Ansicht
Dokumentation
ABENCDS_F1_COND_LITERAL - CDS F1 COND LITERAL
rdisp/max_wprun_time - Maximum work process run time RFUMSV00 - Advance Return for Tax on Sales/PurchasesThis documentation is copyright by SAP AG.
- DEFINE ROLE, literal_condition
... $[ALL$|EXISTS$] ${
${ element $[BYPASS WHEN bypass_condition$]
operator $['$]value$['$] $}...
$| ${ element $[BYPASS WHEN bypass_condition$] $[NOT$] BETWEEN $['$]value1$['$] AND $['$]value2$['$] $}
$| ${ element $[BYPASS WHEN bypass_condition$] $[NOT$] LIKE 'value' $[ESCAPE 'esc'$] $}
$| ${ element $[BYPASS WHEN bypass_condition$] IS $[NOT$] NULL $}
$| ${ element $[BYPASS WHEN bypass_condition$] IS $[NOT$] INITIAL $} $} ...
Additions
1. ... ALL
2. ... EXISTS
3. ... BYPASS WHEN ...
Effect
Literal condition as part of an access condition cds_cond in an access rule of the statement DEFINE ROLE in CDS DCL. A literal condition can be one of the following relational expressions for an element element of the CDS entity for which the access condition is defined.
- Comparison with a literal value value using a logical operator operator.
- Check using $[NOT$] BETWEEN to verify whether the value on the left side is (or is not) within the interval limits specified by two literal values value1 and value2.
- Check using $[NOT$] LIKE to verify whether a string on the left side matches (or does not match) the pattern on the right side. The percent sign (%) can be used as a placeholder for any string and the underscore character (_) for any single character. The addition ESCAPE can be used to define a single character escape character 'esc' in quotation marks for the placeholders.
- Check using IS $[NOT$] NULL to verify whether the left side is (or is not) the null value.
- IS $[NOT$] INITIAL, check to verify whether the value of the left side matches (does not match) the initial value of the ABAP data type of the element.
- When element is declared as optional and does not exist at runtime, the effect of the condition matches the DEFAULT value of the element (logical true or false). To avoid that a safe default of FALSE is flipped to TRUE accidentally, the usage of an element marked as optional inside of a NOT operator leads to an error.
The element element can be specified directly or by using a path expression path_expr and must have one of the valid data types. A numeric literal value can be specified in quotation marks but this is not mandatory. A character-like literal value must be specified in quotation marks. In a set-valued path expression, it is sufficient for the condition to be true for just one of the values.
When a literal condition is evaluated by CDS access control, only those rows are selected in which the content of the CDS element element meets the condition.
Notes
- Within the definition of an access rule, literal conditions can be used together with PFCG conditions, user conditions, inheritance conditions, or as individual conditions.
- The character # is recommended as
the escape character esc for the operator LIKE.
Addition 1
... ALL
When element contains at least one set-valued association, the basic form of the condition will allow access when it is fulfilled for any of the resulting values.
For example, when the values are "A", "B" and "C", the condition element = 'B' will give access.
When access shall only be granted when the condition is fulfilled for all values, this can be specified by the ALL quantifier.
In the example above, ALL element = 'B' will not give access due to the existence of "A" and "C".
However, ALL element < 'D' will give access.
Notes
- The ALL quantifier results in an additional EXISTS statement on the database, formulated on the protected entity. It cannot be guaranteed that the database optimizer recognizes this constellation properly as self-join. The performance of the database selection can therefore be impacted.
- The quantifier ALL can be applied to a condition regardless of whether element contains a set-valued association at all. However, it will then not have an effect but lead to the potential performance degradation when applied unnecessarily.
- An association with an empty result set is handled equally to a single result with a null value.
Addition 2
... EXISTS
The basic form of the statement already realizes an EXISTS like semantics, however, it provides a coupling of multiple set-valued elements in the same entity row.
For example, we consider an association toSetVal spawning from an entity row and with the following value in two of its columns:
| toSetVal Row Number | toSetVal.F1 | toSetVal.F2 |
| 1 | A | B |
| 2 | C | D |
The access condition
toSetVal.F1 = 'A' and toSetVal.F2 = 'D'
intuitively would be considered to be true, because for each constituent, the condition is true.
However, at runtime, the association toSetVal will be realized by the database interface as a single join operation (exceptions apply when path filters are used or in CDS DDIC-based views using annotation compareFilter), so there is a coupling between F1 and F2.
Due to this coupling, the condition will not be fulfilled.
This situation can be resolved by introduction of the explicit EXISTS quantifier, which breaks-up this coupling and lets the condition be evaluated for each EXISTS condition individually:
EXISTS toSetVal.F1 = 'A' and EXSITS toSetVal.F2 = 'D'
Addition 3
... BYPASS WHEN ...
Effect
The addition BYPASS WHEN bypass_condition can be used to specify that the element is not used for authorization filtering if it meets the specified condition.
The following are possible for bypass_condition:
- IS NULL
- IS INITIAL
- IS INITIAL OR NULL
This addition is useful when using quantifier ALL to express that some of the association values may have this value and still satisfy the condition.
For example, when those are the values of a set-valued association
| toSetVal Row Number | F |
| 1 | A |
| 2 | <NULL> |
| 3 | A |
This condition
ALL toSetVal.F = 'A'
will not return the entity row, but this condition will:
ALL toSetVal.F BYPASS WHEN IS NULL = 'A'
Example
The following CDS role defines an access condition for the CDS view demo_cds_auth_literal. A single literal condition is specified for the element carrid in the CDS view.
The CDS view is as follows:
The program DEMO_CDS_AUTH_LITERAL uses SELECT
to access the view. CDS access control selects only that data that matches the literal condition. This means that a maximum of one row is selected regardless of any other conditions in the view.
General Material Data General Data in Customer Master
This documentation is copyright by SAP AG.
Length: 15357 Date: 20240426 Time: 045617 sap01-206 ( 239 ms )
