Ansicht
Dokumentation

ABENCDS_F1_DEFINE_ROLE - CDS F1 DEFINE ROLE

rdisp/max_wprun_time - Maximum work process run time   SUBST_MERGE_LIST - merge external lists to one complete list with #if... logic for R3up  
This documentation is copyright by SAP AG.

- DEFINE ROLE

@MappingRole: true
$[@role_annot1$]
$[@role_annot2$]
...
$[DEFINE$] ROLE role_name { access_rules }

Effect

Defines a CDS role called role_name in the CDS DCL. A CDS role consists of one or more access rules access_rules specified within the curly brackets. Each access rule defines access to a CDS entity. A CDS role can contain access rules for different CDS entities. An access rule either defines an access condition for the CDS entity or grants full access. When a CDS entity of this type is accessed using , an access condition is evaluated as an additional selection condition.

Before the role is defined using DEFINE ROLE, the annotation @MappingRole must be specified with the value true. The annotation @MappingRole is used to assign the CDS role to every user regardless of the client. Further optional annotations role_annot1, role_annot2, ... can also be specified.

Notes

• Every CDS role defined using DEFINE ROLE is assigned to every user implicitly, which means that the associated access control is applied to every user. User-specific checks are applied using PFCG conditions and user conditions.

• By default, when is used for reads for a non-SQL CDS entity, access control is applied if a CDS role exists for the entity. The associated annotation @AccessControl.authorizationCheck has the default value #CHECK. In this case, CDS entities without assigned roles produce a syntax check warning in the DDL editor. This can be disabled using the annotation value #NOT_REQUIRED. The value #NOT_REQUIRED does not, however, disable implicit access control.

• A CDS role can be defined for a CDS entity in every package and in every system and specifies that implicit access control applies.

• Access control can be disabled for a CDS entity as follows:

• Specify the annotation @AccessControl.authorizationCheck with the value #NOT_ALLOWED in the definition of the entity. In this case, the definition of a role for the CDS entity produces a syntax check warning in the DCL editor.

• Use the addition WITH PRIVILEGED ACCESS in the FROM clause of an query when the entity is accessed.

• Separate DCL source code must be created for each CDS role. The DCL source code of a CDS role is edited in a different editor from the DDL source code of a CDS entity (a CDS view or CDS table function) or a CDS metadata extension. The ADT documentation describes how the different types of source code are created. CDS source code can also be displayed in Repository Browser in ABAP Workbench.

TXBHW - Original Tax Base Amount in Local Currency   Addresses (Business Address Services)  
This documentation is copyright by SAP AG.

Length: 6356 Date: 20240424 Time: 231004     sap01-206 ( 72 ms )