ABAP Keyword Documentation → ABAP Dictionary → ABAP CDS in ABAP Dictionary → ABAP CDS - Authorizations → ABAP CDS - DCL Statements → ABAP CDS - DEFINE ACCESSPOLICY
This functionality is not yet released and must not be used
ABAP CDS - DEFINE ASPECT
Other versions:
7.31 | 7.40 | 7.54
Syntax
[DEFINE] ASPECT aspect_name AS
SELECT FROM cds_entity { field_element }
[WHERE $user IN path_to_login_name];
Effect
Defines an aspect aspect_name in the definition of an access policy in the data control language DCL in ABAP CDS. An aspect on the right side can be compared with an attribute represented by a path expression on the left side when a role is defined in a condition for assignment roles.
An aspect defines user-specific values based on the CDS data model. These values can be checked when a CDS entity associated with an assignment role is accessed. The actual values are defined when an assignment role is assigned to a user by the user administrator. Here, the SELECT statement is used to generate a default value for the statement DEFINE ASPECT. To do this, the SELECT statement reads a CDS field field_element from a suitable CDS entity cds_entity. An optional path from the current user to the attribute on the left side of the WHERE clause of the role definition can be specified. Here, a WHERE condition associated a predefined language element $user with a suitable path path_to_login_name, specified in DDL syntax.
Notes
- The statement DEFINE ASPECT can only be specified in the curly brackets of the statement DEFINE ACCESSPOLICY.
- The CDS entity specified in the definition of an aspect is not usually the entity specified in the definition of the role.
- The SELECT statement of the statement DEFINE ASPECT is executed only when a role is assigned to a user with the aim of creating a default value. It is feasible that the statement is executed in every authorization check, but this is not currently planned.
- Aspects and access policies are not currently implemented, since there is no tool available for assigning assignment roles.
Example
The following aspect is based on the ID of a sales organization to which a user belongs. In its WHERE clause, the aspect uses the path from a user to the association toemployee, to the association tostaffing, and to the name of the sales organization of the user. When an assignment role that uses this aspect is assigned by the user administrator, the name of this sales organization is proposed (which can be overridden if necessary).
@EndUserText.label: 'Employee Orgunit'
ASPECT employee_orgunit as
SELECT FROM sacm_cds_snwd_depts { org_unit_name }
WHERE $user IN tostaffing.toemployee.login_name;