Kontakt

Ansicht
Dokumentation

ABENCDS_F1_DEFINE_PFCG_MAPPING - CDS F1 DEFINE PFCG MAPPING

ABENCDS_F1_DEFINE_PFCG_MAPPING - CDS F1 DEFINE PFCG MAPPING

SUBST_MERGE_LIST - merge external lists to one complete list with #if... logic for R3up   rdisp/max_wprun_time - Maximum work process run time  
This documentation is copyright by SAP AG.
SAP E-Book

- DEFINE PFCG_MAPPING

$[pfcg_mapping_annot$]
$[DEFINE$] PFCG_MAPPING pfcg_mapping(output1$[, output2 ...$])
  BETWEEN mapping_entity AND auth_object $[IN SCENARIO scenario_name$]
  { input1 = auth_field1 $[CONSTRAINT ID$]$[,
    input2 = auth_field2 $[CONSTRAINT ID$] ... $] }

Addition:

... IN SCENARIO

Effect

Defines a PFCG mapping pfcg_mapping as part of a CDS access policy defined using DEFINE ACCESSPOLICY. The name of the PFCG mapping must match the name of the CDS access policy.

The definition of a PCFG mapping contains the following:

  • A comma-separated list after the name pfcg_mapping in which the output fields of the PFCG mapping are defined. These fields must be elements of the CDS entity mapping_entity specified after BETWEEN. The specified order is relevant.
  • A CDS entity mapping_entity specified after the keyword BETWEEN to define the fields used in the mapping. This definition specifies the input and output fields of the mapping.
  • An authorization object auth_object specified after the keyword AND. The PFCG mapping can be used in exactly those PFCG conditions in which this authorization object is specified after ASPECT pfcg_auth.
  • A comma-separated unordered list in curly brackets that associates the input fields input1, input2, ... of the mapping with authorization fields auth_field of the authorization object auth_object.
  • The input fields on the left sides must be elements of the CDS entity mapping_entity specified after BETWEEN.

  • Authorization fields of the authorization object auth_object must be specified on the right sides.

  • Any number of optional assignments can be flagged using the addition CONSTRAINT ID.

A PFCG mapping can be used in a PFCG condition of the same authorization object. It is transformed to specific access conditions as follows when the condition is evaluated:

  • The values of the current user for the authorization fields assigned to the input fields fill the input fields of the mapping.
  • The output fields of the mapping are assigned to the elements within the curly brackets of the PFCG condition in the specified order.
  • The following applies to the input fields flagged with CONSTRAINT ID:
  • Only those authorization fields of the authorization object can be assigned that contain a single value in a specific authorization. Multiple values or patterns are not allowed (with the exception of full authorization using the value "*"). Otherwise the PFCG mapping in the PFCG condition returns the value "false" for the authorization in question.

  • Full authorization can be assigned only when applied to all input fields of the PFCG mapping.

  • If full authorization exists for all input fields of the PFCG mapping (value "*"), the PFCG mapping in the PFCG condition returns the value "true" when evaluated. This makes it possible to read entries of the protected entity for which there are no output fields in the mapping.

Addition

... IN SCENARIO

Effect

To use a PFCG mapping in a PFCG condition where the authorization object is subject to the switchable authorization check, the PFCG mapping must also name the same scenario (as well as the same authorization object). For more information, see the PFCG condition of the statement DEFINE ROLE.

Note

In access to a CDS entity assigned a role of this type, PFCG mappings are defined internally using a subquery after EXISTS.

Example

The following example shows the definition of a PFCG mapping demo_cds_auth_pfcg_mapping based on the CDS entity demo_cds_mapping_entity below. The output fields of the PFCG mapping are the authorization fields OBJECT, OBJ_NAME, and DEVCLASS of the authorization object S_DEVELOP. The input fields of the PFCG mapping are the elements of the CDS entity to which the output fields are assigned. The example that demonstrates how a PFCG mapping is specified in a role shows how the mapping is used.

  • PFCG Mapping
  • CDS Entity





ABAP Short Reference   CL_GUI_FRONTEND_SERVICES - Frontend Services  
This documentation is copyright by SAP AG.

Length: 8248 Date: 20240508 Time: 020007     sap01-206 ( 113 ms )