Ansicht
Dokumentation
CL_RBAM_QUERY_UTILS - RBAM: Hilfsmethoden für Suchanfragen
BAL Application Log Documentation General Data in Customer MasterDiese Dokumentation steht unter dem Copyright der SAP AG.
Funktionalität
Hilfsklasse zum Umgang mit BO-Suchanfragen im Zusammenhang mit Berechtigungsprüfungen des Role Based Access Management (RBAM). Die Klasse besitzt z.Zt. nur eine einzige öffentliche Methode, GET_QUERY_PRE_DECISION. Siehe dazu deren separate Methodendokumentation.
Beziehungen
Die Funktionen dieser Klasse können sinnvoll im Zusammenhang mit der RBAM Restrictions API (CL_RBAM_RESTRICTIONS_API) verwendet werden.
Beispiel
*&---------------------------------------------------------------------*
*& Report Z_RBAM_QUERY_UTILS_DEMO
*&
*&---------------------------------------------------------------------*
*& Role Based Access Management (RBAM):
*& Sample program to illustrate usage of CL_RBAM_QUERY_UTILS
*&---------------------------------------------------------------------*
REPORT z_rbam_query_utils_demo.
*&---------------------------------------------------------------------*
*& Form main
*&---------------------------------------------------------------------*
* Gets the current user's restrictions for a query of business object
* ESA_SAMPLE_SALES_ORDER, and displays a short message interpreting
* the restrictions' semantic.
*----------------------------------------------------------------------*
FORM main
RAISING cx_static_check cx_dynamic_check.
DATA:
ls_authorization_context TYPE if_esf_types=>ty_authorization_context,
lf_query_pre_decision TYPE string.
* Get RBAM restrictions for query results that the current user (SY-UNAME)
* is allowed to read (IF_RBAM_ESF_CONSTANTS=>CO_OPERATION_PATTERN_RETRIEVE)
* in any access context (if_access_context is initial).
cl_rbam_restrictions_api=>get_restrictions_esf(
EXPORTING
if_bo_name = if_esa_sample_sales_order=>co_bo_name
if_bo_node_name = if_esa_sample_sales_order=>co_bo_node-root
* is_operation = IF_RBAM_ESF_CONSTANTS=>CO_OPERATION_PATTERN_RETRIEVE
* if_user = SY-UNAME
* if_access_context =
IMPORTING
ef_grant_rule_found = ls_authorization_context-grant_rule_found
et_grant_restrictions = ls_authorization_context-grant_restrictions
ef_deny_rule_found = ls_authorization_context-deny_rule_found
et_deny_restrictions = ls_authorization_context-deny_restrictions
).
lf_query_pre_decision = cl_rbam_query_utils=>get_query_pre_decision(
if_grant_rule_found = ls_authorization_context-grant_rule_found
it_grant_restrictions = ls_authorization_context-grant_restrictions
if_deny_rule_found = ls_authorization_context-deny_rule_found
it_deny_restrictions = ls_authorization_context-deny_restrictions
).
CASE lf_query_pre_decision.
WHEN cl_rbam_query_utils=>co_rbam_query_unrestricted.
WRITE: / sy-uname, 'is authorized for all possible query results'.
WHEN cl_rbam_query_utils=>co_rbam_query_restricted.
WRITE: / sy-uname, 'is authorized for some query results'.
WHEN cl_rbam_query_utils=>co_rbam_query_skip.
WRITE: / sy-uname, 'is authorized for no query results at all'.
ENDCASE.
ENDFORM. "main
START-OF-SELECTION.
PERFORM main.
rdisp/max_wprun_time - Maximum work process run time PERFORM Short Reference
Diese Dokumentation steht unter dem Copyright der SAP AG.
Length: 4895 Date: 20240423 Time: 185425 sap01-206 ( 43 ms )