CDS视图中国和非洲常主要的一派,在那篇小说中

Hi!

Hi!

对每叁个CDS视图,大家都得以透过DCL(Data Control
Language)定义访问调控。在这篇文章中,笔者会介绍ABAP
CDS视图中万分关键的另1方面:权限管理。

对每3个CDS视图,大家都得以由此DCL(Data Control
Language)定义访问调控。在那篇小说中,小编会介绍ABAP
CDS视图中非凡主要的1方面:权限管理。

正文的阐释基于本人正在使用的S4/HANA 1陆10 on NW 7.5一.

正文的阐发基于本人正在采用的S4/HANA 1陆10 on NW 7.5一.

剧情分为多个部分:

剧情分为七个部分:

  1. 正式示例的访问调节。
  2. 基于PFCG权限创立二个大约的例证。
  3. 带有CUBE数据类别的CDS分析视图。
  4. CDS分析查询视图的访问调控。
  5. 权力对象的并集(UNION)恐怕夹杂(INTE哈弗SECTION)。
  1. 行业内部示例的访问调整。
  2. 听说PFCG权限制造3个简练的例证。
  3. 含蓄CUBE数据类别的CDS分析视图。
  4. CDS分析查询视图的访问调节。
  5. 权限对象的并集(UNION)只怕夹杂(INTE奇骏SECTION)。

 

 

本文链接:http://www.cnblogs.com/hhelibeb/p/7427753.html

正文链接:http://www.cnblogs.com/hhelibeb/p/7427753.html

一. 正经示例的访问调整例子

1. 标准示例的访问调节例子

一) 全访问示例(Full access

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_FULLACC'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_fullaccess
  as select from
    scarr
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

 DCL:

@MappingRole: true
define role demo_cds_role_fullaccess {
  grant select on demo_cds_auth_fullaccess; }

一) 全访问示例(Full access

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_FULLACC'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_fullaccess
  as select from
    scarr
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

 DCL:

@MappingRole: true
define role demo_cds_role_fullaccess {
  grant select on demo_cds_auth_fullaccess; }

贰) 字面条件示例(Literal conditions

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITERAL'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_literal
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };

DCL:

@MappingRole: true
define role demo_cds_role_literal {
  grant select on demo_cds_auth_literal
  where carrid = 'LH'; }

2) 字面条件示例(Literal conditions

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITERAL'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_literal
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };

DCL:

@MappingRole: true
define role demo_cds_role_literal {
  grant select on demo_cds_auth_literal
  where carrid = 'LH'; }

叁) PFCG权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 }; 

DCL:

@MappingRole: true
define role demo_cds_role_pfcg {
  grant select on demo_cds_auth_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03'); }

 权限对象s_carrid能够在业务代码SU21中的BC_C object类下查到。

三) PFCG权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 }; 

DCL:

@MappingRole: true
define role demo_cds_role_pfcg {
  grant select on demo_cds_auth_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03'); }

 权限对象s_carrid能够在作业代码SU21中的BC_C object类下查到。

肆) 字面条件和PFCG权限结合示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITPFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_lit_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };    

DCL:

@MappingRole: true
define role demo_cds_role_lit_pfcg {
  grant select on demo_cds_auth_lit_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03') and
         currcode = 'EUR'; }

四) 字面条件和PFCG权限结合示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_LITPFCG'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_lit_pfcg
 as select from
 scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };    

DCL:

@MappingRole: true
define role demo_cds_role_lit_pfcg {
  grant select on demo_cds_auth_lit_pfcg
  where (carrid) =
  aspect pfcg_auth (s_carrid, carrid, actvt='03') and
         currcode = 'EUR'; }

5) 传承权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_INH'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_inherited
  as select from
    demo_cds_auth_lit_pfcg
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

DCL:

@MappingRole: true
define role demo_cds_role_inherited {
  grant select on demo_cds_auth_inherited
               inherit demo_cds_role_lit_pfcg or currcode = 'USD'; }

在那么些例子会显示USD和EULacrosse类型货币的记录。

伍) 承接权限示例

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_INH'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_inherited
  as select from
    demo_cds_auth_lit_pfcg
    {
      key carrid,
          carrname,
          currcode,
          url
    };  

DCL:

@MappingRole: true
define role demo_cds_role_inherited {
  grant select on demo_cds_auth_inherited
               inherit demo_cds_role_lit_pfcg or currcode = 'USD'; }

在这一个事例会显示USD和EU奥迪Q5类型货币的记录。

陆) 依据目前用户的权位调节示范

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_USR'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_user
  as select from
    abdocmode
    {
      key uname,
      key langu,
          flag
    };  

DCL:

@MappingRole: true
define role demo_cds_role_user { 
  grant select on demo_cds_auth_user
    where
      uname ?= aspect user; }

6) 依照当下用户的权力决定示范

DDL:

@AbapCatalog.sqlViewName: 'DEMO_CDS_USR'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_user
  as select from
    abdocmode
    {
      key uname,
      key langu,
          flag
    };  

DCL:

@MappingRole: true
define role demo_cds_role_user { 
  grant select on demo_cds_auth_user
    where
      uname ?= aspect user; }

二. 依据PFCG权限创立1个简练的事例

复制以下代码,创设大家友好的CDS视图:

@AbapCatalog.sqlViewName: 'ZDEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'Demo access pfcg'
define view Zdemo_Access_Pfcg as select from scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };   

3,现在,若是在HANA
Studio中展开数据预览,大家将得以看看全体记录。访问调整方今还不设有。

图片 1

2,在SU二1创办大家温馨的自定义权限对象:

图片 2

对此每一个对象定义权限字段和活动字段,加入允许活动“0三展现”。在本示例中,我们要在ZS_CONNID中增多字段CACRUISER本田UR-VID和CONNID。

图片 3

图片 4

3,为ZS_CAQashqai奥德赛ID成立数量调控。

@MappingRole: true
define role zdemo_access_pfcg {
  grant select on Zdemo_Access_Pfcg
  where (carrid) =
  aspect pfcg_auth (zs_carrid, carrid, actvt='03'); }

4,在PFCG中开创一个新的角色,在此地丰硕刚刚创造的权能对象,定义用户应当看到的根据选用字段的数目。不要忘记生成配置。为大家的用户分配剧中人物。

在第叁个示范中,我们只使用ZS_CA卡宴哈弗ID。在篇章的末端,大家会用到其他的对象。

图片 5

图片 6

5,回到HANA Studio来测试权限。打开大家的CDS视图的数量预览:

图片 7

今后我们只看到了概念好的宇宙航行公司(CA汉兰达奥迪Q7ID)字段的记录。

注意:

  1. 假定在ABAP字典(SE11)中开采视图,结果会是1体数量记录。
  2. 万一在DDL中期维修改表明为如下内容,并激活CDS视图,我们将能够重复在数码预览中见到整个数目。这象征检查已经关门。

    @AccessControl.authorizationCheck: #NOT_ALLOWED

结论:在三个从数据库表中查询数据的简约例子中,大家看出了访问调整是如何行事的。上面讲讲CDS分析视图。

二. 依据PFCG权限制造三个差不多的例子

复制以下代码,成立大家温馨的CDS视图:

@AbapCatalog.sqlViewName: 'ZDEMO_CDS_PFCG'
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'Demo access pfcg'
define view Zdemo_Access_Pfcg as select from scarr
 {
 key carrid,
 carrname,
 currcode,
 url
 };   

3,未来,假设在HANA
Studio中展开数据预览,大家将得以看出富有记录。访问调节最近还不存在。

图片 8

2,在SU二一创办我们同生共死的自定义权限对象:

图片 9

对于各样对象定义权限字段和平运动动字段,加入允许活动“0三显示”。在本示例中,我们要在ZS_CONNID中增加字段CA宝马X3RAV4ID和CONNID。

图片 10

图片 11

3,为ZS_CALX570帕杰罗ID创立数量调控。

@MappingRole: true
define role zdemo_access_pfcg {
  grant select on Zdemo_Access_Pfcg
  where (carrid) =
  aspect pfcg_auth (zs_carrid, carrid, actvt='03'); }

四,在PFCG中创建1个新的剧中人物,在那边丰盛刚刚创造的权杖对象,定义用户应当看到的依照选用字段的数量。不要遗忘生成配置。为大家的用户分配角色。

在第贰个示范中,大家只使用ZS_CA奥迪Q五CRUISERID。在作品的背后,大家会用到其余的对象。

图片 12

图片 13

5,回到HANA Studio来测试权限。展开大家的CDS视图的数据预览:

图片 14

前日大家只看到了概念好的航空集团(CA瑞虎奥迪Q5ID)字段的记录。

注意:

  1. 设若在ABAP字典(SE11)中开辟视图,结果会是漫天数码记录。
  2. 如果在DDL中期维修改评释为如下内容,并激活CDS视图,咱们将能够再度在数量预览中来看全部数额。那表示检查已经关闭。

    @AccessControl.authorizationCheck: #NOT_ALLOWED

结论:在一个从数据库表中查询数据的简要例子中,大家看到了访问调整是咋办事的。上面讲讲CDS分析视图。

三. 带有CUBE数据类其他CDS分析视图

一,通过复制已部分内容创造大家同心协力的CDS视图。那是二个暗含CUBE数据分类的CDS视图(译注:代码框出了点难题,大家联谊看下..):

 

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

二,在访问调节中实行定义:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
    where ( Airline ) = 
    aspect pfcg_auth (  ZS_CARRID,
                        CARRID,
                        actvt = '03' );

}

叁,在篇章的第1部分,我们在权力对象中增加了ZS_CA福睿斯普拉多ID。在HANA
Studio的多寡预览中反省结果。行数是530.图片 15

 

四,在工作代码福睿斯SRT中反省结果,行数也是530。结果1致。

5,在BO Analysis for
Excel中反省结果。结果是如出壹辙的,对用户来讲,唯有选中的飞行集团得以被访问。

 图片 16

注意:没有AF飞行公司的事体数据,那是地点的显示器未展现相关数据的原因。

③. 带有CUBE数据类别的CDS分析视图

壹,通过复制已有的内容创造大家协调的CDS视图。那是四个富含CUBE数据分类的CDS视图(译注:代码框出了点难点,大家联谊看下..):

 

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

贰,在访问调控中张开定义:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
    where ( Airline ) = 
    aspect pfcg_auth (  ZS_CARRID,
                        CARRID,
                        actvt = '03' );

}

叁,在篇章的第二部分,大家在权力对象中增加了ZS_CALX570BMWX叁ID。在HANA
Studio的多少预览中检查结果。行数是530.图片 17

 

四,在事情代码OdysseySRT中反省结果,行数也是530。结果1律。

伍,在BO Analysis for
Excel中反省结果。结果是平等的,对用户来说,唯有选中的飞行集团得以被访问。

 图片 18

注意:没有AF航空企业的事体数据,那是地点的显示器未突显相关数据的案由。

四. CDS分析查询视图的访问调控。

壹,在第1有个其他CUBE CDS中创造3个剖析查询视图。

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

 

二,在HANA
Studio中展开数据预览,行数依然48玖四。看起来CDS分析查询未有应用到Cube
CDS视图权限,不过实际并非如此。你并不须求为分析查询CDS视图创制额外的访问调控。

叁,在Excel中检查揽胜极光SRT恐怕BO分析的结果。结果注脚Cube
CDS视图的权杖在解析查询中起到了职能。

图片 19

专注:在解析查询定义中不必要创制任何变量,就像是大家在含蓄权限的BEx查询中那么。

四,修改Cube CDS视图,加多权限对象ZS_CONNID而非ZS_CARRID

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( FlightConnection) = aspect pfcg_auth (  ZS_CONNID,
                                                     CONNID,
                                                     actvt = '03' );

}

解析查询结果变得严俊了(在第二部分的第6步能够见见ZS_CONNID的定义).

今昔结果的行数是21二.

图片 20

4. CDS分析查询视图的访问调节。

一,在第二局地的CUBE CDS中成立三个解析查询视图。

@AbapCatalog.sqlViewName: 'Z05_CFLIGHTAQ'                       // Name of the CDS database view in the ABAP Repository
@AccessControl.authorizationCheck: #CHECK              // CDS authorizations, controls the authorization check. In S4H410 not required
@EndUserText.label: 'Available Flights'                         // Translatable short text. Max 60characters. Text label is exposed to Analytica tools and the OData service
@VDM.viewType: #CONSUMPTION                                     // This is a CONSUMPTION view
@Analytics.query: true                                          // By tagging the CDS view as an analytical query it will be exposed to the analytic manager
@OData.publish: true                                            // Generates a suitable OData service, that will use the analytical query, when the CDS entity is activated

define view Z05_C_FlightByAirportQuery as select from Z05_I_FlightByAirport     // A analytical query CDS is implemented using a query select from CDS view Z00_I_FlightByAirport
                                                                                // Take care with OData publishing the max. lenght is 26 characters
{
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column Airline
    Z05_I_FlightByAirport.Airline,                              // Use the column Airline
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightConnection
    Z05_I_FlightByAirport.FlightConnection,                     // Use the column FlightConnection
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column FlightDate
    Z05_I_FlightByAirport.FlightDate,                           // Use the column FlightDate
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false }  // Creates a mandatory filter on the values in the field AirportFrom
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportFrom
    @EndUserText.label: 'Departure Airport'                     // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo
    Z05_I_FlightByAirport.AirportFrom,                          // Use the column AirportFrom
    @Consumption.filter: {selectionType: #SINGLE, multipleSelections: false, mandatory: false } //  Creates an optional filter on the values in the field AirportTo
    @AnalyticsDetails.query.axis: #ROWS                         // Defines the default row/colums apperance for the column AirportTo
    @EndUserText.label: 'Arrival Airport'                       // Add an human readable enduser label to make sure that we can differentiate between AirportFrom and AirportTo 
    Z05_I_FlightByAirport.AirportTo,                            // Use the column AirportTo                             
    Z05_I_FlightByAirport.Currency,                             // Use the column Currency  
    Z05_I_FlightByAirport.AircraftType,                         // Use the column AircraftType
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column FlightPrice
    Z05_I_FlightByAirport.FlightPrice,                          // Use the column FlightPrice
    Z05_I_FlightByAirport.MaximumNumberOfSeats,                 // Use the column MaximumNumberOfSeats
    Z05_I_FlightByAirport.NumberOfOccupiedSeats,                // Use the column NumberOfOccupiedSeats
    @DefaultAggregation: #FORMULA                               // Important to know for formular placement is evaluation time. Inside the final query, the evaluation is done after the flightbyairport
                                                                // view aggragation, so it's not on a very detailed level or even row level, but at the aggragate level. This is important for avarages 
                                                                // as they cannot be evaluated at the detail level 
    @EndUserText.label: 'Available Seats'
    @AnalyticsDetails.query.axis: #COLUMNS                      // Defines the default row/colums apperance for the column NumberOfAvailableSeats
    Z05_I_FlightByAirport.MaximumNumberOfSeats - Z05_I_FlightByAirport.NumberOfOccupiedSeats as NumberOfAvailableSeats  // this is a formular (calculated column) 
} 

 

二,在HANA
Studio中实行数量预览,行数依然489四。看起来CDS分析查询未有采取到Cube
CDS视图权限,不过实际并非如此。你并不须要为分析查询CDS视图创设额外的访问调整。

3,在Excel中反省奥迪Q5SRT只怕BO分析的结果。结果注脚Cube
CDS视图的权柄在条分缕析查询中起到了意义。

图片 21

在意:在解析查询定义中不必要创立任何变量,仿佛我们在蕴藏权限的BEx查询中那么。

4,修改Cube CDS视图,增多权力对象ZS_CONNID而非ZS_CARRID

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( FlightConnection) = aspect pfcg_auth (  ZS_CONNID,
                                                     CONNID,
                                                     actvt = '03' );

}

浅析查询结果变得严厉了(在第1部分的第6步能够看看ZS_CONNID的定义).

前些天结果的行数是21二.

图片 22

5. 权力的并集(UNION)和混合(INTE昂科拉SECTION)

一,通过“AND”取权限的叶影参差。那里定义了2个新的权限“ZS_FLDAT”,它只含有三天的限定(2015.0贰.0肆

  • 2015.0二.0陆)。修改DCL,扩大混合:

    @EndUserText.label: ‘Role for Z05_I_FLIGHTBYAIRPORT’
    @MappingRole: true
    define role Z05_ROLE {

      grant select on Z05_I_FlightByAirport
       where ( Airline) = 
              aspect pfcg_auth (  ZS_CARRID,
                                  CARRID,
                                  actvt = '03' ) AND
             (FlightDate ) = 
              aspect pfcg_auth (  ZS_FLDAT,
                                  FLTDATE,
                                  actvt = '03' );
    

    }

图片 23

2,通过“OR”取并集:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline) = 
            aspect pfcg_auth (  ZS_CARRID,
                                CARRID,
                                actvt = '03' ) OR
           ( FlightDate ) = 
            aspect pfcg_auth (  ZS_FLDAT,
                                FLTDATE,
                                actvt = '03' );

}

图片 24

 三,假如在贰个权力对象中添加那八个字段,这结果就类似于交集:

图片 25

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline, FlightDate) = 
            aspect pfcg_auth (  ZS_NEW,
                                CARRID,
                                FLTDATE,
                                actvt = '03' );

图片 26

注意:记忆犹新在Cube
CDS视图的层级定义权限,而非分析视图层级。
比方您在条分缕析查询层级定义了和第4局地如出1辙的权杖,那么:

  • 在SAP HANA Studio的数目预览中,结果看起来是对的。
  • 在EvoqueSRT, BO Analysis for
    Excel和其余使用了OLAP引擎的工具中,使用的是Cube
    CDS视图的权柄(如有定义)。

注意:在HANA
Studio的数额预览中,分析查询的结果会全部显得。为了勘误这一点,能够给分析查询创设以下访问调控:

@MappingRole: true
define role Z05_ROLE_2 {
  grant select on Z05_C_FlightByAirportQuery 
               inherit Z05_ROLE; }

敲定:你可以为CDS分析视图定义权限的交集或然并集。

 

正文截止,感激关心!

 

英文原著:ABAP CDS views with Authorization based on Access
Control

 

五. 权力的并集(UNION)和交集(INTELacrosseSECTION)

一,通过“AND”取权限的混杂。那里定义了1个新的权力“ZS_FLDAT”,它只包涵3天的限定(201伍.0二.04

  • 20一五.02.06)。修改DCL,扩充混合:

    @EndUserText.label: ‘Role for Z05_I_FLIGHTBYAIRPORT’
    @MappingRole: true
    define role Z05_ROLE {

      grant select on Z05_I_FlightByAirport
       where ( Airline) = 
              aspect pfcg_auth (  ZS_CARRID,
                                  CARRID,
                                  actvt = '03' ) AND
             (FlightDate ) = 
              aspect pfcg_auth (  ZS_FLDAT,
                                  FLTDATE,
                                  actvt = '03' );
    

    }

图片 27

2,通过“OR”取并集:

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline) = 
            aspect pfcg_auth (  ZS_CARRID,
                                CARRID,
                                actvt = '03' ) OR
           ( FlightDate ) = 
            aspect pfcg_auth (  ZS_FLDAT,
                                FLTDATE,
                                actvt = '03' );

}

图片 28

 叁,假若在三个权力对象中加多那三个字段,那结果就恍如于交集:

图片 29

@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
    grant select on Z05_I_FlightByAirport
     where ( Airline, FlightDate) = 
            aspect pfcg_auth (  ZS_NEW,
                                CARRID,
                                FLTDATE,
                                actvt = '03' );

图片 30

注意:毫不忘记在Cube
CDS视图的层级定义权限,而非分析视图层级。
倘诺您在解析查询层级定义了和第四有的平等的权柄,那么:

  • 在SAP HANA Studio的数目预览中,结果看起来是对的。
  • 在奥迪Q5SRT, BO Analysis for
    Excel和任何使用了OLAP引擎的工具中,使用的是Cube
    CDS视图的权能(如有定义)。

注意:在HANA
Studio的数额预览中,分析查询的结果聚会场全数呈现。为了改进这一点,能够给分析查询成立以下访问控制:

@MappingRole: true
define role Z05_ROLE_2 {
  grant select on Z05_C_FlightByAirportQuery 
               inherit Z05_ROLE; }

结论:你可感到CDS分析视图定义权限的混杂或然并集。

 

本文甘休,谢谢关切!

 

英文原著:ABAP CDS views with Authorization based on Access
Control

 

相关文章