ABAP Keyword Documentation → ABAP - Dictionary → ABAP CDS in ABAP Dictionary → ABAP CDS - Access Control → ABAP CDS - DCL Statements → ABAP CDS - DEFINE ROLE → ABAP CDS - DEFINE ROLE, condition
ABAP CDS - DEFINE ROLE, literal_condition
Other versions:
7.31 | 7.40 | 7.54
Syntax
... { element
operator [']value['] } ...
| { element [NOT] BETWEEN [']value1['] AND [']value2['] }
| { element [NOT] LIKE 'value' [ESCAPE 'esc'] }
| { element IS [NOT] NULL } ...
Effect
Literal condition as part of an access condition cond_expr in an access rule of the statement DEFINE ROLE in CDS DCL. A literal condition can be one of the following relational expressions for an element element of the CDS entity for which the access condition is defined.
- Comparison with a literal value value using a logical operator operator.
- Check using [NOT] BETWEEN to verify whether the value on the left side is (or is not) within the interval limits specified by two literal values value1 and value2.
- Check using [NOT] LIKE to verify whether a string on the left side matches (or does not match) the pattern on the right side. The percent sign (%) can be used as a placeholder for any string and the underscore character (_) for any single character. The addition ESCAPE can be used to define a single character escape character 'esc’ in quotation marks for the placeholders.
- Check using IS [NOT] NULL to verify whether the left side is (or is not) the null value.
The element element can be specified directly or by using a path expression path_expr and must have one of the valid data types. A numeric literal value can be specified in quotation marks but this is not mandatory. A character-like literal value must be specified in quotation marks. In a multivalue path expression, it is sufficient for the condition to be true for just one of the values.
When a literal condition is evaluated by CDS access control, only those rows are selected in which the content of the CDS element element meets the condition.
Notes
- Within the definition of an access rule, literal conditions can be used together with PFCG conditions, user conditions, inheritance conditions, or as individual conditions.
- The character # is recommended as the escape character esc for the operator LIKE.
Example
The following CDS role defines an access condition for the CDS view demo_cds_auth_literal. A single literal condition is specified for the element carrid in the CDS view.
define role demo_cds_role_literal {
grant select on demo_cds_auth_literal
where carrid = 'LH'; }
The CDS view is as follows:
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_literal
as select from
scarr
{
key carrid,
carrname,
currcode,
url
};
The program DEMO_CDS_AUTH_LITERAL uses SELECT to access the view. CDS access control selects only that data that matches the literal condition. This means that a maximum of one row is selected regardless of any other conditions in the view.