Tiven Wang
Wang Tiven October 24, 2016
425 favorite favorites
bookmark bookmark
share share


  1. Introduction to CDS on HANA and ABAP part 1
  2. Introduction to CDS on HANA and ABAP part 2 - Authorization Check
  3. Introduction to CDS on HANA and ABAP part 3 - Unit Test

Data Control Language (DCL)

相较于ABAP的authorization check,CDS Views增加了隐式的数据级别的权限定义:Data Control Language (DCL)。 当你使用Open SQL查询CDS View时,此View相关联的DCL权限检查会被隐式地执行。

Data Control Fields

为了能在数据级别进行权限检查,我们需要把权限检查所使用的字段暴露在CDS View里。在上一篇创建的View基础上新增字段MarketingArea(代表Digital Account所述的营销区域)以此来控制用户的访问数据权限。

@AbapCatalog.sqlViewName: 'ZMKT_DIGACC'
@AccessControl.authorizationCheck: #CHECK
define view Z_Mkt_Digacc as select from cuand_da_root
association [0..*] to cuand_ce_mp_root as _MarketingPermission
    on cuand_da_root.comm_cat_key = _MarketingPermission.comm_cat_key {
  key cuand_da_root.db_key as DigitalAccount,
  cuand_da_root.mkt_area_id as MarketingArea,

@AccessControl.authorizationCheck: #CHECK 定义使用Open SQL访问此View时的隐式授权检查,详细Syntax

DCL Source

在 Core Data Services 文件夹下新建 DCL Source 文件,文件名使用与View一样的 Z_Mkt_Digacc

@EndUserText.label: 'Mapping role for Z_MKT_Digacc'
@MappingRole: true
define role Z_Mkt_Digacc {
  grant select on Z_Mkt_Digacc
  where ( MarketingArea ) =
  aspect pfcg_auth (  hpa_mkt_ar,
                      HPA_OBJ = 'CUAN_DIGACC',
                      actvt = '03' );

@MappingRole: true 为固定值,目前已经不支持false。这里是指此role自动分配给所有用户。
where ( MarketingArea ) where 条件定义,这里使用的是PFCG conditions,也可以用 literal conditions,也支持多个字段条件。
aspect pfcg_auth pfcg_condition 通过授权对象限制字段值

Create Role using PFCG

创建一个新的Role,然后添加授权对象 hpa_mkt_ar 给这个Role,并设置授权对象的 HPA_OBJ=’CUAN_DIGACC’ 和 MKTAREA_ID 的值(实际中此用户需要能够看到的值)。然后把此Role分配给用户,那么用户则有权限查看指定数据了。

Check Authorization using SACM

想要查看CDS View的权限问题,Tcode SACM(Access Control Management) 可以帮助你调试。

打开Tcode SACM -> ACM Runtime Tool(for SELECT)

ACM Runtime Tool in SACM
ACM Runtime Tool in SACM


Similar Posts

  • SAP HANA Database SAP HANA is an in-memory, column-oriented, relational database management system developed and marketed by SAP SE. Its primary function as database server is to store and retrieve data as requested by the applications. In addition, it performs advanced analytics (predictive analytics, spatial data processing, text analytics, text search, streaming analytics, graph data processing) and includes ETL capabilities as well as an application server.
  • Unit Test by Spring MVC Test Framework Testing is an integral part of enterprise software development. Dependency Injection should make your code less dependent on the container than it would be with traditional Java EE development. This topic introduce how to create Unit Test by Spring MVC Test Framework for Java project on HCP
  • Apply Spring Data JPA to Java Project on HCP Spring Data’s mission is to provide a familiar and consistent, Spring-based programming model for data access while still retaining the special traits of the underlying data store. Spring Data JPA, part of the larger Spring Data family, makes it easy to easily implement JPA based repositories. This module deals with enhanced support for JPA based data access layers. It makes it easier to build Spring-powered applications that use data access technologies.
  • Apply Spring Architecture to Java Project on HCP The Spring Framework is an application framework and inversion of control container for the Java platform. The framework's core features can be used by any Java application, but there are extensions for building web applications on top of the Java EE platform. Although the framework does not impose any specific programming model, it has become popular in the Java community as an alternative to, replacement for, or even addition to the Enterprise JavaBeans (EJB) model. I will show you how to apply Spring Frameworks to Java project on HANA Cloud Platform.
  • Persistence Service for Java Maven Project on HCP The Java Persistence API (JPA) is a Java specification for accessing, persisting, and managing data between Java objects / classes and a relational database. JPA was defined as part of the EJB 3.0 specification as a replacement for the EJB 2 CMP Entity Beans specification. In this topic I will show you how to create persistence service for Java project on HCP using Java Persistence API (JPA) and it's implementation EclipseLink


Back to Top