ABAP on Cloud Development – Part 6

In Welcome to Part 6 of the ABAP on Cloud Development series! Building on the foundational concepts and practical implementations covered so far, this article shifts focus to an essential aspect of enterprise-grade applications—Authorization Checks in the context of ABAP RESTful Application Programming Model (RAP).
In cloud environments, securing access to sensitive data and actions is critical. RAP supports authorization at multiple layers, and this article will demonstrate how to implement a basic authorization check using CDS views—the recommended approach in cloud-native ABAP development.
We’ll walk you through an example where a custom authorization object is integrated at the root CDS view level. You can follow along using the same object, or apply the concept to any of your existing CDS views for testing. While the example is simplified for learning purposes, remember that in real-world scenarios, proper authorization objects aligned with your organization’s roles and policies should be used.
From adding the code to assigning it in a transport, we’ll cover every step needed to secure your RAP-based applications effectively.

Let’s get started and learn how to embed authorization logic seamlessly into your ABAP on Cloud applications.

Authorization Check :

This is just an example and you can use any of your CDS views to test this out.

BO Root View :

Consumption View :

Before we proceed with our tutorial, we would like to give you an opportunity to join our ZAPYard’s learning community where we have more than 35 groups and more than 1850 real SAP Consultants interacting with each other daily. Only SAP topics and not BS. Else, they will be banned from the community without warning. 👇👇👇👇

If you want to be part of ZAPYard’s Discussion Community, please feel free to check the below Link. We Ask, Answer, Help and Learn Together. There are more than 35 groups from different topics like Generative AI, SAP Joule, CAPM, BTP, RAP, BPT, Fiori, iRPA, CAI, CPI, PI/PO, ABAP on HANA, SAPUI5, SAP Build, SAP Adobe Forms, ChatBots, SAC etc. Join any group of your interest and interact with our Community.

Join ZAPYard’s WhatsApp Community – Ask, Answer, Propose & Defend SAP Topics

Step 1: Make sure that you root view and consumption view both have authorization check. It is done by using the below mentioned annotation
@AccessControl.authorizationCheck: #CHECK
Step 2: Create DCL for BO root view.
Select the root view in project explorer, right click and select New Access Control.

Give a name and the description, select Next. Choose the transport and select Finish.
Add the following code. Remember this is for example and in real case you would use an Authorization Object.

Only the data, meeting the criteria in the DCL is fetched.
Test the Consumption View.

It still shows all the rows because DCL is not created for Consumption View and while fetching the data, it works as normal select.
Step 3: Add the DCL for the consumption view
As we did for the root view, create a DCL for consumption view. Remember the authorization check should be there on top of the view in form of annotation.

Now test the consumption view.

This is an example to show how the Authorization works.
A sample code with authorization object.

Where Auth object ZOSTAT1234 is used. This Authorization object is added in the root view.

In this article, we explored how to implement authorization checks in RAP-based applications using CDS view-level security. By integrating a custom authorization object into the root CDS view, we demonstrated a practical approach to controlling access at the data layer—ensuring only authorized users can view or manipulate sensitive information.
While our example was simplified for clarity, the same principles apply in real-world scenarios where security and compliance are non-negotiable. RAP’s declarative approach to authorization aligns with cloud best practices, making it both scalable and maintainable.
As we continue our ABAP on Cloud journey, remember: robust applications aren’t just about functionality—they must also be secure by design.
Stay tuned for the next part, where we’ll explore more advanced and real-life scenarios in cloud-based ABAP development!

If you found this article helpful, we’d love to hear from you! Share your thoughts, questions, or experiences in the comments below—your feedback is always welcome and helps us craft even more valuable content for your ABAP on Cloud journey.

Please follow our LinkedIn Page, LinkedIn Group , Facebook Page, Facebook Group, Twitter & Instagram.

Do not forget to SUBSCRIBE to our YouTube Channel for Free Courses and Unconventional Interesting Videos.

Do join ZAPYard’s Learning Community.

• ABAP on Cloud Development – Part 1
• ABAP on Cloud Development – Part 2
• ABAP on Cloud Development – Part 3
• ABAP on Cloud Development – Part 4
• ABAP on Cloud Development – Part 5
• ABAP on Cloud Development – Part 6