开发者社区> jerrywangsap> 正文
阿里云
为了无法计算的价值
打开APP
阿里云APP内打开

SAP S/4HANA CDS View的访问控制实现:DCL介绍

简介: 来自我的同事Xu Miles Authorization Objects are business concept, they are distinguished by business scenario.
+关注继续查看
福利推荐:阿里云、腾讯云、华为云等大品牌云产品全线2折优惠活动来袭,4核8G云服务器899元/3年,新老用户共享优惠,点击这里立即抢购>>>

来自我的同事Xu Miles

Authorization Objects are business concept, they are distinguished by business scenario.
Therefore, there might be a lot of Authorization Objects using the same Authorization Field. Such as VKORG.

In Sales Planning, there're two Authorization Objects related to Sales Area, V_VBAK_VKO and V_VBRK_VKO, they represent transaction scenario Sales Document and Billing Document repectively. If we want to extract the Sales Area master data, technically we could use any Authorization Object with Authorization Field VKORG, VTWEG, SPART.
However, considering the authorization of the business user, we need to use Authorization Object V_VBAK_VKO and V_VBRK_VKO separately when end user is planning for income sales or sales volume.
To do this, we could use additional CDS view + DCL to realize.

Example on ERG/001:

CDS: ZMX_SalesArea_DCL
DCL: ZMX_SalesArea_DCL
The logic in DCL:

@EndUserText.label: 'Auto assigned mapping role for ZMX_SalesArea_DCL'
@MappingRole: true
define role ZMX_SalesArea_DCL  {
grant select on ZMX_SalesArea_DCL
where (SalesPlanPurpose = '0' and (SalesOrganization, DistributionChannel, Division) =
aspect pfcg_auth (V_VBAK_VKO,
VKORG,
VTWEG,
SPART,
actvt = '03'))
OR (SalesPlanPurpose = '1' and (SalesOrganization) =
aspect pfcg_auth (V_VBRK_VKO,
VKORG,
actvt = '03'));
}

The logic in the CDS view:

define view ZMX_SalesArea_DCL
as select from
I_SalesArea
{
key SalesOrganization,
key DistributionChannel,
key Division,

'0' as SalesPlanPurpose

}
union all select from I_SalesArea
{
key SalesOrganization,
key DistributionChannel,
key Division,

'1' as SalesPlanPurpose
};

Authorization test on QW9/910
User: MILES01
Authorization:

Test Report:

REPORT mx_test_sa_dcl.

PARAMETERS:
p_purp TYPE C LENGTH 1.

DATA:
lt_tab TYPE STANDARD TABLE OF i_salesarea_dcl.

SELECT * FROM i_salesarea_dcl INTO TABLE @lt_tab
WHERE salesplanpurpose = @p_purp.

LOOP AT lt_tab ASSIGNING FIELD-SYMBOL(<fs_row>).
WRITE:/ <fs_row>-salesorganization, <fs_row>-distributionchannel, <fs_row>-division, <fs_row>-salesplanpurpose.
ENDLOOP.

WRITE:/ 'Finished.'.

The logic flow is that firstly we use SalesPlanUUID to get SalesPlanPurpose, then with SalesPlanPurpose we could get the Sales Area master data via the corresponding Authorization Objects.
SalesPlanPurpose: 0 (Incoming sales)

SalesPlanPurpose: 1(Sales Volume)

本文来自云栖社区合作伙伴“汪子熙”,了解相关信息可以关注微信公众号"汪子熙"。

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

相关文章
Kubernetes中的角色访问控制机制(RBAC)支持
RBAC vs ABAC 目前 Kubernetes 中有一系列的鉴权机制。 https://kubernetes.io/docs/admin/authorization/ 鉴权的作用是,决定一个用户是否有权使用 Kubernetes API 做某些事情。
2402 0
kubernetes RBAC实战 kubernetes 用户角色访问控制,dashboard访问,kubectl配置生成
kubernetes RBAC实战 环境准备 先用kubeadm安装好kubernetes集群,[包地址在此](https://market.aliyun.com/products/56014009/cmxz022571.
1946 0
+关注
文章
问答
来源圈子
更多
+ 订阅
文章排行榜
最热
最新
相关电子书
更多
低代码开发师(初级)实战教程
立即下载
阿里巴巴DevOps 最佳实践手册
立即下载
冬季实战营第三期:MySQL数据库进阶实战
立即下载


http://www.vxiaotou.com