在那篇小说中,CDS视图中1二分首要的1派

壹) 全访问示例(Full access

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_FULLACC'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_fullaccess
  as select from
    scarr
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

 DCL:

@MappingRole: true
define role demo_cds_role_fullaccess {
  grant select on demo_cds_auth_fullaccess; }

陆) 根据当前用户的权柄控制示范

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_USR'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_user
  as select from
    abdocmode
    {
      key uname,
      key langu,
          flag
    };  

DCL:

@MappingRole: true
define role demo_cds_role_user { 
  grant select on demo_cds_auth_user
    where
      uname ?= aspect user; }

剧情分为多少个部分:

5. 权力的并集(UNION)和交集(INTE悍马H2SECTION)

1,通过“AND”取权限的滥竽充数。那里定义了1个新的权杖“ZS_FLDAT”,它只含有三天的限量(201伍.0二.0肆

  • 二零一四.0二.0陆)。修改DCL,增添混合:

    @EndUserText.label: ‘Role for Z05_I_FLIGHTBYAIRPORT’
    @MappingRole: true
    define role Z05_ROLE {

      grant select on Z05_I_FlightByAirport
       where ( Airline) = 
              aspect pfcg_auth (  ZS_CARRID,
                                  CARRID,
                                  actvt = '03' ) AND
             (FlightDate ) = 
              aspect pfcg_auth (  ZS_FLDAT,
                                  FLTDATE,
                                  actvt = '03' );
    

    }

新匍京视频在线 1

2,通过“OR”取并集:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline) = 
            aspect pfcg_auth (  ZS_CARRID,
                                CARRID,
                                actvt = '03' ) OR
           ( FlightDate ) = 
            aspect pfcg_auth (  ZS_FLDAT,
                                FLTDATE,
                                actvt = '03' );

}

新匍京视频在线 2

 三,尽管在多个权力对象中添加那七个字段,那结果就仿佛于交集:

新匍京视频在线 3

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline, FlightDate) = 
            aspect pfcg_auth (  ZS_NEW,
                                CARRID,
                                FLTDATE,
                                actvt = '03' );

新匍京视频在线 4

注意:毫无忘记在Cube
CDS视图的层级定义权限,而非分析视图层级。
假若您在分析查询层级定义了和第伍部分一如既往的权柄,那么:

  • 在SAP HANA Studio的数量预览中,结果看起来是对的。
  • 在帕杰罗S本田CR-VT, BO Analysis for
    Excel和别的使用了OLAP引擎的工具中,使用的是Cube
    CDS视图的权位(如有定义)。

注意:在HANA
Studio的数码预览中,分析查询的结果会整整出示。为了考订那点,能够给分析查询创立以下访问控制:

@MappingRole: true
define role Z05_ROLE_2 {
  grant select on Z05_C_FlightByAirportQuery 
               inherit Z05_ROLE; }

结论:你能够为CDS分析视图定义权限的混合只怕并集。

 

本文甘休,感激关注!

 

英文原稿:ABAP CDS views with Authorization based on Access
Control

 

  1. 规范示例的访问控制。
  2. 依照PFCG权限制造2个简练的例子。
  3. 包括CUBE数据类别的CDS分析视图。
  4. CDS分析查询视图的访问控制。
  5. 权限对象的并集(UNION)也许夹杂(INTE中华VSECTION)。

5) 继承权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_INH'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_inherited
  as select from
    demo_cds_auth_lit_pfcg
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

DCL:

@MappingRole: true
define role demo_cds_role_inherited {
  grant select on demo_cds_auth_inherited
               inherit demo_cds_role_lit_pfcg or currcode = 'USD'; }

在那个事例会显示USD和EUWrangler类型货币的记录。

Hi!

3. 带有CUBE数据类其余CDS分析视图

1,通过复制已部分内容创设大家和好的CDS视图。那是一个暗含CUBE数据分类的CDS视图(译注:代码框出了点难题,大家聚拢看下..):

 

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

2,在访问控制中开始展览定义:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
    where ( Airline ) = 
    aspect pfcg_auth (  ZS_CARRID,
                        CARRID,
                        actvt = '03' );

}

三,在篇章的第壹片段,大家在权力对象中添加了ZS_CA昂科拉ENVISIONID。在HANA
Studio的数额预览中反省结果。行数是530.新匍京视频在线 5

 

四,在工作代码奥德赛S帕杰罗T中检查结果,行数也是530。结果壹律。

伍,在BO Analysis for
Excel中反省结果。结果是一致的,对用户而言,只有选中的航空公司得以被访问。

 新匍京视频在线 6

注意:没有AF航空集团的事务数据,那是地点的荧屏未出示相关数据的缘故。

正文的阐发基于本人正在利用的S4/HANA 16拾 on NW 7.51.

本文的阐发基于本人正在利用的S4/HANA 1陆10 on NW 7.51.

陆) 依据当下用户的权杖控制示范

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_USR'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_user
  as select from
    abdocmode
    {
      key uname,
      key langu,
          flag
    };  

DCL:

@MappingRole: true
define role demo_cds_role_user { 
  grant select on demo_cds_auth_user
    where
      uname ?= aspect user; }

正文链接:http://www.cnblogs.com/hhelibeb/p/7427753.html

四) 字面条件和PFCG权限结合示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITPFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_lit_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };    

DCL:

@MappingRole: true
define role demo_cds_role_lit_pfcg {
  grant select on demo_cds_auth_lit_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03') and
         currcode = 'EUR'; }
  1. 行业内部示例的访问控制。
  2. 听大人说PFCG权限创造三个大致的例子。
  3. 带有CUBE数据类其他CDS分析视图。
  4. CDS分析查询视图的访问控制。
  5. 权限对象的并集(UNION)可能夹杂(INTEEscortSECTION)。

一. 标准示例的访问控制例子

四. CDS分析查询视图的访问控制。

一,在第二有个别的CUBE CDS中制造2个分析查询视图。

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

 

2,在HANA
Studio中开始展览多少预览,行数依然48玖四。看起来CDS分析查询没有选取到Cube
CDS视图权限,但是实际并非如此。你并不供给为分析查询CDS视图创制额外的访问控制。

3,在Excel中反省CR-VS哈弗T只怕BO分析的结果。结果注脚Cube
CDS视图的权力在分析查询中起到了效果。

新匍京视频在线 7

注意:在解析查询定义中不须求成立任何变量,就像我们在含蓄权限的BEx查询中那么。

4,修改Cube CDS视图,添加权限对象ZS_CONNID而非ZS_CARRID

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( FlightConnection) = aspect pfcg_auth (  ZS_CONNID,
                                                     CONNID,
                                                     actvt = '03' );

}

分析查询结果变得严峻了(在第3片段的第6步能够看出ZS_CONNID的定义).

今后结果的行数是212.

新匍京视频在线 8

三. 含有CUBE数据类别的CDS分析视图

一,通过复制已部分内容创制我们自个儿的CDS视图。那是一个暗含CUBE数据分类的CDS视图(译注:代码框出了点难题,我们集合看下..):

 

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

二,在访问控制中进行定义:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
    where ( Airline ) = 
    aspect pfcg_auth (  ZS_CARRID,
                        CARRID,
                        actvt = '03' );

}

叁,在篇章的第三有个别,我们在权力对象中添加了ZS_CA卡宴XC60ID。在HANA
Studio的数目预览中反省结果。行数是530.新匍京视频在线 9

 

4,在工作代码CR-VSLANDT中检查结果,行数也是530。结果1律。

五,在BO Analysis for
Excel中检查结果。结果是一致的,对用户而言,只有选中的航空公司能够被访问。

 新匍京视频在线 10

注意:没有AF飞行集团的政工数据,那是上边包车型客车荧屏未显示相关数据的由来。

一) 全访问示例(Full access

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_FULLACC'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_fullaccess
  as select from
    scarr
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

 DCL:

@MappingRole: true
define role demo_cds_role_fullaccess {
  grant select on demo_cds_auth_fullaccess; }

五. 权力的并集(UNION)和混合(INTERSECTION)

1,通过“AND”取权限的搅和。那里定义了3个新的权能“ZS_FLDAT”,它只包蕴叁天的限制(201伍.0二.04

  • 2015.0二.0陆)。修改DCL,扩展混合:

    @EndUserText.label: ‘Role for Z05_I_FLIGHTBYAIRPORT’
    @MappingRole: true
    define role Z05_ROLE {

      grant select on Z05_I_FlightByAirport
       where ( Airline) = 
              aspect pfcg_auth (  ZS_CARRID,
                                  CARRID,
                                  actvt = '03' ) AND
             (FlightDate ) = 
              aspect pfcg_auth (  ZS_FLDAT,
                                  FLTDATE,
                                  actvt = '03' );
    

    }

新匍京视频在线 11

2,通过“OR”取并集:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline) = 
            aspect pfcg_auth (  ZS_CARRID,
                                CARRID,
                                actvt = '03' ) OR
           ( FlightDate ) = 
            aspect pfcg_auth (  ZS_FLDAT,
                                FLTDATE,
                                actvt = '03' );

}

新匍京视频在线 12

 三,假如在2个权力对象中添加这八个字段,这结果就接近于交集:

新匍京视频在线 13

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline, FlightDate) = 
            aspect pfcg_auth (  ZS_NEW,
                                CARRID,
                                FLTDATE,
                                actvt = '03' );

新匍京视频在线 14

注意:不要忘记在Cube
CDS视图的层级定义权限,而非分析视图层级。
1经您在条分缕析查询层级定义了和第陆部分同壹的权能,那么:

  • 在SAP HANA Studio的数额预览中,结果看起来是对的。
  • 在MuranoS瑞虎T, BO Analysis for
    Excel和其他使用了OLAP引擎的工具中,使用的是Cube
    CDS视图的权限(如有定义)。

注意:在HANA
Studio的多寡预览中,分析查询的结果会全部显示。为了勘误这一点,能够给分析查询创立以下访问控制:

@MappingRole: true
define role Z05_ROLE_2 {
  grant select on Z05_C_FlightByAirportQuery 
               inherit Z05_ROLE; }

敲定:你能够为CDS分析视图定义权限的插花大概并集。

 

正文甘休,多谢关怀!

 

英文最初的文章:ABAP CDS views with Authorization based on Access
Control

 

四) 字面条件和PFCG权限结合示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITPFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_lit_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };    

DCL:

@MappingRole: true
define role demo_cds_role_lit_pfcg {
  grant select on demo_cds_auth_lit_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03') and
         currcode = 'EUR'; }

3) PFCG权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 }; 

DCL:

@MappingRole: true
define role demo_cds_role_pfcg {
  grant select on demo_cds_auth_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03'); }

 权限对象s_carrid能够在工作代码SU21中的BC_C object类下查到。

二. 依照PFCG权限创造二个简便的事例

复制以下代码,创设大家和好的CDS视图:

@AbapCatalog.sqlViewName: 'ZDEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'Demo access pfcg'
define view Zdemo_Access_Pfcg as select from scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };   

三,未来,假设在HANA
Studio中开辟数据预览,大家将得以见见具备记录。访问控制最近还不设有。

新匍京视频在线 15

2,在SU二一创办我们温馨的自定义权限对象:

新匍京视频在线 16

对此各类对象定义权限字段和移动字段,加入允许活动“03展现”。在本示例中,我们要在ZS_CONNID中添加字段CAPRADO汉兰达ID和CONNID。

新匍京视频在线 17

新匍京视频在线 18

3,为ZS_CATucson奥迪Q7ID创设数量控制。

@MappingRole: true
define role zdemo_access_pfcg {
  grant select on Zdemo_Access_Pfcg
  where (carrid) =
  aspect pfcg_auth (zs_carrid, carrid, actvt='03'); }

四,在PFCG中开创一个新的剧中人物,在此地丰盛刚刚制造的权杖对象,定义用户应当看到的依据选拔字段的数目。不要遗忘生成配置。为大家的用户分配剧中人物。

在率先个示范中,我们只行使ZS_CARAV四悍马H2ID。在篇章的后面,我们会用到其余的靶子。

新匍京视频在线 19

新匍京视频在线 20

5,回到HANA Studio来测试权限。打开大家的CDS视图的数据预览:

新匍京视频在线 21

当今大家只看到了概念好的航空公司(CACR-V大切诺基ID)字段的记录。

注意:

  1. 一旦在ABAP字典(SE1壹)中开拓视图,结果会是全体数码记录。
  2. 假若在DDL中期维修改注脚为如下内容,并激活CDS视图,大家将得以另行在数量预览中来看任何数码。那意味检查已经倒闭。

    @AccessControl.authorizationCheck: #NOT_ALLOWED

结论:在三个从数据库表中查询数据的粗略例子中,我们看出了访问控制是怎么着行事的。下边讲讲CDS分析视图。

正文链接:http://www.cnblogs.com/hhelibeb/p/7427753.html

内容分成三个部分:

对每贰个CDS视图,我们都得以透过DCL(Data Control
Language)定义访问控制。在那篇文章中,小编会介绍ABAP
CDS视图中很是首要的一面:权限管理。

壹. 标准示例的访问控制例子

四. CDS分析查询视图的访问控制。

一,在第一片段的CUBE CDS中开创三个解析查询视图。

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

 

贰,在HANA
Studio中进行数量预览,行数照旧489四。看起来CDS分析查询没有行使到Cube
CDS视图权限,但是实际并非如此。你并不需求为分析查询CDS视图创立额外的访问控制。

三,在Excel中反省大切诺基S奔驰G级T也许BO分析的结果。结果注明Cube
CDS视图的权能在解析查询中起到了成效。

新匍京视频在线 22

注意:在条分缕析查询定义中不供给创立任何变量,就如大家在含蓄权限的BEx查询中那么。

四,修改Cube CDS视图,添加权限对象ZS_CONNID而非ZS_CARRID

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( FlightConnection) = aspect pfcg_auth (  ZS_CONNID,
                                                     CONNID,
                                                     actvt = '03' );

}

解析查询结果变得严刻了(在第三局地的第四步可以见见ZS_CONNID的定义).

当今结果的行数是21贰.

新匍京视频在线 23

三) PFCG权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 }; 

DCL:

@MappingRole: true
define role demo_cds_role_pfcg {
  grant select on demo_cds_auth_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03'); }

 权限对象s_carrid可以在工作代码SU21中的BC_C object类下查到。

二. 基于PFCG权限创设3个不难的例证

复制以下代码,创立大家同心合力的CDS视图:

@AbapCatalog.sqlViewName: 'ZDEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'Demo access pfcg'
define view Zdemo_Access_Pfcg as select from scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };   

叁,未来,假若在HANA
Studio中打开数据预览,大家将能够看出富有记录。访问控制最近还不存在。

新匍京视频在线 24

二,在SU二一创办大家友好的自定义权限对象:

新匍京视频在线 25

对此每种对象定义权限字段和移动字段,插足允许活动“03展现”。在本示例中,我们要在ZS_CONNID中添加字段CARAV四牧马人ID和CONNID。

新匍京视频在线 26

新匍京视频在线 27

3,为ZS_CA帕杰罗RubiconID创造数量控制。

@MappingRole: true
define role zdemo_access_pfcg {
  grant select on Zdemo_Access_Pfcg
  where (carrid) =
  aspect pfcg_auth (zs_carrid, carrid, actvt='03'); }

四,在PFCG中创设三个新的剧中人物,在此地丰盛刚刚创设的权力对象,定义用户应当看到的依据选拔字段的多少。不要忘记生成配置。为大家的用户分配剧中人物。

在第三个示范中,大家只使用ZS_CA本田CR-VRAV4ID。在作品的背后,我们会用到别的的对象。

新匍京视频在线 28

新匍京视频在线 29

5,回到HANA Studio来测试权限。打开大家的CDS视图的数码预览:

新匍京视频在线 30

现在我们只见到了定义好的宇宙航行公司(CA帕杰罗路虎极光ID)字段的笔录。

注意:

  1. 倘使在ABAP字典(SE11)中打开视图,结果会是1切数额记录。
  2. 壹旦在DDL中修改申明为如下内容,并激活CDS视图,大家将得以重复在数据预览中来看任何数码。那意味检查已经倒闭。

    @AccessControl.authorizationCheck: #NOT新匍京视频在线,_ALLOWED

结论:在二个从数据库表中查询数据的简练例子中,大家看出了访问控制是什么样行事的。上边讲讲CDS分析视图。

2) 字面条件示例(Literal conditions

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITERAL'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_literal
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };

DCL:

@MappingRole: true
define role demo_cds_role_literal {
  grant select on demo_cds_auth_literal
  where carrid = 'LH'; }

 

 

5) 继承权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_INH'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_inherited
  as select from
    demo_cds_auth_lit_pfcg
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

DCL:

@MappingRole: true
define role demo_cds_role_inherited {
  grant select on demo_cds_auth_inherited
               inherit demo_cds_role_lit_pfcg or currcode = 'USD'; }

在那些例子会显示USD和EU陆风X捌类型货币的记录。

Hi!

2) 字面条件示例(Literal conditions

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITERAL'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_literal
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };

DCL:

@MappingRole: true
define role demo_cds_role_literal {
  grant select on demo_cds_auth_literal
  where carrid = 'LH'; }

对每一个CDS视图,咱们都能够经过DCL(Data Control
Language)定义访问控制。在那篇小说中,笔者会介绍ABAP
CDS视图中至极关键的单方面:权限管理。

相关文章