RC12 ( Failed – user does not have the authorization)

37

38.jpg

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s