Show TOC

Authority Check in Query Push-downLocate this document in the navigation structure

SADL Query enables fast read access for scenarios on mobile and desktop applications based on SAP HANA by means of a query push-down. As part of the query push-down, all users’ input is collected through consumer APIs and used to configure the request for the database. Specifically, the authorization enforcement in this process is interposed between query specification by application or end user and data retrieval from the database. As a result, only datasets for which the user is authorized are requested from the database, reducing both the load on the database, the traffic between database and application, and the amount of calls to the authorization enforcement engine.

The basic idea is that the application provides the parameters for the authority-check. Before data retrieval is executed, the following steps are performed by the Query Engine:
  1. Evaluation of authorization of the active user
  2. Mapping of authorization object fields to the table / view columns or business entity attributes, or OData service properties, respectively.
  3. Adding authorization restrictions to the condition for the database select (WHERE-clause).