2

In "classic" ABAP authority checks, you would sometimes loop over a result list. If for at least one item the check fails, you'd notify the user about this and show only the items he's entitled to. My question is: How would you do this in CDS using the pfcg_auth aspect? For example:

define role my_role {
  grant select 
    on vbak
  where ( vkorg ) = aspect pfcg_auth ( v_vbak_vko, vkorg, actvt = '03' );
}

How would you tell that the selection found say 50 sales orders but the user is only authorized to display 40 of them?

Suncatcher
  • 10,355
  • 10
  • 52
  • 90
Matthias
  • 21
  • 4
  • In the rare cases where you really need this information, I guess you may create an API which runs under a Service User who is authorized to all data, a `SELECT COUNT(*)` would return the information you want. – Sandra Rossi Nov 24 '20 at 17:23

1 Answers1

3

For CDS view select, there is a syntax that you can select bypassing the DCL WITH PRIVILEGED ACCESS

You can select count(*) for the data in the database WITH PRIVILEGED ACCESS. if the numbers do not equal, you can raise the message.

Haojie
  • 5,665
  • 1
  • 15
  • 14
  • this syntax was released in 752? – Suncatcher Nov 25 '20 at 14:51
  • Thanks a lot, this looks great. The only downside here - if I got it right - is that I have to hit the view twice with the selection, am I correct? – Matthias Nov 25 '20 at 18:18
  • Regarding the syntax, check the linked document. @Suncatcher – Haojie Nov 26 '20 at 06:02
  • @Matthias yes. you need to hit the view twice. that's the only way. I mean this is what you needed which comes with consequences for performance if you have a large view. – Haojie Nov 26 '20 at 06:03