AS ABAP Release 758, ©Copyright 2024 SAP SE. All rights reserved.
ABAP - Keyword Documentation → ABAP - ABAP Release News → News for ABAP Release 7.5x → News for ABAP Release 7.54 →
ABAP CDS Access Control in ABAP Release 7.54
Addition COMBINATION MODE OR|AND of the Statement GRANT SELECT ON
The optional addition COMBINATION
MODE can now be used to define how the access conditions of multiple CDS access rules for the same CDS entity are combined.
Addition REDEFINITION of the Statement GRANT SELECT ON
The addition REDEFINITION
is used to indicate that the specified CDS access rule is the only existing access rule and any other access rules are ignored.
Addition IN SCENARIO of the Statement GRANT SELECT ON
The optional addition IN SCENARIO can be used to apply the switchable authorization check to an authorization object.
Generic Aspect Condition of the Statement DEFINE ROLE
An aspect condition can now be used to specify the
generic aspect defined in an aspect definition in the right side introduced by ASPECT.
New Variant INHERITING CONDITIONS FROM SUPER
There is now another variant of the inheritance
condition in an access rule of the statement DEFINE ROLE, which applies the access conditions from SUPER.
Different REPLACING Operators
The optional addition REPLACING
of INHERITING CONDITIONS can be used to modify the inherited conditions.
REPLACING Operator ELEMENT ... WITH
Any number of ELEMENT
operators can be used to transform conditions that use fields of the inherited entity to a different field of the inheriting entity.
Definition of a Generic Aspect
A generic aspect can now be defined as part of a CDS access policy itself defined using DEFINE ACCESSPOLICY.
DCL Restrictions for ABAP CDS Hierarchies
ABAP CDS hierarchies can now be protected using access controls.
DCL Restrictions for CDS Transactional Queries
Transactional queries apply the access control of the underlying CDS entity with restrictions.
VOID
The new addition VOID
can be specified in an access condition. It defines that the access condition in question is ignored.
CONSTRAINT ID
The new addition CONSTRAINT ID can be specified in a PFCG mapping as part of a CDS access policy. It defines further restrictions for authorization fields of authorization objects in a CDS access policy.