cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to restrict access to ABAP CDS

Go to solution
aalexis
Participant

on ‎10-23-2019 4:38 PM

0 Kudos

Hello All,

We have built lot of ABAP CDS views, but we don't want all our team to be able to open and change it. So we want to restrict access to who can view and who can change it. We have implemented data level access and I am not talking about that. How can we restrict certain users can see the view but cannot make changes to it.

if anyone has done this kind of Authorization (most probably using roles created using PFCG) please let me know.

Thanks in advance,

Arthur.

Show replies
Show replies
aalexis
Participant
‎11-05-2019 2:04 PM
0 Kudos

I think I have SAP_ALL Access so it does not show any restriction. But when I assigned it to a new user, the user does not have access to create ABAP CDS View. (Not even able to add ABAP project from ABAP Perspective). What are the roles that are to be assigned to a user to have access and able to create ABAP CDS from HANA Studio.

Thanks,

Arthur.

Answer

Accepted Solutions (1)

Accepted Solutions (1)

Föß
Active Participant
‎10-24-2019 1:27 PM

Hi,

it should be possible with:

Authorization Object: S_DEVELOP

OBJTYPE = DDLS (=CDS View)

OBJNAME= ZABC* (= all ZABC* CDS Views)

ACTVT=01 (01 Create, 02 Change, 03 Display )

lg

Show replies
Show replies
aalexis
Participant
‎10-31-2019 3:13 PM
0 Kudos

Johann,

This seem like what I expected, Thank you for the answer, I will try it out and will close the question.

Arthur.

aalexis
Participant
‎11-01-2019 11:11 PM
0 Kudos

Johann,

I used the auth object as below but it still lets me edit the CDS and Activate it too. All my custom CDS as in Z001 Package, and my CDS name starts with ZB_* and the ABAP Catalog name is ZB*. Is there anything wrong the way I have defined or used the object in my role?

Let me know whether what should I do additionally,

Thanks,

Arthur.

aalexis
Participant
‎11-08-2019 3:32 PM
0 Kudos

All,

S_DEVELOP is part of the role required for this authorization to restrict the Display of CDS views. additionally S_RFC, S_ADT_RES also required to create a complete role that can restrict the CDS access to display only.

I am closing this question and Mark it as complete.

Thank you,

Arthur.

Answers (1)

Answers (1)

shanthi_bhaskar
Active Contributor
‎10-24-2019 5:32 PM
0 Kudos

and to add Johann you would be restricting the SQL view of an CDS not the DDL names

Show replies
Show replies
Ask a Question