on 07-25-2023 12:21 PM
Hey togehter,
So far, we always use access controls in CDS to hide whole rows for the user if he does not have authorization for certain objects. But is it also possible to query only single columns for permissions or even only a specific content of a field? In our request case, there is only one specific field of a row that needs to be masked. The rest of the line should remain visible for the user.
Thanks
regards,
Tim
Hi Tim,
Sandeep's approach would be a good option to remove an item from the UI, though it does only that: the UI layer. The data field is still part of the query response from the source (db or external system) so is still accessible to the user if they want (e.g. via Chrome Developer Tools).
I'm not aware of an out-of-the-box solution to column-based authorizations, but I would approach this in the service layer of the application (e.g. CAP): in the service handler, validate the user's authorization, and then remove/mask the data for the mentioned columns, something like the below CAP example. It is not ideal, but should work for most cases. You can still do the hiding of the column on the UI as well so that you don't annoy the end user with showing masked entries on the screen.
srv.after('READ', 'Incidents', each => {
// Get user authorizations to correctly set the flag 'hideEmployeeID'
let hideEmployeeID = true;
if (hideEmployeeID) each.EmployeeID = '*masked*';
});
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I was just reading the documentation in the V4 specific section "DataField Records in Facets" at https://sapui5.hana.ondemand.com/#/topic/ca00ee45fe344a73998f482cb2e669bb and the approach of using a UI.Hidden annotation should help. The page is for table in Object Page but to my knowledge, this should also help for List Report tables (not 100% sure on this but worth a try!)
Best Regards,
Sandeep
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
72 | |
11 | |
10 | |
7 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.