ABAP Keyword Documentation →  ABAP - Dictionary →  ABAP CDS in ABAP Dictionary →  ABAP CDS - Access Control →  ABAP CDS - DCL Statements →  ABAP CDS - DEFINE ROLE →  ABAP CDS - DEFINE ROLE, condition 

ABAP CDS - DEFINE ROLE, user_condition

Other versions: 7.31 | 7.40 | 7.54

Syntax

... element =|<>|?= ASPECT user ...

Effect

User condition as part of an access condition cond_expr in an access rule of the statement DEFINE ROLE in CDS DCL. In a user condition, the predefined aspect user is specified on the right side introduced with ASPECT.

The left side is compared with the user name of the user currently logged on to AS ABAP by using one of the three operators =, <>, ?=, as in a literal condition.

Notes

• User conditions can be combined within an access rule using literal conditions and PFCG conditions, and inheritance conditions.

• A user condition acts like a comparison with the session variable $session.user in the CDS DDL. It is not currently possible to use session variables on the right side of conditions in DCL.

Example

The following CDS view contains an element uname, which contains a user name:

@AbapCatalog.sqlViewName: 'DEMO_CDS_USR'
@AccessControl.authorizationCheck: #CHECK
define view demo_cds_auth_user
  as select from
    abdocmode
    {
      key uname,
      key langu,
          flag
    };  

The following role can be defined for the view:

@MappingRole: true
define role demo_cds_role_user {  
  grant select on demo_cds_auth_user
    where
      uname ?= aspect user; }

The role grants a user AS ABAP access to his or her own entries in the database table ABDOCMODE, as well as to entries in which the UNAME column is initial or contains a null value.