Get Example source ABAP code based on a different SAP table
• ESCAPE ABAP_CDS_DCL_OPERATOR • LIKE ABAP_CDS_DCL_OPERATOR • IS NULL ABAP_CDS_DCL_OPERATOR • BETWEEN ABAP_CDS_DCL_OPERATOR • NOT ABAP_CDS_DCL_OPERATOR • ALL ABAP_CDS_DCL_OPERATOR • EXISTS ABAP_CDS_DCL_OPERATOR • BYPASS WHEN ABAP_CDS_DCL_OPERATOR
ABAP_CDS_DCL - DEFINE ROLE, literal_condition
ABAP_SYNTAX ... $[ALL$|EXISTS$] ${ ${ element $[BYPASS WHEN bypass_condition$] operator $['$]value$['$] $} ... $| ${ element $[BYPASS WHEN bypass_condition$] $[NOT$] BETWEEN $['$]value1$['$] AND $['$]value2$['$] $} $| ${ element $[BYPASS WHEN bypass_condition$] $[NOT$] LIKE 'value' $[ESCAPE 'esc'$] $} $| ${ element $[BYPASS WHEN bypass_condition$] IS $[NOT$] NULL $} $| ${ element $[BYPASS WHEN bypass_condition$] IS $[NOT$] INITIAL $} $} ...
ABAP Addition 1 ... ALL 2 ... EXISTS 3 ... BYPASS WHEN ...
What does it do? Literal condition as part of an access condition cds_cond in an access rule of the statement DEFINE ROLE in CDS DCL. A literal condition can be one of the following relational expressions for an element element of the CDS entity for which the access condition is defined.
Comparison with a literal value value using a logical operator operator.
Check using $[NOT$] BETWEEN to verify whether the value on the left side is (or is not) within the interval limits specified by two literal values value1 and value2.
Check using $[NOT$] LIKE to verify whether a string on the left side matches (or does not match) the pattern on the right side. The percent sign (%) can be used as a placeholder for any string and the underscore character (_) for any single character. The addition ESCAPE can be used to define a single character escape character 'esc' in quotation marks for the placeholders.
Check using IS $[NOT$] NULL to verify whether the left side is (or is not) the null value.
IS $[NOT$] INITIAL, check to verify whether the value of the left side matches (does not match) the initial value of the ABAP data type of the element.
When element is declared as optional and does not exist at runtime, the effect of the condition matches the DEFAULT value of the element (logical true or false). To avoid that a safe default of FALSE is flipped to TRUE accidentally, the use of an element marked as optional inside of a NOT operator leads to an error. The element element can be specified directly or by using a path expression path_expr and must have one of the valid data types. A numeric literal value can be specified in quotation marks but this is not mandatory. A character-like literal value must be specified in quotation marks. In a set-valued path expression, it is sufficient for the condition to be true for just one of the values. When a literal condition is evaluated by CDS access control, only those rows are selected in which the content of the CDS element element meets the condition.
Latest notes:
Within the definition of an access rule, literal conditions can be used together with PFCG conditions, user conditions, inheritance conditions, or as individual conditions.
The character # is recommended as the escape character esc for the operator LIKE.
For element, some variants of this condition type support the function CONTEXT_NODE_VALUES. This function is reserved for use by SAP. BEGIN_SECTION SAP_ONLY See access_control_context . END_SECTION SAP_ONLY NON_V5_HINTS ABAP_HINT_END
ABAP Addition When element contains at least one set-valued association, the basic form of the condition will allow access when it is fulfilled for any of the resulting values. For example, when the values are A, B and C, the condition element = 'B' will give access. When access is only granted when the condition is fulfilled for all values, this can be specified by the ALL quantifier. In the example above, ALL element = 'B' will not give access due to the existence of A and C. However, ALL element < 'D' will give access.
Latest notes:
The ALL quantifier results in an additional EXISTS statement on the database, formulated on the protected entity. It cannot be guaranteed that the database optimizer recognizes this constellation properly as self-join. The performance of the database selection can therefore be impacted.
The quantifier ALL can be applied to a condition regardless of whether element contains a set-valued association at all. However, it will then not have an effect but lead to the potential performance degradation when applied unnecessarily.
An association with an empty result set is handled in the same way as a single result with a null value. NON_V5_HINTS ABAP_HINT_END
ABAP Addition The basic form of the statement already implements EXISTS like semantics, however, it provides a coupling of multiple set-valued elements in the same entity row. For example, we consider an association toSetVal stemming from an entity row and with the following value in two of its columns: toSetVal Row NumbertoSetVal.F1toSetVal.F2 1AB 2CD The access condition toSetVal.F1 = 'A' and toSetVal.F2 = 'D' intuitively would be considered to be true, because for each constituent, the condition is true. However, at runtime, the association toSetVal will be realized by the database interface as a single join operation (exceptions apply when path filters are used or in CDS DDIC-based views using annotation compareFilter), so there is a coupling between F1 and F2. Due to this coupling, the condition will not be fulfilled. This situation can be resolved by introduction of the explicit EXISTS quantifier, which breaks-up this coupling and lets the condition be evaluated for each EXISTS condition individually: EXISTS toSetVal.F1 = 'A' and EXISTS toSetVal.F2 = 'D'
ABAP Addition
What does it do? The addition BYPASS WHEN bypass_condition can be used to specify that the element is not used for authorization filtering if it meets the specified condition. The following are possible for bypass_condition:
IS NULL
IS INITIAL
IS INITIAL OR NULL This addition is useful when using quantifier ALL to express that some of the association values may have this value and still satisfy the condition. For example, when these are the values of a set-valued association toSetVal Row NumberF 1A 2<(><)> 3A This condition ALL toSetVal.F = 'A' will not return the entity row, but this condition will: ALL toSetVal.F BYPASS WHEN IS NULL = 'A'
ABAP_EXAMPLE_VX5 The following CDS role defines an access condition for the CDS view entity demo_cds_authority_literal_2. A single literal condition is specified for the element carrid in the CDS view. DCLS DEMO_CDS_ROLE_LITERAL_2 The CDS view entity is as follows: DDLS DEMO_CDS_AUTHORITY_LITERAL_2 The class CL_DEMO_CDS_AUTH_LITERAL uses SELECT to access the view. CDS access control selects only that data that matches the literal condition. This means that a maximum of one row is selected regardless of any other conditions in the view. ABAP_EXAMPLE_END
