Prerequisites For This Section
This scenario uses a CDS view entity that selects data from a database table containing airport details. There is no authorization check linked with the view. Consequently, the user can see all data – including information for which they have no authorization.
To put an access control on a CDS view entity, you create an object with type Access Control. The access control in this example checks authorization for the object /DMO/TRVL. The field /DMO/CNTRY is compared with the values in the database, and the activity is set to '03', which means read.
To find the access control that corresponds to a particular CDS View Entity, place the cursor on the name of the view entity in the editor and press Ctrl + Shift + G. This loads the where-used list for the view entity; that is, all of the objects in whose definition the view entity occurs. If the view entity has an access control, it will be in the list. If the list is very long, you can filter it by selecting the funnel icon and setting the Object Type field to DCLS/DL.
When a user selects data using the CDS view, the system uses the access control to see the required values and compares them with the authorization values that are assigned to the user. It then sets a filter to ensure that it only reads the data corresponding to the user's authorization – in our case, airports located in country DE . This is both secure, because the system performs the check automatically with no means of bypassing it, and performance-efficient, because it ensures that no redundant data is read from the database.