ABAP Keyword Documentation →  ABAP - Dictionary →  ABAP CDS in ABAP Dictionary →  ABAP CDS - Access Control →  ABAP CDS - DCL Statements →  ABAP CDS - DEFINE ROLE →  ABAP CDS - DEFINE ROLE, access_rules 

ABAP CDS - DEFINE ROLE, grant_rule

Other versions: 7.31 | 7.40 | 7.54

Syntax

GRANT SELECT ON cds_entity [REDEFINITION];

Effect

Full access rule in the statement DEFINE ROLE in CDS DCL. A full access rule GRANT SELECT ON without the addition WHERE provides access to a CDS entity cds_entity without conditions. If cds_entity is specified, the same applies as for a conditional access rule.

The addition REDEFINITION prevents further REDEFINITION rules from being created for the same CDS entity and making the activation fail.

Notes

• For a CDS entity, a full access rule has the same effect as when there is no role for the CDS entity or when CDS access control is forbidden for this CDS entity by using the annotation @AccessControl.authorizationCheck:#NOT_ALLOWED or by using the annotation WITH PRIVILEGED ACCESS in the FROM clause of an ABAP SQL query when the entity is accessed.

• SAP does not as a rule supply any CDS roles with full access rules. Partners and customers can use full access rules to override roles supplied by SAP.

• The addition REDEFINITION is ignored by the authorization (a full access rule overwrites any COMBINATION MODE AND rules too).

Example

The following CDS role dictates that all users can access the CDS view DEMO_CDS_AUTH_FULLACCESS without access conditions:

@MappingRole: true
define role demo_cds_role_fullaccess {
  grant select on demo_cds_auth_fullaccess; }