To make sure that no unauthorized users access data, create access control for your CDS views.
In the example used in this documentation, you create two access controls – one for each view – and use the aspect pfcg_auth clause to access the region field in the authorization object. For the sake of simplicity, we don’t check the activity, that is, every activity is valid to view the records of a region.
Create the following access controls:
@EndUserText.label: 'ORDERS DCL' @MappingRole: true define role ZORDERSVIEW_DCL { grant select on ZORDERSVIEW where (region) = aspect pfcg_auth(ZREGIONMGT, ZREGION); }
@EndUserText.label: 'ORDER ITEMS DCL' @MappingRole: true define role ZORDERITEMSVIEW_DCL { grant select on ZORDERITEMSVIEW where (_order.region) = aspect pfcg_auth(ZREGIONMGT, ZREGION); }
In the second access control, you use the _order association to get access to the order’s region field.