SAP S/4HANA CDS View的访问控制实现:DCL介绍

本文涉及的产品
访问控制,不限时长
简介: 来自我的同事Xu Miles Authorization Objects are business concept, they are distinguished by business scenario.

来自我的同事Xu Miles

Authorization Objects are business concept, they are distinguished by business scenario.
Therefore, there might be a lot of Authorization Objects using the same Authorization Field. Such as VKORG.

In Sales Planning, there're two Authorization Objects related to Sales Area, V_VBAK_VKO and V_VBRK_VKO, they represent transaction scenario Sales Document and Billing Document repectively. If we want to extract the Sales Area master data, technically we could use any Authorization Object with Authorization Field VKORG, VTWEG, SPART.
However, considering the authorization of the business user, we need to use Authorization Object V_VBAK_VKO and V_VBRK_VKO separately when end user is planning for income sales or sales volume.
To do this, we could use additional CDS view + DCL to realize.

Example on ERG/001:

CDS: ZMX_SalesArea_DCL
DCL: ZMX_SalesArea_DCL
The logic in DCL:

@EndUserText.label: 'Auto assigned mapping role for ZMX_SalesArea_DCL'
@MappingRole: true
define role ZMX_SalesArea_DCL  {
grant select on ZMX_SalesArea_DCL
where (SalesPlanPurpose = '0' and (SalesOrganization, DistributionChannel, Division) =
aspect pfcg_auth (V_VBAK_VKO,
VKORG,
VTWEG,
SPART,
actvt = '03'))
OR (SalesPlanPurpose = '1' and (SalesOrganization) =
aspect pfcg_auth (V_VBRK_VKO,
VKORG,
actvt = '03'));
}

The logic in the CDS view:

define view ZMX_SalesArea_DCL
as select from
I_SalesArea
{
key SalesOrganization,
key DistributionChannel,
key Division,

'0' as SalesPlanPurpose

}
union all select from I_SalesArea
{
key SalesOrganization,
key DistributionChannel,
key Division,

'1' as SalesPlanPurpose
};

Authorization test on QW9/910
User: MILES01
Authorization:

Test Report:

REPORT mx_test_sa_dcl.

PARAMETERS:
p_purp TYPE C LENGTH 1.

DATA:
lt_tab TYPE STANDARD TABLE OF i_salesarea_dcl.

SELECT * FROM i_salesarea_dcl INTO TABLE @lt_tab
WHERE salesplanpurpose = @p_purp.

LOOP AT lt_tab ASSIGNING FIELD-SYMBOL(<fs_row>).
WRITE:/ <fs_row>-salesorganization, <fs_row>-distributionchannel, <fs_row>-division, <fs_row>-salesplanpurpose.
ENDLOOP.

WRITE:/ 'Finished.'.

The logic flow is that firstly we use SalesPlanUUID to get SalesPlanPurpose, then with SalesPlanPurpose we could get the Sales Area master data via the corresponding Authorization Objects.
SalesPlanPurpose: 0 (Incoming sales)

SalesPlanPurpose: 1(Sales Volume)

本文来自云栖社区合作伙伴“汪子熙”,了解相关信息可以关注微信公众号"汪子熙"。

相关实践学习
消息队列+Serverless+Tablestore:实现高弹性的电商订单系统
基于消息队列以及函数计算,快速部署一个高弹性的商品订单系统,能够应对抢购场景下的高并发情况。
云安全基础课 - 访问控制概述
课程大纲 课程目标和内容介绍视频时长 访问控制概述视频时长 身份标识和认证技术视频时长 授权机制视频时长 访问控制的常见攻击视频时长
相关文章
|
供应链 数据挖掘 BI
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 VDM Composite View
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 VDM Composite View
|
供应链 数据挖掘 BI
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 CDS Dimension View
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 CDS Dimension View
|
SQL BI 数据处理
CDS view 之于 SAP S/4HANA 的重要意义
CDS view 之于 SAP S/4HANA 的重要意义
|
5月前
|
数据库
什么是 SAP S/4HANA 的 Brown Field 迁移和 Green Field 迁移
什么是 SAP S/4HANA 的 Brown Field 迁移和 Green Field 迁移
|
5月前
|
数据库
SAP S/4HANA 系统的底层基石 - 通过实际的例子,介绍 CDS View 入门级的概念试读版
SAP S/4HANA 系统的底层基石 - 通过实际的例子,介绍 CDS View 入门级的概念试读版
SAP S/4HANA 系统的底层基石 - 通过实际的例子,介绍 CDS View 入门级的概念试读版
|
数据建模 BI
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 CDS Hierarchy View
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 CDS Hierarchy View
|
供应链 数据挖掘 BI
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 CDS Cube View
什么是 SAP S/4HANA 的 VDM Layering Architecture 的 CDS Cube View
|
5月前
|
Java BI API
SAP Cloud for Customer 里如何通过 ABSL 二次开发方式消费 SAP S/4HANA 系统的 API
SAP Cloud for Customer 里如何通过 ABSL 二次开发方式消费 SAP S/4HANA 系统的 API
|
前端开发 JavaScript 数据库
SAP S/4HANA 的 Data-Centric Applications 编程范式
SAP S/4HANA 的 Data-Centric Applications 编程范式