Let us consider the following scenario:
When AND/OR condition is used between aspect pfcg_auth statements in a DCL, the requirement is not fulfilled because, when one of the four views pass through the authorization, it applies its result to rest all three views and similarly when any one of the view fails to pass through the authorization, even then it applies its result to rest all three views. So either all records get displayed or none get displayed because of AND/OR logic, which is not expected in the current scenario
So how to deal with such scenarios?
Let us walk through a simple example considering the below objects are defined:
- There are 4 CDS views V1 , V2 , V3 and V4
- There is another CDS view V5 which is a union of views V1,V2,V3,V4 .
When AND/OR condition is used between aspect pfcg_auth statements in a DCL, the requirement is not fulfilled because, when one of the four views pass through the authorization, it applies its result to rest all three views and similarly when any one of the view fails to pass through the authorization, even then it applies its result to rest all three views. So either all records get displayed or none get displayed because of AND/OR logic, which is not expected in the current scenario
So how to deal with such scenarios?
Let us walk through a simple example considering the below objects are defined:
1. There are 4 Tables for each product type:
- ZPRODUCTRG – Refrigerator
- ZPRODUCTMO – Microwave Oven
- ZPRODUCTTV – Television
- ZPRODUCTWM – Washing Machine
2. Basic Interface views (I – views) on these tables:
- ZI_PRODUCTRG
- ZI_PRODUCTMO
- ZI_PRODUCTTV
- ZI_PRODUCTWM
3. A union view on these basic views:
- ZI_PRODUCT
4. There are 4 authorization objects for 4 types of products defined in SU21 tcode as below :
- ZTV
- ZWM
- ZRG
- ZMO
All these authorization objects have the following authorization fields :
5. A PFCG role is created ZPROD_ROLE with these authorization objects
No comments:
Post a Comment