Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

SAP Exam C_ABAPD_2309 Topic 1 Question 39 Discussion

Actual exam question for SAP's C_ABAPD_2309 exam
Question #: 39
Topic #: 1
[All C_ABAPD_2309 Questions]

In an Access Control Object, which clauses are used? Note: There are 3 correct answers to this question.

Show Suggested Answer Hide Answer
Suggested Answer: A, D, E

An Access Control Object (ACO) is a CDS annotation that defines the access control rules for a CDS view entity.An ACO consists of one or more clauses that specify the role name, the data source, the access conditions, and the return code of the authority check12. Some of the clauses that are used in an ACO are:

Where (to specify the access conditions): This clause is used to define the logical expression that determines whether a user has access to the data source or not. The expression can use the fields of the data source, the parameters of the CDS view entity, or the predefined variables $user and $session.The expression can also use the functions check_authorization and check_role to perform additional authority checks12.

Define role (to specify the role name): This clause is used to assign a name to the role that is defined by the ACO. The role name must be unique within the namespace of the CDS view entity and must not contain any special characters.The role name can be used to reference the ACO in other annotations, such as @AccessControl.authorizationCheck or @AccessControl.grant12.

Revoke (to remove access to the data source): This clause is used to explicitly deny access to the data source for a user who meets the conditions of the where clause. The revoke clause overrides any grant clause that might grant access to the same user.The revoke clause can be used to implement the principle of least privilege or to enforce data segregation12.

You cannot do any of the following:

Grant (to identify the data source): This is not a valid clause in an ACO. The grant clause is a separate annotation that is used to grant access to a CDS view entity or a data source for a user who has a specific role.The grant clause can reference an ACO by its role name to apply the access conditions defined by the ACO12.

Return code (to assign the return code of the authority check): This is not a valid clause in an ACO. The return code of the authority check is a predefined variable that is set by the system after performing the access control check.The return code can be used in the where clause of the ACO to specify different access conditions based on the outcome of the check12.


by Maryln at Apr 04, 2025, 07:03 PM

Limited Time Offer

25%

Off

Get Premium C_ABAPD_2309 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cherry
2 days ago
I think A, D, and E are used in an Access Control Object.
upvoted 0 times
...
Vi
9 days ago
I think the correct answers are A, C, and E. The Where clause is used to specify the access conditions, the Return code is used to assign the return code of the authority check, and Revoke is used to remove access to the data source.
upvoted 0 times
...

Save Cancel