CDS视图中充足重大的另一方面,在这篇随笔中

Hi!

Hi!

对每一个CDS视图,我们都足以因此DCL(Data Control
Language)定义访问控制。在这篇小说中,我会介绍ABAP
CDS视图中那么些重要的单方面:权限管理。

对每一个CDS视图,我们都可以透过DCL(Data Control
Language)定义访问控制。在这篇小说中,我会介绍ABAP
CDS视图中丰富首要的一端:权限管理。

本文的阐发基于自身正在拔取的S4/HANA 1610 on NW 7.51.

正文的阐释基于自己正在采用的S4/HANA 1610 on NW 7.51.

内容分成五个部分:

情节分为七个部分:

  1. 标准示例的访问控制。
  2. 据悉PFCG权限创设一个粗略的事例。
  3. 带有CUBE数据类其余CDS分析视图。
  4. CDS分析查询视图的访问控制。
  5. 权限对象的并集(UNION)或者夹杂(INTERSECTION)。
  1. 正式示例的访问控制。
  2. 万博manbetx客户端,依照PFCG权限成立一个粗略的事例。
  3. 含有CUBE数据类其余CDS分析视图。
  4. CDS分析查询视图的访问控制。
  5. 权力对象的并集(UNION)或者夹杂(INTERSECTION)。

 

 

本文链接:http://www.cnblogs.com/hhelibeb/p/7427753.html

正文链接:http://www.cnblogs.com/hhelibeb/p/7427753.html

1. 专业示例的访问控制例子

1. 业内示例的访问控制例子

1) 全访问示例(Full access

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_FULLACC'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_fullaccess
  as select from
    scarr
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

 DCL:

@MappingRole: true
define role demo_cds_role_fullaccess {
  grant select on demo_cds_auth_fullaccess; }

1) 全访问示例(Full access

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_FULLACC'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_fullaccess
  as select from
    scarr
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

 DCL:

@MappingRole: true
define role demo_cds_role_fullaccess {
  grant select on demo_cds_auth_fullaccess; }

2) 字面条件示例(Literal conditions

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITERAL'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_literal
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };

DCL:

@MappingRole: true
define role demo_cds_role_literal {
  grant select on demo_cds_auth_literal
  where carrid = 'LH'; }

2) 字面条件示例(Literal conditions

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITERAL'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_literal
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };

DCL:

@MappingRole: true
define role demo_cds_role_literal {
  grant select on demo_cds_auth_literal
  where carrid = 'LH'; }

3) PFCG权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 }; 

DCL:

@MappingRole: true
define role demo_cds_role_pfcg {
  grant select on demo_cds_auth_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03'); }

 权限对象s_carrid可以在事情代码SU21中的BC_C object类下查到。

3) PFCG权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 }; 

DCL:

@MappingRole: true
define role demo_cds_role_pfcg {
  grant select on demo_cds_auth_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03'); }

 权限对象s_carrid可以在工作代码SU21中的BC_C object类下查到。

4) 字面条件和PFCG权限结合示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITPFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_lit_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };    

DCL:

@MappingRole: true
define role demo_cds_role_lit_pfcg {
  grant select on demo_cds_auth_lit_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03') and
         currcode = 'EUR'; }

4) 字面条件和PFCG权限结合示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITPFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_lit_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };    

DCL:

@MappingRole: true
define role demo_cds_role_lit_pfcg {
  grant select on demo_cds_auth_lit_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03') and
         currcode = 'EUR'; }

5) 继承权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_INH'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_inherited
  as select from
    demo_cds_auth_lit_pfcg
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

DCL:

@MappingRole: true
define role demo_cds_role_inherited {
  grant select on demo_cds_auth_inherited
               inherit demo_cds_role_lit_pfcg or currcode = 'USD'; }

在那些例子会显示USD和EUR类型货币的记录。

5) 继承权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_INH'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_inherited
  as select from
    demo_cds_auth_lit_pfcg
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

DCL:

@MappingRole: true
define role demo_cds_role_inherited {
  grant select on demo_cds_auth_inherited
               inherit demo_cds_role_lit_pfcg or currcode = 'USD'; }

在这一个例子会呈现USD和EUR类型货币的笔录。

6) 依据目前用户的权位控制示范

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_USR'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_user
  as select from
    abdocmode
    {
      key uname,
      key langu,
          flag
    };  

DCL:

@MappingRole: true
define role demo_cds_role_user { 
  grant select on demo_cds_auth_user
    where
      uname ?= aspect user; }

6) 依照当下用户的权杖控制示范

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_USR'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_user
  as select from
    abdocmode
    {
      key uname,
      key langu,
          flag
    };  

DCL:

@MappingRole: true
define role demo_cds_role_user { 
  grant select on demo_cds_auth_user
    where
      uname ?= aspect user; }

2. 基于PFCG权限创设一个粗略的例证

复制以下代码,创造我们团结的CDS视图:

@AbapCatalog.sqlViewName: 'ZDEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'Demo access pfcg'
define view Zdemo_Access_Pfcg as select from scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };   

3,现在,倘若在HANA
Studio中开辟数据预览,大家将可以观望负有记录。访问控制最近还不设有。

万博manbetx客户端 1

2,在SU21创制大家自己的自定义权限对象:

万博manbetx客户端 2

对此每个对象定义权限字段和活动字段,出席允许活动“03
显示”。在本示例中,我们要在ZS_CONNID中添加字段CARRID和CONNID。

万博manbetx客户端 3

万博manbetx客户端 4

3,为ZS_CARRID创制数量控制。

@MappingRole: true
define role zdemo_access_pfcg {
  grant select on Zdemo_Access_Pfcg
  where (carrid) =
  aspect pfcg_auth (zs_carrid, carrid, actvt='03'); }

4,在PFCG中开创一个新的角色,在这边充足刚刚创造的权杖对象,定义用户应当看到的依照选拔字段的数额。不要遗忘生成配置。为我们的用户分配角色。

在首先个示范中,我们只利用ZS_CARRID。在篇章的末尾,大家会用到此外的对象。

万博manbetx客户端 5

万博manbetx客户端 6

5,回到HANA Studio来测试权限。打开我们的CDS视图的多寡预览:

万博manbetx客户端 7

当今我们只看到了概念好的航空公司(CARRID)字段的记录。

注意:

  1. 假设在ABAP字典(SE11)中开辟视图,结果会是任何数额记录。
  2. 即使在DDL中修改讲明为如下内容,并激活CDS视图,我们将可以再度在多少预览中来看任何数额。这意味着检查已经倒闭。

    @AccessControl.authorizationCheck: #NOT_ALLOWED

结论:在一个从数据库表中查询数据的简短例子中,我们来看了访问控制是哪些做事的。下边讲讲CDS分析视图。

2. 依据PFCG权限创造一个概括的例子

复制以下代码,创制大家温馨的CDS视图:

@AbapCatalog.sqlViewName: 'ZDEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'Demo access pfcg'
define view Zdemo_Access_Pfcg as select from scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };   

3,现在,假若在HANA
Studio中打开数据预览,我们将得以见到享有记录。访问控制目前还不存在。

万博manbetx客户端 8

2,在SU21创制我们团结一心的自定义权限对象:

万博manbetx客户端 9

对于每个对象定义权限字段和活动字段,参与允许活动“03
显示”。在本示例中,咱们要在ZS_CONNID中添加字段CARRID和CONNID。

万博manbetx客户端 10

万博manbetx客户端 11

3,为ZS_CARRID创建数量控制。

@MappingRole: true
define role zdemo_access_pfcg {
  grant select on Zdemo_Access_Pfcg
  where (carrid) =
  aspect pfcg_auth (zs_carrid, carrid, actvt='03'); }

4,在PFCG中开创一个新的角色,在此地充分刚刚创建的权柄对象,定义用户应当看到的基于选取字段的多寡。不要遗忘生成配置。为咱们的用户分配角色。

在首先个示范中,大家只使用ZS_CARRID。在著作的末尾,大家会用到另外的对象。

万博manbetx客户端 12

万博manbetx客户端 13

5,回到HANA Studio来测试权限。打开我们的CDS视图的数量预览:

万博manbetx客户端 14

今昔大家只见到了定义好的航空公司(CARRID)字段的笔录。

注意:

  1. 假如在ABAP字典(SE11)中开辟视图,结果会是成套数量记录。
  2. 假如在DDL中修改表明为如下内容,并激活CDS视图,大家将能够另行在数据预览中看看任何数据。这意味检查已经倒闭。

    @AccessControl.authorizationCheck: #NOT_ALLOWED

结论:在一个从数据库表中查询数据的简易例子中,我们看来了访问控制是何许做事的。上边讲讲CDS分析视图。

3. 富含CUBE数据类其余CDS分析视图

1,通过复制已有些内容成立我们友好的CDS视图。那是一个含有CUBE数据分类的CDS视图(译注:代码框出了点问题,我们集合看下..):

 

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

2,在访问控制中展开定义:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
    where ( Airline ) = 
    aspect pfcg_auth (  ZS_CARRID,
                        CARRID,
                        actvt = '03' );

}

3,在著作的第2有的,我们在权力对象中添加了ZS_CARRID。在HANA
Studio的数额预览中反省结果。行数是530.万博manbetx客户端 15

 

4,在作业代码RSRT中检查结果,行数也是530。结果一律。

5,在BO Analysis for
Excel中反省结果。结果是同样的,对用户而言,唯有选中的飞行企业可以被访问。

 万博manbetx客户端 16

注意:没有AF航空集团的政工数据,这是地方的屏幕未呈现相关数据的缘由。

3. 分包CUBE数据类此外CDS分析视图

1,通过复制已有的内容创制我们团结一心的CDS视图。这是一个包含CUBE数据分类的CDS视图(译注:代码框出了点问题,我们联谊看下..):

 

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

2,在访问控制中开展定义:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
    where ( Airline ) = 
    aspect pfcg_auth (  ZS_CARRID,
                        CARRID,
                        actvt = '03' );

}

3,在篇章的第2有的,大家在权力对象中添加了ZS_CARRID。在HANA
Studio的数量预览中检查结果。行数是530.万博manbetx客户端 17

 

4,在事情代码RSRT中反省结果,行数也是530。结果同样。

5,在BO Analysis for
Excel中检查结果。结果是同一的,对用户而言,只有选中的航空集团可以被访问。

 万博manbetx客户端 18

注意:没有AF航空公司的事务数据,这是地点的屏幕未出示相关数据的来头。

4. CDS分析查询视图的访问控制。

1,在第3片段的CUBE CDS中创制一个分析查询视图。

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

 

2,在HANA
Studio中举行数量预览,行数如故4894。看起来CDS分析查询没有使用到Cube
CDS视图权限,可是事实并非如此。你并不需要为分析查询CDS视图创设额外的访问控制。

3,在Excel中反省RSRT或者BO分析的结果。结果讲明Cube
CDS视图的权限在条分缕析查询中起到了效益。

万博manbetx客户端 19

注意:在条分缕析查询定义中不需要创制任何变量,就像我们在富含权限的BEx查询中那么。

4,修改Cube CDS视图,添加权限对象ZS_CONNID而非ZS_CARRID

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( FlightConnection) = aspect pfcg_auth (  ZS_CONNID,
                                                     CONNID,
                                                     actvt = '03' );

}

浅析查询结果变得严苛了(在第2片段的第4步可以见到ZS_CONNID的定义).

现在结果的行数是212.

万博manbetx客户端 20

4. CDS分析查询视图的访问控制。

1,在第3部分的CUBE CDS中创制一个剖析查询视图。

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

 

2,在HANA
Studio中开展数据预览,行数仍然4894。看起来CDS分析查询没有利用到Cube
CDS视图权限,不过实际并非如此。你并不需要为分析查询CDS视图创设额外的访问控制。

3,在Excel中反省RSRT或者BO分析的结果。结果阐明Cube
CDS视图的权力在分析查询中起到了功用。

万博manbetx客户端 21

小心:在分析查询定义中不需要创设任何变量,就像我们在含有权限的BEx查询中那么。

4,修改Cube CDS视图,添加权限对象ZS_CONNID而非ZS_CARRID

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( FlightConnection) = aspect pfcg_auth (  ZS_CONNID,
                                                     CONNID,
                                                     actvt = '03' );

}

剖析查询结果变得严俊了(在第2有些的第4步可以观望ZS_CONNID的定义).

现在结果的行数是212.

万博manbetx客户端 22

5. 权力的并集(UNION)和混合(INTERSECTION)

1,通过“AND”取权限的良莠不齐。那里定义了一个新的权杖“ZS_FLDAT”,它只含有3天的限制(2015.02.04

  • 2015.02.06)。修改DCL,扩充混合:

    @EndUserText.label: ‘Role for Z05_I_FLIGHTBYAIRPORT’
    @MappingRole: true
    define role Z05_ROLE {

      grant select on Z05_I_FlightByAirport
       where ( Airline) = 
              aspect pfcg_auth (  ZS_CARRID,
                                  CARRID,
                                  actvt = '03' ) AND
             (FlightDate ) = 
              aspect pfcg_auth (  ZS_FLDAT,
                                  FLTDATE,
                                  actvt = '03' );
    

    }

万博manbetx客户端 23

2,通过“OR”取并集:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline) = 
            aspect pfcg_auth (  ZS_CARRID,
                                CARRID,
                                actvt = '03' ) OR
           ( FlightDate ) = 
            aspect pfcg_auth (  ZS_FLDAT,
                                FLTDATE,
                                actvt = '03' );

}

万博manbetx客户端 24

 3,即便在一个权力对象中添加这五个字段,这结果就仿佛于交集:

万博manbetx客户端 25

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline, FlightDate) = 
            aspect pfcg_auth (  ZS_NEW,
                                CARRID,
                                FLTDATE,
                                actvt = '03' );

万博manbetx客户端 26

注意:决不忘记在Cube
CDS视图的层级定义权限,而非分析视图层级。
若果你在分析查询层级定义了和第5有的均等的权柄,那么:

  • 在SAP HANA Studio的数目预览中,结果看起来是对的。
  • 在RSRT, BO Analysis for
    Excel和其余使用了OLAP引擎的工具中,使用的是Cube
    CDS视图的权柄(如有定义)。

注意:在HANA
Studio的数量预览中,分析查询的结果会所有显得。为了纠正这一点,可以给分析查询创造以下访问控制:

@MappingRole: true
define role Z05_ROLE_2 {
  grant select on Z05_C_FlightByAirportQuery 
               inherit Z05_ROLE; }

敲定:你可以为CDS分析视图定义权限的鱼龙混杂或者并集。

 

正文停止,感谢关心!

 

英文原文:ABAP CDS views with Authorization based on Access
Control

 

5. 权力的并集(UNION)和交集(INTERSECTION)

1,通过“AND”取权限的鱼龙混杂。这里定义了一个新的权限“ZS_FLDAT”,它只包含3天的限制(2015.02.04

  • 2015.02.06)。修改DCL,扩张混合:

    @EndUserText.label: ‘Role for Z05_I_FLIGHTBYAIRPORT’
    @MappingRole: true
    define role Z05_ROLE {

      grant select on Z05_I_FlightByAirport
       where ( Airline) = 
              aspect pfcg_auth (  ZS_CARRID,
                                  CARRID,
                                  actvt = '03' ) AND
             (FlightDate ) = 
              aspect pfcg_auth (  ZS_FLDAT,
                                  FLTDATE,
                                  actvt = '03' );
    

    }

万博manbetx客户端 27

2,通过“OR”取并集:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline) = 
            aspect pfcg_auth (  ZS_CARRID,
                                CARRID,
                                actvt = '03' ) OR
           ( FlightDate ) = 
            aspect pfcg_auth (  ZS_FLDAT,
                                FLTDATE,
                                actvt = '03' );

}

万博manbetx客户端 28

 3,假如在一个权力对象中添加这多少个字段,那结果就象是于交集:

万博manbetx客户端 29

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline, FlightDate) = 
            aspect pfcg_auth (  ZS_NEW,
                                CARRID,
                                FLTDATE,
                                actvt = '03' );

万博manbetx客户端 30

注意:毫不遗忘在Cube
CDS视图的层级定义权限,而非分析视图层级。
只要你在条分缕析查询层级定义了和第5有些同等的权力,那么:

  • 在SAP HANA Studio的数量预览中,结果看起来是对的。
  • 在RSRT, BO Analysis for
    Excel和其余使用了OLAP引擎的工具中,使用的是Cube
    CDS视图的权力(如有定义)。

注意:在HANA
Studio的数量预览中,分析查询的结果会全部显得。为了纠正这点,可以给分析查询成立以下访问控制:

@MappingRole: true
define role Z05_ROLE_2 {
  grant select on Z05_C_FlightByAirportQuery 
               inherit Z05_ROLE; }

结论:你可以为CDS分析视图定义权限的鱼龙混杂或者并集。

 

本文截至,感谢关注!

 

英文原稿:ABAP CDS views with Authorization based on Access
Control