Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

SAP Exam C_ABAPD_2309 Topic 1 Question 39 Discussion

Actual exam question for SAP's C_ABAPD_2309 exam
Question #: 39
Topic #: 1
[All C_ABAPD_2309 Questions]

In an Access Control Object, which clauses are used? Note: There are 3 correct answers to this question.

Show Suggested Answer Hide Answer
Suggested Answer: A, D, E

An Access Control Object (ACO) is a CDS annotation that defines the access control rules for a CDS view entity.An ACO consists of one or more clauses that specify the role name, the data source, the access conditions, and the return code of the authority check12. Some of the clauses that are used in an ACO are:

Where (to specify the access conditions): This clause is used to define the logical expression that determines whether a user has access to the data source or not. The expression can use the fields of the data source, the parameters of the CDS view entity, or the predefined variables $user and $session.The expression can also use the functions check_authorization and check_role to perform additional authority checks12.

Define role (to specify the role name): This clause is used to assign a name to the role that is defined by the ACO. The role name must be unique within the namespace of the CDS view entity and must not contain any special characters.The role name can be used to reference the ACO in other annotations, such as @AccessControl.authorizationCheck or @AccessControl.grant12.

Revoke (to remove access to the data source): This clause is used to explicitly deny access to the data source for a user who meets the conditions of the where clause. The revoke clause overrides any grant clause that might grant access to the same user.The revoke clause can be used to implement the principle of least privilege or to enforce data segregation12.

You cannot do any of the following:

Grant (to identify the data source): This is not a valid clause in an ACO. The grant clause is a separate annotation that is used to grant access to a CDS view entity or a data source for a user who has a specific role.The grant clause can reference an ACO by its role name to apply the access conditions defined by the ACO12.

Return code (to assign the return code of the authority check): This is not a valid clause in an ACO. The return code of the authority check is a predefined variable that is set by the system after performing the access control check.The return code can be used in the where clause of the ACO to specify different access conditions based on the outcome of the check12.


by Maryln at Apr 04, 2025, 07:03 PM

Limited Time Offer

25%

Off

Get Premium C_ABAPD_2309 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Selma
21 days ago
Ah, the age-old battle of Access Control Objects. I'm feeling lucky, so I'll go with A, D, and E. The Where clause, Define role, and Revoke are like the Three Musketeers of this question!
upvoted 0 times
...
Sherell
23 days ago
I feel like I need a magic wand to figure this one out. Let's see, I'll go with A, C, and E. The Where clause, Return code, and Revoke just have that 'Access Control Object' vibe to them, don't they?
upvoted 0 times
...
Rikki
1 months ago
This question is making my head spin! I'm going to guess A, B, and D. The Where clause, Crant, and Define role just sound like they belong in an Access Control Object, you know?
upvoted 0 times
...
Shayne
1 months ago
Hmm, this is a tough one. I'm pretty sure the correct answers are A, C, and E. The Where clause, Return code, and Revoke seem to be the most relevant to an Access Control Object.
upvoted 0 times
Colene
5 days ago
I agree. And the Revoke option is crucial for removing access to the data source.
upvoted 0 times
...
Elliott
12 days ago
Yes, and the Return code is necessary for assigning the return code of the authority check.
upvoted 0 times
...
Karma
22 days ago
I think you're right. The Where clause is definitely important for specifying access conditions.
upvoted 0 times
...
...
Makeda
1 months ago
I'm not sure about D. I think B could also be used to identify the data source in an Access Control Object.
upvoted 0 times
...
Larae
1 months ago
I agree with Cherry. A, D, and E make sense for specifying access conditions, role name, and removing access.
upvoted 0 times
...
Iraida
2 months ago
Wow, this is a tricky one! I'm going to go with A, D, and E. The Where clause, Define role, and Revoke seem like the logical choices here.
upvoted 0 times
Fernanda
11 days ago
User3
upvoted 0 times
...
Gaston
22 days ago
User2
upvoted 0 times
...
Celeste
24 days ago
User1
upvoted 0 times
...
...
Cherry
2 months ago
I think A, D, and E are used in an Access Control Object.
upvoted 0 times
...
Vi
2 months ago
I think the correct answers are A, C, and E. The Where clause is used to specify the access conditions, the Return code is used to assign the return code of the authority check, and Revoke is used to remove access to the data source.
upvoted 0 times
Anissa
4 hours ago
And Revoke is used to remove access to the data source.
upvoted 0 times
...
Sharita
1 days ago
The Return code is used to assign the return code of the authority check.
upvoted 0 times
...
Jacqueline
2 days ago
Yes, you are correct. The Where clause is used to specify the access conditions.
upvoted 0 times
...
Denna
4 days ago
I think the correct answers are A, C, and E.
upvoted 0 times
...
Linn
5 days ago
User4: And Revoke is used to remove access to the data source.
upvoted 0 times
...
Mitzie
6 days ago
User3: The Return code is used to assign the return code of the authority check.
upvoted 0 times
...
Odette
7 days ago
User2: Yes, the Where clause is used to specify the access conditions.
upvoted 0 times
...
Rebecka
1 months ago
User1: I think the correct answers are A, C, and E.
upvoted 0 times
...
...

Save Cancel