Show TOC

Adding Access Control to CDS EntitiesLocate this document in the navigation structure


You have the standard developer authorization profile to create ABAP development objects.


Use DCLs to develop access-control logic for Core Data Services (CDS) entities from SAP NetWeaver AS for ABAP. DCLs enable you to filter access to data in the database based on static values or conditions based on user data (classical authorization objects). If no DCL document for the CDS entity was created and deployed, a user who can access the CDS entity has access to all data returned by the entity.

Example For example, you provide a view of sales orders. You can add a condition that users can only view open sales orders or only sales orders for companies, which are in the countries that are listed in a classical authorization object.

We recommend that you protect applications that use CDS entities with classic start authorizations available from SAP NetWeaver AS for ABAP.


  1. Create the DCL sources.
  2. Edit the DCL source code.

    Edit DCL source code just as you would DDL source code.

    There is no support for the following:

    • Quick fixes
    • Adding and removing comments
    • Comparing DCL source code versions
  3. Check the syntax of DCL sources
    Check the syntax of DCL sources just as you would check the syntax of DDL sources.
  4. Activate DCL sources.

    Activate DCL sources just as you would activate DDL sources.

    Activation logs for DCL sources are not supported.